Freddie Bennet ICS, Cyber security, Cyber...
Industrial Cybersecurity is a very new topic in the world of security. Go back 10, or even 5 years and there would be few people who would think to hack into pharmaceutical plants or drilling sites to tamper with production or hold facilities at ransom. As time goes on however, it has become apparent that many of these large “Industrial Control Systems” are insecure by design, built decades ago and with no way of knowing that a cyber-attack would one day be possible.
Now, hackers have learned of these widespread vulnerabilities leading to events such as the Triton incident, a vicious attack on a chemical plant in the Middle East in 2017. As similar events have become more frequent and organisations have come to understand the danger, organisations across every sector have been working to protect their systems against such attacks. That being said, the progression from insecure to secure facilities has many obstacles hindering the path.
Within an organisation’s boardroom discussions, ICS/OT can struggle to gain traction as topic for focus. This is mainly because of three things:
- The most senior-ranking members of an organisation are often personally disconnected from ICS/OT security (lack of true awareness).
- When the senior board members are introduced to the topic of ICS/OT security, they are dissuaded by the fact that investing in ICS/OT does not clearly facilitate revenue-generation.
- Lastly, the associated costs are high, with the need to pay for expensive consultations, lengthy implementations, and then the subsequent halts in production to execute the implementation.
Gartner has recently predicted that this is soon to change, with governments drastically increasing regulation and legislation regarding ICS/OT security, coupled with The FBI, The NSA and CISA endeavouring to increase awareness within the topic, enabling CEOs to take action and disabling them from pleading ignorance. They anticipate that the majority of CEOs will be fully accountable for incidents by 2024 - A huge win for not only those dedicating their lives to the cause, but also the welfare of the millions who's lives will be protected by the actions taken as a result of this.
What does this mean for hiring?
The increasing importance of Industrial Cyber Security (ICS) means that candidates in this market are highly sought after. Whilst it has traditionally been difficult to find people with ICS skills, the market is maturing and there are more candidates than before who are able to perform the duties required to protect industrial sites from cyber-attack. However, with niche skillsets there is high competition for these specialised candidates, as organisations compete over the few available candidates in the market.
My tip to candidates would be to continue developing your skills across as many aspects of ICS/OT as possible - familiarise yourself with a broad range of security frameworks, sectors, types of security controls as you can. The industry is lacking a wealth of people with experience, and to be one of those people makes you extremely employable.
Contact Freddie directly on email@example.com