WEBVTT 1 00:00:00.080 --> 00:00:04.280 Welcome everyone, ready to dive deep into industrial cybersecurity, Let's 2 00:00:04.280 --> 00:00:09.359 do it. We're cracking open Practical Industrial Cybersecurity ICs Industry 3 00:00:09.400 --> 00:00:13.560 four point zero and IoT, a fantastic book by Brian 4 00:00:13.640 --> 00:00:15.480 Singer and Tyson Brooks. 5 00:00:15.240 --> 00:00:18.879 Two cybersecurity pros. Super passionate about training the next generation. 6 00:00:18.960 --> 00:00:22.359 Absolutely, and this book, well, it doesn't just scratch the surface. 7 00:00:22.399 --> 00:00:26.920 We're talking power grids, manufacturing plants, all those systems we 8 00:00:27.000 --> 00:00:28.280 rely on every day. 9 00:00:28.440 --> 00:00:31.679 That's what industrial control systems or ICs are all about. 10 00:00:31.519 --> 00:00:34.399 Exactly the backbone of our modern world. Really. 11 00:00:34.479 --> 00:00:37.479 But here's the thing. Securing these systems. It's a whole 12 00:00:37.520 --> 00:00:40.079 different ballgame than your typical IT security. 13 00:00:40.200 --> 00:00:42.439 That's right, And the book hits this point hard with 14 00:00:42.479 --> 00:00:46.439 the AIC triad, Availability, integrity, confidentiality. 15 00:00:46.479 --> 00:00:50.759 All three matter, sure, but in traditional IT confidentiality often 16 00:00:50.799 --> 00:00:51.399 takes the lead. 17 00:00:51.520 --> 00:00:54.520 But in industrial settings, if a system crashes or data 18 00:00:54.560 --> 00:00:56.560 gets messed with, the fallout can be. 19 00:00:56.640 --> 00:01:00.640 Huge, catastrophic even think power outages, factory functions. 20 00:01:00.719 --> 00:01:03.079 Exactly, it's not just about data breaches here, It's about 21 00:01:03.200 --> 00:01:04.519 real world consequences. 22 00:01:04.840 --> 00:01:07.120 Right. Let's say a sensor reading it's tweaked in a 23 00:01:07.200 --> 00:01:10.200 chemical plane throws off the whole mix a that's an 24 00:01:10.200 --> 00:01:12.599 integrity issue with serious. 25 00:01:12.239 --> 00:01:16.040 Consequence, absolutely, and availability is just as crucial. Imagine a 26 00:01:16.040 --> 00:01:19.200 hospital's ventilation system going down because of a cyber attack. 27 00:01:19.400 --> 00:01:21.879 The impact is immediate and it can be life threatening. 28 00:01:22.000 --> 00:01:27.519 It really highlights the different priorities in ICs security for sure. Okay, 29 00:01:27.680 --> 00:01:30.359 so let's get into the nuts and bolts of these systems. 30 00:01:30.799 --> 00:01:32.680 What are we looking at when we talk about the 31 00:01:32.680 --> 00:01:34.599 core components of an ICs? 32 00:01:35.000 --> 00:01:38.719 Think of it like a loop. You've got sensors they're 33 00:01:38.760 --> 00:01:42.400 grabbing data from the environment, temperature, pressure, flow. 34 00:01:42.239 --> 00:01:45.239 Rate, got it, the eyes and ears of the system exactly. 35 00:01:45.319 --> 00:01:50.239 Then you have controllers PLCs, RTUs things like that to brains, 36 00:01:50.319 --> 00:01:54.120 right yeah, processing that data, making decisions based on their programming. 37 00:01:54.280 --> 00:01:56.760 And then then you've got actuators and muscles. They carry 38 00:01:56.799 --> 00:01:59.879 out the controllers instructions, opening valves, adjusting motor speeds. 39 00:02:00.079 --> 00:02:03.400 So it's all about this constant feedback loop since decide 40 00:02:03.719 --> 00:02:04.599 act exactly. 41 00:02:04.879 --> 00:02:07.079 The book uses the example of a thermostat. 42 00:02:07.239 --> 00:02:10.039 Oh yeah, that makes sense, a simple ICs we all 43 00:02:10.039 --> 00:02:10.479 have at home. 44 00:02:10.719 --> 00:02:14.520 Exactly. It senses the temperature, compares it to what you've set, 45 00:02:14.759 --> 00:02:16.919 and then kicks the heating or cooling. 46 00:02:16.599 --> 00:02:18.599 On or off, simple but effective, right. 47 00:02:19.039 --> 00:02:22.960 But in industrial settings, these loops control some serious processes, 48 00:02:23.240 --> 00:02:26.479 massive machinery, high voltages, you know, the stuff that makes 49 00:02:26.520 --> 00:02:27.360 the world go around. 50 00:02:27.479 --> 00:02:31.000 And as technology changes, so do the ways these systems communicate, 51 00:02:31.039 --> 00:02:33.840 which opens up a whole new can of worms when 52 00:02:33.840 --> 00:02:35.120 it comes to security. 