- Posted by fedco
- On April 17, 2015
- ics security assurance awareness level
One of the most challenging obstacle of implementing Industrial Control System (ICS) assurance is the low awareness level across the organization that using this ICS platform. Lack of security policy, company standard, willingness to invest some budget, hire some experts and advisors, etc. are the subsequent consequences of not having proper security awareness regarding ICS security.
Since ICS security has no tangible impact into the production operations of the business performance (if it is running well) the management and decision maker within some corporation just feeling safe and not to worry about the security aspects against this system. Meanwhile if the security incident already happened and causing several losses (it can be safety, financial or operations losses) then they will realize that something wrong with their backbone system operations (ICS environment).
One of the best way to educate and enter the market that having this kind of obstacle is by giving sharing session and specific engagement content (that they prefer to have) to the related audience, try to gain more intimacy with the market through some discussion and free consultation (if necessary), distributing some technical knowledge related to ICS security and some other “easy task” to do as part of the market engagement and knowledge development milestone to the targeted market.
Developing the ICS security awareness in the fundamental level of acknowledgement is not a “rocket science” things to do. Since it is only require the company (or it can be performed through third party entities) to trigger the basic sense of having ICS security things in correlation with daily working activities and risk management scheme. The proper material should be made effective, efficient and also interesting so the audience can easily get understand the philosophy of ICS security in order to build the personal awareness across the related resources.
Surely it is not a one day job and then we can gain the result tomorrow morning, but it is require the process and consistency within the company to have the periodic ICS security awareness in their program, especially for people that consider have the critical position in dealing with ICS environment in daily basis.
It is much easier to change the setting of the machine, but if it is related to human mindset there will be more time and effort that required to shift the paradigm. So don’t wait to much, start the process now by planning the best scheme and execute the items in timely manner.
Secure today sustain tomorrow
ICS security assurance is another niche thing that will be viral in couple of year later…
Be sure to be ready when the incident comes, instead of just arguing “if the incident comes”