Cybersecurity skills for industrial control systems
The Gulf region is home to some of the world’ s largest and most vital oil, gas, and energy infrastructure. Securing industrial control systems and operational technology environments has never been more critical. With cities like Dubai leading in technological and infrastructural advancements, protecting these systems is key to maintaining economic stability and public safety.
The Gulf’ s industrial control systems environments face distinct cybersecurity challenges that require specialised tools, tailored strategies, and training paths.
Copying traditional IT security controls into industrial control systems environments is not only ineffective but also potentially harmful. IT security workflows, tools, and processes designed for business systems can disrupt industrial operations, compromise safety, and even cause outages by interfering with critical engineering processes.
Protecting industrial control systems requires dedicated solutions prioritising safety and operational continuity.
Applying IT security controls in industrial control systems environments can inadvertently cause operational disruptions, slowdowns, or unsafe conditions. Unlike IT systems, which prioritise data confidentiality, industrial control systems manage real-time physical processes where availability, reliability, and safety are paramount.
Tools like traditional endpoint protection agents or automated patching, common in IT environments, can introduce latency, unpredictability, and unintended downtime. In some cases, these controls can pose a greater risk than the malware they aim to defend against.
This is why industrial control systems-specific security solutions are crucial. These solutions are designed to safeguard systems while ensuring safety and uptime. They prioritise operational needs, ensuring that security measures don’ t impede performance.
The primary goal is to enhance safety, protecting both people and critical processes, without sacrificing the reliability of essential infrastructure.
Dean Parsons, Principal Instructor, SANS Institute
An industrial control systems cybersecurity strategy should ensure the following relevant and effective critical controls: 1. Industrial control systems specific incident response plan 2. Defensible architecture 3. OT network monitoring 4. Secure remote access 5. Risk-based vulnerability management
These industrial control systems-specific controls can be woven into an organisation’ s risk model and implemented strategically. The control numbers indicate where to begin, though they can be applied in parallel.
To implement these controls effectively, well-trained teams, with an understanding of both IT and industrial control systems risks, must ensure that security supports the core mission: the safe and reliable operation of critical infrastructure.
Industrial control systems environments are particularly vulnerable, as attackers exploit trusted connections, vulnerable industrial control systems protocols, and unmonitored hosts or networks. Detecting Living Off the Land attacks in industrial
control systems environment requires purpose-built tools and detection use cases, all managed, maintained, and monitored by trained staff.
These teams need training to understand the unique vulnerabilities and operational dynamics of industrial control systems, ensuring they can detect and mitigate attacks without compromising safety or performance.
Michael Hoffman, Certified Instructor, SANS Institute
endpoints like IoT devices. It is important to confirm with clients whether they have addressed these vulnerabilities and provide recommendations on how to mitigate them.
Network detection and response, NDR offers an effective solution by monitoring traffic from IoT devices and flagging unusual patterns. NDR facilitates communication between an organisation’ s firewall and endpoints. This helps prevent the lateral spread of insider threats by isolating compromised endpoints. In addition, most NDR solutions can also integrate with MDR to monitor network traffic in areas without direct sensors.
The rapid proliferation of IoT devices, the widespread use of Generative AI tools, and the ever-expanding attack surface demand a heightened focus on preventing insider threats. Clients need to be educated on the risk of these threats and empower them with the right tools and strategies to defend themselves. •
42 www. intelligenttechchannels. com