53 00:02:35.240 --> 00:02:40.439 Absolutely, we've gone from isolated Cereal buses to Ethernet networks. 54 00:02:41.039 --> 00:02:43.960 Now these ICs are hooked into the wider world. 55 00:02:44.199 --> 00:02:48.199 Makes sense, more connectivity, more data sharing, more efficiency. 56 00:02:47.680 --> 00:02:50.759 Right, But it also means more points of entry for attackers. 57 00:02:51.280 --> 00:02:54.000 So instead of being these isolated islands, these systems are 58 00:02:54.000 --> 00:02:58.319 getting more and more interconnected, which creates new vulnerabilities. 59 00:02:57.560 --> 00:03:01.800 Exactly, and that's where understanding network architecture becomes super important. 60 00:03:02.319 --> 00:03:04.680 The book introduces this thing called the Perdue model. 61 00:03:04.840 --> 00:03:08.479 The Perdue model, I'm guessing it's not just some theoretical framework. 62 00:03:08.400 --> 00:03:10.960 Nope, not at all. It's like a blueprint for ICs. 63 00:03:10.960 --> 00:03:14.039 Networks divides them into different levels based on what they 64 00:03:14.080 --> 00:03:15.319 do and how critical they are. 65 00:03:15.520 --> 00:03:18.840 So using this model helps prioritize security efforts. 66 00:03:19.120 --> 00:03:22.240 Absolutely. You see which levels are the most critical, what 67 00:03:22.360 --> 00:03:24.439 kind of data flows between them, and then you can 68 00:03:24.439 --> 00:03:26.319 put the right security measures in place. 69 00:03:26.560 --> 00:03:29.439 Makes sense. It's like reinforcing the walls around the most 70 00:03:29.520 --> 00:03:30.919 valuable parts of your castle. 71 00:03:31.080 --> 00:03:35.280 Exactly. The book also talks about network segmentation and security zoning, 72 00:03:35.560 --> 00:03:37.639 which are crucial for minimizing damage. 73 00:03:37.719 --> 00:03:40.120 Segmentation zoning tell me more. 74 00:03:40.280 --> 00:03:43.800 Think of it like dividing your kingdom into smaller protected territories. 75 00:03:44.400 --> 00:03:49.000 With segmentation, you're creating barriers between different zones, so if 76 00:03:49.039 --> 00:03:49.919 one area gets. 77 00:03:49.840 --> 00:03:51.680 Breached, the damage is contained. 78 00:03:51.840 --> 00:03:53.960 Exactly. It's all about layers of defense. 79 00:03:54.039 --> 00:03:56.719 Okay, that makes sense, and security zoning takes that a 80 00:03:56.719 --> 00:03:57.479 step further. 81 00:03:57.719 --> 00:04:00.479 It does you assign different security levels to each zone 82 00:04:00.719 --> 00:04:03.400 based on how critical and sensitive it is. You wouldn't 83 00:04:03.439 --> 00:04:05.520 give someone access to the mailroom and then hand over 84 00:04:05.520 --> 00:04:06.039 the keys to the. 85 00:04:06.080 --> 00:04:08.759 Vault, right, No, definitely, not exactly. 86 00:04:09.159 --> 00:04:13.080 And then there are DMZs demilitarized zones DMZs. 87 00:04:13.120 --> 00:04:13.919 What are those. 88 00:04:13.879 --> 00:04:16.480 Buffer zones between different levels of trust? Like you might 89 00:04:16.519 --> 00:04:20.839 have a DMZ between your super sensitive ICs network, your 90 00:04:20.959 --> 00:04:23.839 less trusted IT network, and then the wild West to 91 00:04:23.879 --> 00:04:28.000 the Internet. It's like a security checkpoint. Traffic gets inspected 92 00:04:28.040 --> 00:04:30.199 and siltered before it's allowed to cross over. 93 00:04:30.399 --> 00:04:33.240 So it's not just about keeping the bad guys out entirely, 94 00:04:33.399 --> 00:04:36.120 but also controlling what they can access even if they 95 00:04:36.120 --> 00:04:36.959 get a foot in the door. 96 00:04:37.160 --> 00:04:40.279 You got it. And firewalls and proxy servers are key 97 00:04:40.319 --> 00:04:44.120 players in this boundary protection. Firewalls are like the gatekeepers, 98 00:04:44.560 --> 00:04:48.120 enforcing the rules about what traffic can pass through. Proxy 99 00:04:48.160 --> 00:04:52.279 servers act as middlemen, shielding the internal network from direct exposure. 100 00:04:52.439 --> 00:04:55.120 All about layers, right, And speaking of layers, the book 101 00:04:55.120 --> 00:04:58.480 really emphasizes secure remote access. I mean, experts need to 102 00:04:58.519 --> 00:05:01.720 access these systems remotely for troubleshooting, maintenance, right. 