Lesley Carhart Nov 27, 2022

If I answered some questions about Industrial Control System cybersecurity and cyberattacks during my downtime today, what would you like to know?

Some background - my expertise is in incident response and digital forensic investigation of hacking of infrastructure systems - like power, water, manufacturing, oil and gas, transportation, agriculture, etc. There aren’t a lot of people who specialize in this. My company provides consulting and products to do cybersecurity for weird stuff that powers critical infrastructure like PLCs and SCADA. These networks are quite different than enterprise IT, and doing security in them can be challenging.

My own background is pretty left field as expected, with degrees in Networks, Electronics, and Avionics. I’ve been doing this for a while now. What would you like to know?

#cybersecurity #DFIR #ics #CriticalInfrastructure #ICSCybersecurity #IndustrialControl

Show threadAdam Hall   🇳🇿 🇺🇸Nov 27, 2022

@hacks4pancakes why are these systems externally connected? With the critical nature of the systems, why not keep them isolated and manage offline?

I’m guessing that’s just not possible but I don’t know why :)

Show threadLesley Carhart Nov 27, 2022

@Adman @Wil had some really good answers here. Networking systems has enabled vastly more efficient processes across facilities and enterprises, and incredible cost-savings. Staff can be centralized in a single facility, or work from home. It's no longer necessarily required to dispatch repair techs to remote sites. Process data can be shared across multiple facilities to ensure synchronization. Telemetry can be used to identify failures and inefficiencies proactively.

And, it's all a lot cheaper to do this using existing technologies like TCP/IP and vendors like Microsoft, Juniper, and Cisco.

Show threadAdam Hall   🇳🇿 🇺🇸Nov 27, 2022
@hacks4pancakes @Wil all makes sense, was just thinking about the cybersecurity challenges for critical infra and wondering how the risks stacked against the benefits :)
Show threadLesley Carhart Nov 27, 2022
@Adman @Wil it’s pennies to dollars in most cases, surprisingly.
Show threadAdam Hall   🇳🇿 🇺🇸
@hacks4pancakes @Wil thank you for the info and answering :)
Nov 28, 2022 at 1:03amWeb