ICS Security is Difficult not Impossible

SANS ICS515 Challenge CoinCybersecurity for ICS, SCADA, and IoT is a hard problem that simply requires some critical thinking and creativity. I have spent a considerable amount of time on ICS/SCADA security in the past couple of years, and have learned that while difficult, it is not impossible. We have to remember that there is no “one size fits all solution for ICS, SCADA or IoT in terms of security guidance.

I equate this ICS security challenges somewhat to parenting challenges. While I would like a step by step how-to guide, the circumstances that I face with my kids, each with their own little unique embedded processors (minds), almost always need to be dealt with individually based on the circumstance, their temperament, their processing capability (maturity in various categories), and more. Protecting (securing) their embedded processors and keeping them focused on what is most import (with minimal disruption) cannot be captured in a how-to even if written unique for each kid to cover all possible circumstances with that kid. The how-to would need to be revised before it was complete.

New Things to Come

This site will soon be a resource for Internet of Things (IoT), Industrial Control Systems (ICS), and Supervisory Control and Data Acquisition (SCADA) systems. This site will be used to present some comparisons and contrasts between IoT and ICS/SCADA especially in the area of Cyber Security. The intention at this point is to rebrand the site as the Home Of Everything Internet (HOEI).

STEM classes beyond the codeWhile I have been away from HOEI.com for a while, I have been focusing my energy on STEM education and training for teens in recent years DBA Home School STEM.  Check out my Introduction to Computers and Security class for homeschoolers at class.homeschoolstem.com . The class has been very well received as well as the follow on course covering among other things, Digital Forensics. I do teach some scripting and coding. However, I see a gap in the training industry that I believe can be filled if we look beyond the code. We need experienced system administrators, integrators, and cybersecurity engineers. While these professions can benefit from coding knowledge, the ability to code is not “required”. My interest in this area was sparked by a desire to build a team of teens to compete in local, regional, and national cyber security competitions. The teams I have coached and mentored over the past two years in the local Charleston, SC area have been very competitive in US CyberPatriot: The National Youth Cyber Education Program as well as the Palmetto Cyber Defense Competition (PCDC).

 

Home Of Everything Internet, IoT, IoE, ICS, and SCADA