103 00:05:01.720 --> 00:05:05.199 And that's where VPNs come in. Virtual private network ah vtns. 104 00:05:05.240 --> 00:05:07.839 They create encrypted tunnels, so even if you're on a 105 00:05:07.839 --> 00:05:11.519 public network, your sensitive information stays protected. It's like sending 106 00:05:11.600 --> 00:05:13.279 your data through a secret passageway. 107 00:05:13.439 --> 00:05:16.439 So it's all about layers, both physical and digital to 108 00:05:16.519 --> 00:05:18.759 protect these vital systems absolutely. 109 00:05:19.000 --> 00:05:21.800 And let's not forget good old fashioned physical security. You 110 00:05:21.800 --> 00:05:24.879 can have the strongest digital defenses in the world, but 111 00:05:24.959 --> 00:05:27.759 if someone can just waltz in and mess with the equipment. 112 00:05:27.439 --> 00:05:29.279 Game over pretty much. Yeah. 113 00:05:29.360 --> 00:05:32.480 The book talks about those three layers of physical protection 114 00:05:33.480 --> 00:05:37.160 outer perimeter, inter perimeter, and individual device. 115 00:05:36.839 --> 00:05:40.040 Access right right, And each layer has its own set 116 00:05:40.040 --> 00:05:41.680 of vulnerabilities exactly. 117 00:05:41.720 --> 00:05:45.519 At the outer perimeter, it's things like weak fencing, poor lighting, 118 00:05:45.959 --> 00:05:49.879 security cameras that aren't positioned well. Easy access for intruders 119 00:05:50.120 --> 00:05:50.639 makes sense. 120 00:05:50.720 --> 00:05:52.199 And then you have the inner perimeter. 121 00:05:52.439 --> 00:05:54.920 Yeah, that's where you might see issues with door locks, 122 00:05:55.079 --> 00:05:59.079 badge readers, alarm systems, things that make it easier for 123 00:05:59.160 --> 00:06:00.720 someone to move around unauthorized. 124 00:06:00.839 --> 00:06:04.399 And then the individual device level, that's about preventing tampering 125 00:06:04.439 --> 00:06:05.439 with the actual. 126 00:06:05.079 --> 00:06:08.920 Equipment you got it, things like unlocked cabinets, exposed wiring, 127 00:06:09.319 --> 00:06:12.959 missing security screws. It might seem small, but attackers can 128 00:06:13.040 --> 00:06:16.240 use those weaknesses to gain access or cause disruptions. 129 00:06:16.480 --> 00:06:20.040 It's a good reminder that cybersecurity isn't just about fancy tech. 130 00:06:20.399 --> 00:06:24.279 It's about addressing vulnerabilities everywhere exactly. 131 00:06:24.879 --> 00:06:27.519 And as we dig deeper into the threats and how 132 00:06:27.560 --> 00:06:30.279 to counter them, well that's a whole other conversation. 133 00:06:30.720 --> 00:06:33.600 Absolutely, let's take a short break and we'll be right 134 00:06:33.639 --> 00:06:36.680 back to dive into the world of hackers, attacks and 135 00:06:36.759 --> 00:06:39.839 all the strategies used to protect these essential systems. 136 00:06:40.560 --> 00:06:43.279 Welcome back, all right, let's jump right in. Now we've 137 00:06:43.360 --> 00:06:45.959 laid the groundwork, talked about the what and the why 138 00:06:46.000 --> 00:06:47.360 of ICs, right. 139 00:06:47.199 --> 00:06:49.759 The systems themselves, the architecture exactly. 140 00:06:49.800 --> 00:06:52.199 Now it's time to get into the nitty gritty the 141 00:06:52.279 --> 00:06:54.240 threats these systems. 142 00:06:53.759 --> 00:06:57.040 Face, the bad guys, the attackers, exactly. 143 00:06:57.120 --> 00:07:00.000 And it's a whole spectrum, you know, different motives, different 144 00:07:00.199 --> 00:07:01.319 levels of sophistication. 145 00:07:01.439 --> 00:07:06.000 The book mentions everything from script kitties to nation state actors. 146 00:07:06.040 --> 00:07:07.360 That's quite arranged, it is. 147 00:07:07.399 --> 00:07:10.439 You've got those just messing around, you know, the script kitties. 148 00:07:10.480 --> 00:07:12.800 Maybe they're using off the shelf tools, trying to see 149 00:07:12.839 --> 00:07:15.279 what they can get into. More for bragging rights than. 150 00:07:15.160 --> 00:07:17.240 Anything, right, more mischief than malice. 151 00:07:17.319 --> 00:07:22.000 Then you have activists, folks driven by a cause, political, social, 152 00:07:22.079 --> 00:07:24.519 whatever they want to disrupt make a statement. 153 00:07:24.879 --> 00:07:26.800 And then at the top of the food chain. 