Navigating the ICS Security Space - An Observation Piece

One of the things I have written about in the past is ‘The problem with the cyber security market today’ in which I decry the current over abundance of marketing materials and messages aimed at solving a specific cyber security problem. Now remember I have never had a problem with technology as some of them are amazing and powerful. But so too are a good set of powertools. The problem is if you really just need a hammer you probably don’t need to buy a hammer drill. My point is simply that cyber security is a program. A technology enabled, process driven, people enabled program.

What do we need then? Yes tools. But what so many organizations forget is that a program is probably the most important thing you could build! Many organizations start with an assessment of sorts and this is good but please ensure your measurement is commensurate with your current maturity. In other words, if you have nothing, a red team/blue team penetration test is probably overkill. What people do need is a practical application of current state versus future vision. That is when you start to get a proper picture around how to take short term steps and design decisions to map towards a manageable future state. And don’t forget: the future state plan is not just an opportunity to make smart decisions now, it is your opportunity to build a manageable, scalable, effective program. If you can’t get value out of your investment or it is overly complex and consumes countless hours of staff time then we have missed the mark.

And the fact the market needs more planning, makes me particularly pleased to know that the organization I work for recognizes this. With the recent appointment of Boyd Nation to Director of Compliance Services we have made an investment in stepping into a leadership role in this space. Boyd’s appointment means we want to bring our 25 plus years of DCS experience to the practical application of a cyber and compliance program to our Industrial clients. I am excited to see what we can do together as a community in building sustainable security programs. Especially ones that make effective use of the money already spent! Welcome aboard Boyd!