The ISA Global Cybersecurity Alliance Reflects on the COVID-19 Crisis
In times of uncertainty, it’s human nature to retreat and protect yourself and your family; literally, to “shelter in place.” Our industries don’t have that luxury. Much like healthcare workers, manufacturers and utilities companies are essential personnel—and if we stop working, the lights go off, production halts, and consumers have a much larger problem than an empty toilet paper shelf.
Instead of retreating, our industries must come together and focus on what works. Utilize time-tested, proven approaches to challenges we’ve faced before. Leverage new technologies while keeping the fundamentals of safety and security as a top priority.
Standards are a powerful weapon in the face of uncertainty, especially now. Supply chain challenges, demand for real-time production shifts, an ever-expanding definition of hazardous environments, and new labor constraints are forcing many companies to accelerate digital transformation projects. Without standards and best practices to guide these transformations, we would be opening our industries to tremendous—and unprecedented—risk.
In the world of automation cybersecurity, our adversaries are not slowing down. In fact, criminal groups are ramping up their efforts to take advantage of the fear and doubt that surrounds this global pandemic. Phishing attacks to place malware are notably on the rise. When our industries are consumed by the challenges of navigating this unique landscape, the threats continue to increase and require even more time and energy to combat.
In the IT world, for many good reasons, one of the primary approaches to security breaches is to isolate the threat. Shut down the area, disconnect, and retreat. This makes perfect sense in the IT world, but not in OT. It’s one of the primary ways that the OT world is unique. If we isolate, we lose productivity and our customers lose their power, water, pharmaceuticals, fuel… if we isolate, the stakes are much higher. Everything stops—and sometimes, even slowing things down too much can cause problems in managing complex and volatile reactions.
So, what do we do when we face a threat, but we can’t isolate or retreat? “We rely on a standards-based, practical approach. We ‘block and tackle.’ We do the little things right, and we test (and retest) the big things before we deploy them in our environments. We keep safety and security at the forefront of every conversation and every project plan,” says Matthew Bohne, VP and chief product security officer at Honeywell Building Technologies.
Within the ISA Global Cybersecurity Alliance (ISAGCA), our member companies are turning to each other, breaking down barriers, and working side-by-side despite being competitors in the marketplace. The members of ISAGCA are laser-focused on the protection of people and assets, helping their customers and facilities manage through this time of uncertainty. They’re sharing threat intelligence with their partners and customers, keeping everyone informed so they can make educated decisions about risk and resource allocation. They’re ready to help companies pick up the pieces when this is all over, rebuilding and retooling to meet the next set of demands.
“Industrial control systems and personnel are resilient and designed to deal with unexpected situations. COVID-19 has stressed many, but we are impressed at how well the community rallies around each other during these times of uncertainty,” says Josh Carlson, senior business development manager at Dragos. “We continue to see a demand in requests for remote support and appreciate that organizations can rely on their trusted partners to adjust to these circumstances and new requirements. However, we strongly encourage organizations to not rush into implementing remote access countermeasures without fully understanding and evaluating the appropriate security controls and associated risks.”
“Remote services are critical at this time, and we’ve re-doubled our efforts to remotely support projects like OT cybersecurity workshops and functional designs and alarm philosophy, documentation, and rationalization because industry needs these projects to proceed even with COVID-19 happening,” says Matt Selheimer, chief marketing officer at PAS Global. “The transition to remote operations is accelerating and our clients are using operational data to feed their daily stand up meetings and remotely monitor alarms, safety system bypasses, and much more—so they can continue to maintain critical oversight of their OT environments. The collaboration among the ISAGCA members is also enabling the sharing of market observations and best practices, which is helping each of us to better serve our customers.”
“The antidote to isolation is community, and the ISAGCA community is stronger than I could’ve imagined,” says Megan Samford, global director of product safety & security at Rockwell Automation and the private sector champion for ICS4ICS (Incident Command System 4 Industrial Control Systems). “We are in this together, with our customers, figuring out how we can leverage emergency response models to help manage cybersecurity threats.” ICS4ICS is now being included in the Incident Management subgroup of the ICS Security Interagency working group within the U.S. Department of Homeland Security, and the group is also actively participating in ISAGCA to explore how the private sector and government agencies can work more effectively together.
“Now is the time to stand together,” says Nozomi Networks co-founder Andrea Carcano. “Through shared threat intelligence, free tools, practical experience, and other shared resources, members of the ISACGA and the community at large have quickly joined forces to tackle the threat before us. Together, we’ll help ensure industrial organizations around the world make it through this crisis."
ISAGCA members have a cohesive message for asset owners around the world. “Stay safe. Protect your people, protect your assets—lean on proven standards and best practices. Lean on your partners and your friends. If we focus on what we can control, and we do it well, we will emerge a stronger industrial cybersecurity community,” says Marty Edwards, VP of operational technology security at Tenable, Inc.