154 00:07:26.800 --> 00:07:31.519 Organized crime. Nation states. They've got resources, specific targets. It's 155 00:07:31.560 --> 00:07:32.720 a whole different ballgame. 156 00:07:32.759 --> 00:07:35.240 And it's not just about external threats, right. The book 157 00:07:35.240 --> 00:07:36.959 also talks about insider threats. 158 00:07:37.000 --> 00:07:42.279 Absolutely, disgruntled employees, contractors with access, even just honest mistakes 159 00:07:42.680 --> 00:07:44.360 can all pose serious risks. 160 00:07:44.480 --> 00:07:48.839 So it's like building a fortress, strong walls, vigilant guards, 161 00:07:49.120 --> 00:07:51.480 but then you've got a trader inside exactly. 162 00:07:51.600 --> 00:07:55.199 Security has to address both external and internal vulnerabilities. 163 00:07:55.639 --> 00:07:58.319 Speaking of attacks, the book talks about this thing called 164 00:07:58.319 --> 00:08:00.800 the attack kill chain. Can that down a bit? 165 00:08:00.920 --> 00:08:04.360 Sure? The attack killed chain. It's basically a model that 166 00:08:04.399 --> 00:08:08.040 outlines the steps of a cyber attack. It starts with reconnaissance, 167 00:08:08.199 --> 00:08:12.759 gathering intel, what systems, what software? What are the weak points? 168 00:08:12.920 --> 00:08:15.240 So they do their homework. It's not just a random. 169 00:08:14.879 --> 00:08:18.240 Attack, Nope, they plan it out. Then there's weaponization. They 170 00:08:18.240 --> 00:08:20.959 pick the tools, develop exploits, whatever they need to get in. 171 00:08:21.199 --> 00:08:22.560 Okay, so they're armed and ready. 172 00:08:22.720 --> 00:08:25.360 What's next delivery? This is where they actually get the 173 00:08:25.399 --> 00:08:28.360 malware in. It could be a fifting email, exploiting a 174 00:08:28.399 --> 00:08:31.800 software flaw, even something physical like a USB drive. 175 00:08:31.759 --> 00:08:34.360 Getting a foot in the door, so to speak exactly. 176 00:08:34.519 --> 00:08:38.519 Then comes exploitation. They leverage that foothold, get deeper access, 177 00:08:38.840 --> 00:08:42.600 install more tools, malware, establish control over the system, and 178 00:08:42.679 --> 00:08:46.519 finally action on objectives whatever they were after. 179 00:08:46.440 --> 00:08:50.879 Which could be anything from stealing data to disrupting operations 180 00:08:50.960 --> 00:08:52.919 to causing physical damage. 181 00:08:53.000 --> 00:08:56.399 Right, and one of the most common tactics social engineering. 182 00:08:56.559 --> 00:08:59.679 Social engineering that sounds more like a con game than hacking. 183 00:09:00.120 --> 00:09:02.960 It is in a way, think about phishing emails. They're 184 00:09:02.960 --> 00:09:05.960 designed to trick people into giving up passwords, or someone 185 00:09:06.200 --> 00:09:09.320 impersonating a technician to get into a restricted area. It's 186 00:09:09.360 --> 00:09:11.919 all about exploiting human psychology. 187 00:09:11.399 --> 00:09:15.799 Playing on trust, helpfulness, or tendency to follow instructions exactly. 188 00:09:15.840 --> 00:09:18.480 So it's not just about having strong tech defenses. It's 189 00:09:18.480 --> 00:09:21.480 about educating people, making them aware of these tactics. 190 00:09:21.600 --> 00:09:23.440 Human awareness as a security measure. 191 00:09:24.000 --> 00:09:27.240 It's one of the most effective defenses against social engineering. 192 00:09:28.159 --> 00:09:32.720 Train employees to spot suspicious emails, be careful about sharing information, 193 00:09:32.960 --> 00:09:35.840 report anything that seems off. It makes a huge difference. 194 00:09:36.120 --> 00:09:39.639 Okay, so awareness is key. The book also delves into 195 00:09:39.679 --> 00:09:42.519 more technical countermeasures like cryptography. 196 00:09:42.799 --> 00:09:48.559 Ah cryptography the art of protecting information. We're talking encryption, hashing, 197 00:09:48.720 --> 00:09:53.279 digital certificates. Encryption scrambles data, makes it unreadable without the 198 00:09:53.360 --> 00:09:54.120 right key. 199 00:09:54.360 --> 00:09:57.240 So even if someone intercepts the data, it's useless. 