Sectrio

Cybersecurity Standards Compliance Impacting the Industry

Audio Transcript

we are seeing malware like Atkins ransomware and other malicious you know targeted attacks that are happening across this political infrastructure and that’s one of the reasons why I feel and generally like why the industry is moving more towards compliance and standards heavy regulations and mandates that majority of the critical infrastructure companies organizations bodies need to adhere to if you see here you know the NIST v 1.1 that was recently released or revised and now heavily being adopted across industries and many of our customers who we work with you know in in the region are trying to build the survey resiliency model and primarily what we see here is most of the legacy infrastructures system their SCADA.

what they currently have are either a very specific to a vendor or they have proprietary protocols that some of these devices and endpoints run which in most cases are very difficult to patch if there are even any vulnerabilities identified how do we read the traffic how do we validate what commands are being run on some of these you know large equipment’s are some of the key questions or concerns that you know we’re seeing come a lot from our customers and that’s where the cyber resiliency model is driving that mandate culture across industry leaders where they’re now you know they’re now focusing on how do we identity how do we identify what is there in the network how well do we know what’s out there what does our visibility look like how do we protect it do we have enough mechanisms to protect specific security controls that are you know that are very relevant to my industrial or my critical infrastructure but having these two is great but what we’ve seen is that it never is sufficient especially in security so having an icon glass view in order to detect respond and what does my recovery mechanisms look like so these five-step process and it’s a it’s a great document that i would suggest everybody to go through.

The controls that are necessary which is specific to your organization in addressing some of these you know large targeted attacks that we’re seeing within this critical infrastructure adding to that we are also seeing we are also you know very familiar with IEC 62443 nurse have compliance where both these standards are you know practiced across layers different layers within the Purdue model so we talk about layer toward below and then there is the upstream which connects back to the enterprise infrastructure so when there are systems that has been operating for decades without any changes some of the questions even when deploying security specifically for the industry we’re seeing that how is this going to impact our network and we have had these systems for ages now we have not been under risks so far and we’ve not been targeted why is this now that is coming and why do we need to adapt it now so that there that is some of the questions what we see and you know there is a clear indication that even the attack vectors and overall threat landscape is changing it’s evolving so we’re not seeing any of those script kitties.

what we were seeing earlier or maybe one large targeted attack in a few years that were happening back you know when we rewind ourselves back about five six or seven years ago those are not some of the things that be seeing now it’s changing it’s happening more frequently we’ve seen 2020 and 2021 has been some of the largest you know largest cyberthreats that has happened across the globe which are targeted towards these critical infrastructure so as we see it will be an interesting space to see how well the companies will adopt to some of these models adopt these models and get familiarized in having necessary security controls do we have specific team teams in be it in the soccer in in their dedicated OT cybersecurity vendor focusing on some of these compliance mean you know the standards that are coming in and how do they you know how do they rethink of what the security strategy looks like will will be an interesting um process that i think i think all of us will go through this

Scroll to Top