Expo 2020 — Operational Technology (OT) — the hardware and software that monitors or controls equipment, assets and processes within industrial environments, has become a top target for rapidly growing cyber attacks.
According to the Global IoT/ICS Risk Report, 71% of networks have outdated operating systems that are no longer receiving security updates, 64% are using insecure passwords, and 66% are not updated with the latest antivirus updates.
In wake of the same, The Gulf Cooperation Council Interconnection Authority (GCCIA) hosted a two-day forum on cyber security strategies. The event brought together some of the best minds in the industry and stressed the importance of network monitoring and robust physical security to effectively secure OT systems, as well as shed light on the latest strategies, tools, and frameworks to secure industrial control systems (ICS) against cyber attacks.
Eng. Ahmed Al Ebrahim, GCCIA CEO, said “It was great connecting with experts from the industry during the course of this forum. Cyber-security is a pertinent issue, and comprehensive framework and guidelines are essential to minimize system security risk. This forum was an effort to bring to stage latest strategies and tools to secure ICS against cyber attacks, as well as identify a baseline set of controls to improve the cyber-security of a critical infrastructure. I would like to take this opportunity and extend gratitude to all the participants and the speakers for coming together and making this forum a grand success.”
Dr Nasser Al Shahrani presented the panelists and key speakers at the forum appreciation trophies for their invaluable insights and discussions.
Dr Ahmed Amin from Cyber-force, one of the key speakers at the event stressed the importance of backups and stated, “In their response to cyber-attacks, organizations may immediately launch a backup to recover data, then they may be hit again and not have a mitigation plan. Constant backups are essential to disaster recovery.”
Bas Kruimer, Business Director, Digital System Operations, DNV, also supported the importance of backups and how essential it is for recovery of data. Similarly, Van Dragnev, Cyber Security Principal Technical Lead Europe, EPRI, shared examples of opportunities for automation in threat mitigation against various forms of cyber attacks, while Dr Ahmed Amin, PhD Researcher, Cyber-force, focused on the importance of threat contextualization and threat prioritization as critical factors to an effective cyber-security response. Alternatively, Naveed Hamid, Dragos presented a comprehensive guide to building a threat-informed defense to protect critical infrastructure.
In summary, the forum emphasized on cyber-security for the Utilities – OT and IT industries. The experts presented the IED Management Model and highlighted the importance of applying cyber security controls to legacy systems. They also highlighted the importance building a threat-informed defense to protect critical infrastructure, emphasized on incident responses in OT and focused on how to combat threats using the Security Orchestration Automated Response Methodology.