Why Control System Cyber-Security Sucks...

by Dr. Stefan Lders Sept. 23, 2017 via Black Hat submitted by belen_caty

Vendors and manufacturers have pushed "Industrial Security" appliances onto the market, or claim that their products are now with "enhanced security". A cacophony of standards have emerged, and certification schemes are offered. But does this help? Given the increasing interconnectivity of ICS (SmartMeters, later the Internet-of-Things), shouldn't the direction be more towards standard IT than sticking to a dedicated ICS IT? Why is it that I can patch a computer centre over night, but not a control system within a year? This presentation will not give the answers but outline why control system cyber-security sucks and which hurdles we encountered to handle ICS cyber-security like that of our computer centres' A change of paradigm is needed, and this change must start with people and not with technology.

https://www.blackhat.com/us-14/archives.html#why-control-system-cyber-security-sucks--