200 00:09:56.919 --> 00:09:59.919 To them exactly. Hashing, on the other end, is like 201 00:10:00.039 --> 00:10:02.679 creating a unique fingerprint for a piece of data, helps 202 00:10:02.720 --> 00:10:04.120 you make sure it hasn't been tampered with. 203 00:10:04.240 --> 00:10:06.360 Got it and digital certificate they like. 204 00:10:06.279 --> 00:10:09.879 Electronic passports, verifying the identity of websites and online entities, 205 00:10:10.320 --> 00:10:13.159 helps you avoid those fake websites or malicious emails that 206 00:10:13.200 --> 00:10:14.240 try to steal your info. 207 00:10:14.519 --> 00:10:18.360 So cryptography is all about secure communication, data integrity. It's 208 00:10:18.360 --> 00:10:20.840 the foundation of online security, really it is. 209 00:10:21.320 --> 00:10:23.879 And those cryptographic techniques are used all over the place 210 00:10:23.919 --> 00:10:28.519 to protect ICs, securing remote connections, encrypting sensitive data, you 211 00:10:28.639 --> 00:10:29.000 name it. 212 00:10:29.240 --> 00:10:31.240 So let's talk about some of the specific types of 213 00:10:31.240 --> 00:10:37.080 attacks that ICs are vulnerable to. The book mentions DOS, didos, 214 00:10:37.120 --> 00:10:40.440 and man in the middle attacks. What are those all about? 215 00:10:40.840 --> 00:10:44.279 A denial of service or DOS attack, it's all about 216 00:10:44.320 --> 00:10:48.279 overwhelming a server or network with traffic, basically shutting it down, 217 00:10:48.600 --> 00:10:51.080 preventing legitimate users from accessing. 218 00:10:50.720 --> 00:10:52.840 It, like a digital traffic jam exactly. 219 00:10:53.240 --> 00:10:57.399 And then you have DDEMS attacks distributed denial service same idea, 220 00:10:57.879 --> 00:11:01.440 but it uses multiple compromise of devices to launch the attack, 221 00:11:01.879 --> 00:11:03.240 much harder to defend against. 222 00:11:03.320 --> 00:11:05.440 So instead of one car blocking the road, it's a 223 00:11:05.480 --> 00:11:06.600 whole fleet of them. 224 00:11:06.559 --> 00:11:09.320 Perfect analogy. And then there's a man in the middle attack. 225 00:11:09.639 --> 00:11:11.720 This is where an attacker gets in between two parties 226 00:11:11.759 --> 00:11:14.039 who are communicating, intercepts. 227 00:11:13.559 --> 00:11:17.039 The data so they can eavesdrop, steal information, even manipulate 228 00:11:17.080 --> 00:11:18.080 the data exactly. 229 00:11:18.159 --> 00:11:19.000 It's pretty sneaky. 230 00:11:19.159 --> 00:11:21.519 So how do you defend against these attacks? What are 231 00:11:21.559 --> 00:11:22.399 the strategies? 232 00:11:22.480 --> 00:11:25.320 Well, you've got your firewalls. They can help block malicious traffic. 233 00:11:25.799 --> 00:11:29.960 Intrusion detection systems IDS's they monitor network activity, flag any 234 00:11:29.960 --> 00:11:31.360 suspicious behavior. 235 00:11:31.039 --> 00:11:32.360 Kind of like an alarm system. 236 00:11:32.519 --> 00:11:35.919 Right, and strong encryption of course, that helps protect data 237 00:11:35.960 --> 00:11:37.639 from being intercepted. 238 00:11:37.159 --> 00:11:40.039 Or tampered with layers of defense, each one providing a 239 00:11:40.120 --> 00:11:41.720 different type of protection. 240 00:11:41.519 --> 00:11:43.559 You got it. And then there's penetration testing. 241 00:11:43.639 --> 00:11:46.080 Penetration testing that's where you basically try to hack into 242 00:11:46.120 --> 00:11:47.240 your own systems. 243 00:11:46.919 --> 00:11:50.240 Right exactly. Sounds gun are intuitive, but it's super valuable. 244 00:11:50.759 --> 00:11:54.600 Ethical hackers they simulate real world attacks. 245 00:11:54.399 --> 00:11:57.919 To find the weak spots before the bad guys do exactly. 246 00:11:58.279 --> 00:12:02.600 They'll try to exploit software abilities bypass physical security, even 247 00:12:02.639 --> 00:12:06.720 use social engineering tactics, anything to expose those weaknesses. 248 00:12:06.840 --> 00:12:10.519 It's a comprehensive security checkup. See where you're strong, where 249 00:12:10.519 --> 00:12:11.039 you need to. 250 00:12:11.039 --> 00:12:14.679 Improve, absolutely, and the insights you get from that priceless. 251 00:12:15.120 --> 00:12:18.360 You can then strengthen your defenses, make your ICs more resilient. 252 00:12:18.759 --> 00:12:20.759 And that brings us to the last piece of the puzzle. 