The threat of terrorism is top of mind for many, and of increasing concern to those tasked with protecting industrial control systems (ICS). ISIS has issued threats against the North American electric grid, for example. While the cyber capability of ISIS is thus far unsophisticated, advanced attack capabilities are readily purchased.
Other security challenges will be the topic of heated debate. FERC has requested comments regarding supply chain integrity and remote access rules. The Industrial Internet of Things (IIoT) is gaining steam as well, especially control system vendor “remote monitoring and diagnostics” services that concentrate many control system VPN connections deep in the hands of a small number of vendors.
Part of the reason that we continue to see large amounts of malware coming out of organized crime is that those groups have developed systems to reliably monetize stolen financial credentials. Volatile oil, gas and refined goods prices are producing opportunities to reliably monetize cyber sabotage.
My top security predictions/topics for 2016:
- ISIS will buy sophisticated attack capabilities and launch a credible attack on the North American power grid.
- FERC will order NERC to produce additional security controls to address the threat of cyber-supply-chain and ”cloud vendor” systems able to sabotage hundreds of critical infrastructure sites in one blow.
- There will be reports of a criminal group launching cybersabotage attacks against refineries or pipelines in order to “game” commodities markets.
- The security focus for the Industrial Internet of Things will shift away from privacy and encryption and over to protecting the safety and reliability of large, complex, and highly-connected industrial sites.
One way or another 2016 will be a challenge for all of us.
If you’re attending Digital Bond’s S4x16 conference in Miami, January 12-14, contact us to set up a meeting.