Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Blue Coat's CISO on securing our critical infrastructures

FY Teng | June 16, 2014
Brian Contos shares his readings on the state of industrial control systems in use around the world today and insights on what should be done to secure those administering our critical infrastructures.

Talk about the ICT threats faced by those maintaining the systems seeing to the operation and protection of, say, a country's critical water infrastructure.
Risks around water systems are generally associated with sabotage. Sabotaging a water system can impact industry, health, emergency services, and if extended without backup supplies, even result in looting, rioting, et cetera.

In what respects are they prepared and in which ways are they unprepared to deal with these threats and minimise these risks?
Organisations operating critical infrastructure have many safeguards in place to prevent accidental or intentional damage. Availability is the main concern-keeping the lights on, keeping the water running and keeping planes in the sky. However, many of these controls were put in place before these systems became highly digitised and massively connected. As such, there is a lot of catchup being done within critical infrastructure to ensure that safeguards protecting against cyber attacks are as robust as those protecting against physical attacks.

Is there a blueprint that national governments can follow to bring the ICS and technologies they're using to manage their critical infrastructures into the 21st Century, and better enable them to meet the security challenges head on? Also, how costly would it be to follow such a blueprint?
The National Institute of Standards and Technology (NIST) offers a guide to securing industrial control systems.

The costs of implementing security within critical infrastructure are in line with that in other business verticals such as finance, retail and health care. The focus is on availability as the primary, and confidentiality and integrity as secondaries. It should be noted that organisations with ICS often have vast amounts of sensitive and valuable proprietary data-especially stored in SCADA solutions. But the main area of focus is to prevent sabotage as the economic impact of an attack that takes down a nation's critical infrastructure such as the electric grid, for even a few days to weeks can devastate businesses and the country as a whole-even throwing the economy into a depression. When contemplating the potential consequences, the cost of securing these facilities is relatively small.

What is Blue Coat's proposition in this area, and what is it doing to help its customers?
Blue Coat knows that critical infrastructure is fundamental to our way of life. It allows us to drive to work, eat at our favourite restaurant, call our mother, get medical attention when our son or daughter falls off their bike, check our email and be safe from threats both foreign and domestic. In short-critical infrastructure is the essential foundation on which modern society relies. Blue Coat believes that helping to secure critical infrastructure is not just our business-but our duty. That's why Blue Coat offers a wide range of purpose built controls to protect from cyber attacks, detect malicious activity, and quickly respond to threats. We do this because it has to be done. And we do this because nobody else in the world can do it as well.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.