Cybersecurity Strategy – Active Defense
By Jeff Pack
As today’s industrial control systems (ICS) become more connected and intelligent, the security threats and risk correspondently rise. This shift in ICS design and implementation requires a strategic shift in how ICS are protected and defended. Active defense measures including an increased focus on situational awareness is required to provide our ICS with a fighting chance of survival during an attack. Operational information and analysis to provide views different than traditional network and system security monitoring are required. Data analytics will play an increasing role in active defense, including predicting cybersecurity incidents and providing a head start in defending the ICS.
This shift in strategy will take time and resources, so good planning is critical for success. Use tools from the North American Electric Reliability Corporation (NERC) and the National Institute of Standards and Technology (NIST) to help plan the overall action plan and ensure that all levels of executive management understand the change and support the effort. The result should be a cybersecurity organization that is prepared for the dynamic nature of threats and vulnerabilities, with the structure to detect, respond and recover when bad things happen.
This paper was presented at the 2017 CIGRE Grid of the Future Conference.