253 00:12:21.519 --> 00:12:25.039 Okay, so we've talked about the systems themselves, the architecture 254 00:12:25.039 --> 00:12:26.279 of the threats, the defenses. 255 00:12:26.840 --> 00:12:29.440 What's next, Well, next time we're going to dive into 256 00:12:29.480 --> 00:12:33.440 the world of security, governance, risk management, and incident response. 257 00:12:33.960 --> 00:12:37.240 It's all about having a solid plan of framework for 258 00:12:37.320 --> 00:12:40.799 managing security, knowing how to respond when things go wrong. 259 00:12:42.320 --> 00:12:46.600 Even with the best defenses, sometimes things happen, right, It's. 260 00:12:46.440 --> 00:12:49.080 About being prepared, knowing what to do when the alarm 261 00:12:49.120 --> 00:12:51.399 bells go off. And that's what we'll be discussing in 262 00:12:51.440 --> 00:12:53.360 our next deep dive. So stay tuned. 263 00:12:53.720 --> 00:12:56.159 All right, we're back for the final stretch of our 264 00:12:56.399 --> 00:13:00.000 ICs cybersecurity deep dive, the home stretch. We've covered the systems, 265 00:13:00.120 --> 00:13:01.720 the threats, the defenses. 266 00:13:01.360 --> 00:13:03.960 Say, the battlefield, the enemy, the weapons exactly. 267 00:13:04.000 --> 00:13:07.240 Now it's time to talk strategy, security, governance, risk management, 268 00:13:07.360 --> 00:13:10.200 incident response, the command center, if you will. 269 00:13:10.240 --> 00:13:13.279 I like that analogy. It's about having a solid plan 270 00:13:13.960 --> 00:13:16.879 a framework for managing security, knowing what to do when 271 00:13:16.879 --> 00:13:18.320 things go wrong, because even with. 272 00:13:18.360 --> 00:13:20.080 The best defenses, stuff happens. 273 00:13:20.159 --> 00:13:22.799 It does, and the book really stresses the importance of 274 00:13:22.799 --> 00:13:25.440 having those security policies and procedures in place, right. 275 00:13:25.440 --> 00:13:28.480 Those guidelines, those rules of engagement. Why are they so 276 00:13:28.519 --> 00:13:32.159 crucial for ICs? Imagine an army with no rules, no 277 00:13:32.320 --> 00:13:37.279 clear chain of command, it'd be chaos. Security policies they're 278 00:13:37.320 --> 00:13:39.759 the backbone of your cybersecurity strategy. 279 00:13:39.840 --> 00:13:43.320 They provide that structure of that consistency, define roles and 280 00:13:43.360 --> 00:13:44.600 responsibility exactly. 281 00:13:44.600 --> 00:13:48.519 They lay out the processes for everything, access, control, incident response, 282 00:13:48.840 --> 00:13:49.399 you name it. 283 00:13:49.480 --> 00:13:52.080 So it's not just about creating these policies, it's about 284 00:13:52.120 --> 00:13:54.960 making sure they're actually followed, put into practice. 285 00:13:55.000 --> 00:13:58.600 Absolutely, communication, implementation, enforcement, all key. 286 00:13:59.120 --> 00:14:02.840 The book mentions some examples like the NIST Cybersecurity Framework 287 00:14:02.919 --> 00:14:06.080 and IIC six two four four three. What are those 288 00:14:06.159 --> 00:14:06.639 all about? 289 00:14:06.720 --> 00:14:09.399 Those are industry standards guidelines. They give you a structured 290 00:14:09.440 --> 00:14:10.919 approach to ICs security. 291 00:14:11.039 --> 00:14:14.240 Okay, so like best practices, tried and true methods exactly. 292 00:14:14.679 --> 00:14:17.200 The NIST Cybersecurity Framework, for instance, it gives you a 293 00:14:17.240 --> 00:14:21.320 set of best practices for identifying, protecting, detecting, responding to, 294 00:14:21.759 --> 00:14:25.799 and recovering from cybertax. It's adaptable too, works for organizations 295 00:14:25.840 --> 00:14:27.360 of all sizes, all industries. 296 00:14:27.440 --> 00:14:31.480 So it's a roadmap for building a solid cybersecurity program exactly. 297 00:14:31.879 --> 00:14:35.600 An IAA six ' two four four three That one 298 00:14:35.679 --> 00:14:39.679 specifically focused on industrial automation and control systems. Lots of 299 00:14:39.679 --> 00:14:43.480 detailed guidance on risk assessment, system design, security management, the 300 00:14:43.519 --> 00:14:43.919 whole line. 301 00:14:43.960 --> 00:14:47.519 Yards sounds like having these standards in place can really 302 00:14:47.559 --> 00:14:50.039 help streamline things, make sure you're doing things right. 