The comprehensive guide, authored by Dean Parsons, highlights the growing need for specialized ICS security measures in the face of growing cyber threats.
With a staggering 50% increase in ransomware attacks targeting industrial control systems (ICS) in 2023, the SANS Institute is taking decisive action by announcing the release of its important new strategic guidance, “ICS is a business: why securing ICS/OT environments is business critical in 2024.” Authored by Dean Parsons, ICS Defense Force CEO and SANS Certified Instructor, this guide offers a comprehensive analysis of the rapidly evolving threat landscape and provides critical steps organizations must take to protect their operations and ensure public safety .As cyber threats grow in both frequency and complexity, this guide is an indispensable resource for securing the vital systems that underpin our world.
Key insights from the Strategy Guide:
- A growing threat landscape: The guidance details the alarming rise in cyberattacks on ICS/OT environments, some of which target critical infrastructure sectors. “The reality is that these attacks are no longer a matter of if, but when,” says Parsons. “Organizations in the ICS space need to recognize that their ICS there is business”.
- Strong attacks with low frequency: The guidance highlights the dangers of high-impact low-frequency (HILF) attacks, which can potentially cause catastrophic effects, such as massive blackouts and environmental disasters. “These attacks keep CSOs security, VPs of Engineering and others responsible for ICS cyber defense, security and risk management awake,” Parsons notes. “A coordinated, targeted attack on a control system can have a cascading effect across industries, regions or countries.”
- The Five Critical Elements of ICS Cyber Security Management: Parsons describes SANS as the five critical control elements required to protect ICS/OT environments, including specific ICS incident response and control system network architecture. These controls are not only technical guidelines, but also business imperatives that support business continuity and security.
- AI as an augmentation tool: The guidance also discusses the role of artificial intelligence (AI) in enhancing ICS security, while cautioning against over-reliance on AI at the expense of human expertise. “AI can be a powerful tool, but it cannot replace the specialized knowledge and decision-making capabilities of trained ICS/OT
“We can’t afford to be complacent,” Parsons warns. “This guide is a must-read for anyone responsible for protecting critical infrastructure—CSOs, VPs of Engineering, engineering security, and risk managers. The steps outlined here are critical to ensuring our industrial systems continue to operate safely and reliably.”
The SANS Institute recommends that all organizations with an ICS/OT environment download the strategy guide and begin implementing the recommended security measures. Protecting our critical infrastructure is not just a technical challenge, but a critical business imperative that requires immediate action.
To download the complete strategy guide, visit https://www.sans.org/mlp/ics-business-guide-2024/.
Want to delve into the world of Industrial Control Systems (ICS) security? Check out the courses offered at SANS 2024 Cyber Defense Initiative.
