The latest ICS Security conference, S4x18 reminded me of the phrase, “the more things change, the more they stay the same.”

While the same, popular cybersecurity topics are circulated, the challenges and constraints on end users (i.e. budgets, staff, support, understanding, OEMs, politics, etc.) never really change. What does change is the evolution of cybersecurity tools to address the same challenges.

The cybersecurity market tends to spin into a frenzy about the latest way to solve an impossible task with a “silver bullet” solution. But in the end, we realize there is no silver bullet. Security is a program: A never ending, constantly evolving, user supported, technology-enabled program.

S4x18 ICS detection challenge

In a nod to the aforementioned market frenzy, a lot of anomaly detection tools are leading market discussions about the pros and cons of relative offerings in this space. Make no mistake, there is good technology under the hood. And alarm/event monitoring with either signature or behavior-based models is a progression of technology.

What is missing is the context in which these tools add value (that context here is an anomaly detection tool is one component of a larger overall strategy). Technology is never perfect. The results of the S4x18 detection challenge are widely publicized by participants each stating their victory within their view of the exercise.

All of these tools are a single discipline within an overall security program. They are not a standalone silver bullet or final destination for 100% of your security budget.

ICS topic trends

Another big takeaway came in the form of conclusions of polling participants about their biggest cybersecurity challenges.

Top three ICS challenges:

  1. Reduce cost and complexity of compliance, whether regulatory, corporate or best practice
  2. Capture cybersecurity investment
  3. Tie services and software together with skilled cyber experts

The persistent cybersecurity struggle is in the consistent execution of a program in the face of increased cyberthreats and technology, decreased budgets and a lack of skilled staff.

It doesn’t come down to which cybersecurity tool you use, but how you leverage the tools you have to create a cohesive and comprehensive solution.

Related Resources


Raiders of the Lost RTUs, Meters & Valves

A presentation by Ron Brash during the SANS Oil & Gas Summit, 2020

Read the Story

Compensating Controls in ICS Security

How and when to apply OT/ICS compensating controls when software patching is not an option in industrial cyber security.

Read the Story

SolarWinds: Implications of Compromised Supply Chain Security

Following the SolarWinds software incident, what lessons can asset owners learn from published causation and guidance - and how can product owners for more to help secure their customers?

Read the Story

Subscribe to stay in the loop

Subscribe now to receive the latest OT cyber security expertise, trends and best practices to protect your industrial systems.