303 00:14:50.240 --> 00:14:54.279 Absolutely, they lay that solid foundation for a comprehensive, effective 304 00:14:54.279 --> 00:14:56.440 cybersecurity program. No guesswork. 305 00:14:56.840 --> 00:14:59.600 Now, let's shift gears a bit talk about risk assessment 306 00:14:59.639 --> 00:15:03.559 and risk management. The book defines risk as a balancing act. 307 00:15:03.960 --> 00:15:06.200 How likely is something bad to happen and what's the 308 00:15:06.360 --> 00:15:07.799 impact if it does right? 309 00:15:07.799 --> 00:15:10.519 It's that balance and risk assessment is all about figuring 310 00:15:10.559 --> 00:15:14.200 that out, identifying your critical assets, what are the potential threats, 311 00:15:14.200 --> 00:15:16.440 what vulnerabilities could be exploited. 312 00:15:16.000 --> 00:15:19.519 So like a thorough security audit exactly, And then risk 313 00:15:19.559 --> 00:15:22.679 management is all about taking action, putting measures in place 314 00:15:22.759 --> 00:15:24.039 to mitigate those risks. 315 00:15:24.120 --> 00:15:25.559 Right. Once you know what you're dealing with, you can 316 00:15:25.559 --> 00:15:28.799 develop those strategies to reduce the likelihood or the impact 317 00:15:29.159 --> 00:15:30.240 of something bad happening. 318 00:15:30.320 --> 00:15:34.879 It could be technical controls, firewalls, intrusion detection systems. 319 00:15:34.679 --> 00:15:38.399 Right or beefing up physical security, training employees on best practices, 320 00:15:38.519 --> 00:15:41.240 being proactive exactly. And it's not a one and done thing. 321 00:15:41.519 --> 00:15:44.240 The threat landscape changes all the time. You've got to 322 00:15:44.279 --> 00:15:48.440 constantly review, update your assessments, your mitigation strategies. 323 00:15:48.519 --> 00:15:52.879 The book mentions this interesting concept annualize loss expectancy ALG. 324 00:15:53.519 --> 00:15:54.440 What's that all about? 325 00:15:54.639 --> 00:15:58.600 AL It's a way to quantify risk, but in financial terms, 326 00:15:59.240 --> 00:16:03.279 you calculate the potential financial hit if a security incident happens, 327 00:16:03.840 --> 00:16:06.240 take into account how likely it is and how much 328 00:16:06.320 --> 00:16:06.960 it would cost. 329 00:16:07.200 --> 00:16:09.720 So putting a dollar value on risks. 330 00:16:09.559 --> 00:16:12.360 Exactly makes it easier to prioritize. Right, if you know 331 00:16:12.360 --> 00:16:15.320 a certain vulnerability could cost you millions, you're going to 332 00:16:15.320 --> 00:16:17.039 be more likely to invest in fixing. 333 00:16:17.080 --> 00:16:20.080 It makes sense. Okay, let's move on to incident response. 334 00:16:20.759 --> 00:16:24.360 What happens when despite all our best efforts, something does happen. 335 00:16:24.600 --> 00:16:27.759 That's where your incident response plan comes in, that detailed 336 00:16:27.759 --> 00:16:29.840 document that lays out the steps to take if there's 337 00:16:29.879 --> 00:16:30.279 a breach. 338 00:16:30.519 --> 00:16:32.080 So your emergency plan. 339 00:16:32.279 --> 00:16:37.159 Exactly, detection, containment, eradication, recovery, post ins and analysis. It's 340 00:16:37.200 --> 00:16:40.840 all in there, and you need this plan before something happens. 341 00:16:41.519 --> 00:16:43.399 You don't want to be figuring things out in the 342 00:16:43.440 --> 00:16:44.759 middle of a crisis. 343 00:16:44.440 --> 00:16:46.200 Right that's not the time for improvisation. 344 00:16:46.399 --> 00:16:51.039 Nope. The book breaks down those different stages of incident response. First, 345 00:16:51.120 --> 00:16:54.440 you got to prepare, develop the plan, train the team, 346 00:16:54.799 --> 00:16:59.240 set up communication channels. Then it's about identification, figure out 347 00:16:59.279 --> 00:17:01.759 if there's really an incident, Gather all the info. 348 00:17:01.519 --> 00:17:04.799 You can confirming that there's an actual fire, not just 349 00:17:04.839 --> 00:17:06.319 a false alarm exactly. 350 00:17:06.599 --> 00:17:09.880 Then you move to containment. Isolate those affected systems, stop 351 00:17:09.920 --> 00:17:13.559 the spread, minimize the damage, eradication that's next, get rid 352 00:17:13.559 --> 00:17:16.279 of the thread, and finally recovery. Get those systems back 353 00:17:16.359 --> 00:17:17.519 up and running securely. 354 00:17:17.640 --> 00:17:19.920 Sounds very methodical, very structured. 355 00:17:20.079 --> 00:17:22.480 It has to be, and documentation is key throughout the 356 00:17:22.480 --> 00:17:26.039 whole process. Keep records of everything, what happened, what actions 357 00:17:26.039 --> 00:17:30.039 were taken, lessons learned. It's invaluable for improving your response in. 358 00:17:30.039 --> 00:17:32.480 The future, learn from your mistakes exactly. 359 00:17:32.720 --> 00:17:36.640 And the book also mentions SIMES, security information and Event 360 00:17:36.720 --> 00:17:40.000 management systems. They're great for incident response tuns. 361 00:17:40.079 --> 00:17:40.599 What are those? 362 00:17:40.920 --> 00:17:44.240 They collect and analyze security data from all over your network. 363 00:17:44.599 --> 00:17:48.160 Gives you that centralized view of your security posture. They 364 00:17:48.160 --> 00:17:52.319 can help you spot suspicions activity, connect the dots, identify patterns, 365 00:17:52.319 --> 00:17:53.880 that might point to an attack, So. 366 00:17:53.839 --> 00:17:56.480 It's like having a central nervous system for your security 367 00:17:56.519 --> 00:17:57.799 operations exactly. 368 00:17:57.960 --> 00:18:00.480 Signs are powerful tools. They can help we figure out 369 00:18:00.480 --> 00:18:03.319 the scope of an attack, quickly track its progress, gather 370 00:18:03.440 --> 00:18:06.200 evidence for forensic analysis. Really useful. 371 00:18:06.359 --> 00:18:08.759 Well, this has been quite a journey, it has. We've 372 00:18:08.799 --> 00:18:11.640 covered a lot of ground, from the basics of ICs 373 00:18:11.680 --> 00:18:15.039 how they work, to the complexities of cybersecurity threats and 374 00:18:15.079 --> 00:18:16.319 how to defend against them. 375 00:18:16.400 --> 00:18:21.480 We've talked architecture, policies, risk management, incident response, the whole shebang. 376 00:18:21.680 --> 00:18:25.759 And the book we've been exploring Practical Industrial Cybersecurity. It's 377 00:18:25.799 --> 00:18:30.079 a gold mine of information. Practical guidance really dives deep 378 00:18:30.200 --> 00:18:33.319 into the unique challenges of securing these systems. 379 00:18:33.519 --> 00:18:36.359 It really does a must read for anyone working in 380 00:18:36.359 --> 00:18:39.400 this field or anyone who just wants to understand this 381 00:18:39.480 --> 00:18:43.799 world better, because as our reliance on these interconnected systems grows, 382 00:18:44.200 --> 00:18:45.960 so does the importance of protecting them. 383 00:18:46.160 --> 00:18:48.960 Absolutely, and it's not just on the security professionals. We 384 00:18:49.000 --> 00:18:51.599 all have a role to play in keeping our critical 385 00:18:51.599 --> 00:18:53.799 infrastructure safe and reliable. 386 00:18:53.960 --> 00:18:57.720 Couldn't agree more. Cybersecurity is everyone's responsibility. 387 00:18:57.000 --> 00:18:59.200 These days, so as we wrap up this deep dive, 388 00:18:59.279 --> 00:19:01.680 let's leave our list. Stener's something to think about. In 389 00:19:01.720 --> 00:19:04.480 a world where the lines between the physical and digital 390 00:19:04.519 --> 00:19:08.920 are blurring. How do we prepare for these ever evolving 391 00:19:09.039 --> 00:19:11.279 threats to our critical infrastructure? 392 00:19:11.359 --> 00:19:13.680 How do we build a more secure and resilient future. 393 00:19:13.720 --> 00:19:15.440 That's the million dollar question. 394 00:19:15.359 --> 00:19:18.119 It is and one that deserves careful consideration from all 395 00:19:18.160 --> 00:19:21.920 of us. By staying informed, being proactive, and fostering that 396 00:19:22.000 --> 00:19:25.240 culture of cybersecurity awareness, we can work together to make 397 00:19:25.240 --> 00:19:26.480 that future a reality. 398 00:19:26.640 --> 00:19:31.200 Absolutely. Knowledge is power. Awareness is key. Let's keep learning, 399 00:19:31.400 --> 00:19:33.559 keep adapting, and keep those systems safe. 400 00:19:33.880 --> 00:19:36.960 Couldn't have set it better myself. Thanks for joining us 401 00:19:36.960 --> 00:19:40.559 on this deep dive into the fascinating world of industrial cybersecurity. 402 00:19:40.680 --> 00:19:41.400 Until next time.