WEBINAR | A Deep-Dive into 2023 Cyber Threats
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
April 18, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
Congrats, it is now almost November and we have nearly made it through Cyber Security Awareness month (and what a month it has been). The theme for this final week is: “Protecting Critical Infrastructure from Cyber Threats.”
For the purposes of this blog, I want to discuss two strawmen views of Industrial Control Systems (ICS) Security which, unfortunately, are both prevalent in many discussions around the topic of critical infrastructure protection:
My opinion is that both views are partially accurate and that the reality of ICS security is nuanced and appreciation of that nuance is essential for making security decisions about those systems.
A recent study claims that “One third of OT [Operational Technology] networks are exposed to cyber attacks” mainly due to the ICS systems having some form of internet connectivity, usage of unpatched or unpatchable systems and lack of encryption for passwords. These are all valid concerns. Which strawman argument is right, Doom’n’Gloomers or Airgappers? There are arguments on both sides:
1. Almost all systems require some degree of internet connectivity in the modern era. While airgaps sound desirable due to their strong security properties, there are serious challenges to their usage: they cannot be updated, the data they collect cannot be exported and they cannot be remotely debugged in case of an issue. In a statement before the Subcommittee on National Security, Homeland Defense, and Foreign Operations in 2011 Sean McGurk, the Director of the Control Systems Security Program, stated that: “In our experience in conducting hundreds of vulnerability assessments in the private sector, in no case have we ever found the operations network, the SCADA system or energy management system separated from the enterprise network.” Despite the absence of complete airgaps, ICS networks are often firewalled or segmented off from the main enterprise network. Frameworks like NIST 800-82r2 and centers like CPNI (Critical Protection of National Infrastructure) have guidance around the deployment of firewalls for ICS systems, for example. We hope this guidance is followed.
2. The continuing use of Windows XP past it’s End of Life is a concern due to any new security vulnerabilities which are discovered are not being patched. Even though Microsoft issued an emergency patch for the ETERNALBLUE exploit (MS17-010), its deployment in ICS systems is likely not widespread due to the difficulties involved with patching systems where Availability is the key concern. These systems do have vulnerabilities. But the ease of exploitation of these vulnerabilities is not as often discussed. ICS systems often have physical security controls, for example, only accessible from rooms which have physical access control and closed-circuit television (CCTV.) Unfortunately, many support contracts do not allow companies to upgrade or modify software without vendor approval, thereby extending the time required to patch.
3. Legacy equipment which is incapable of encrypting passwords or the misconfiguration of equipment which is capable is certainly an issue. However, as mentioned previously, access to control networks is not as straightforward as access to enterprise network for an attacker. While there are some ICS systems which are connected to the Internet, it is rare to find the Human-Machine Interface (HMI) for a power station easily accessible. Often, they are connected to other systems via leased lines or a VPN. Additionally, the knowledge and skills to compromise an ICS system itself, rather than its surrounding IT infrastructure, are rare. Robert M. Lee and others helpfully distinguish intrusions into ICS system into two steps: Step One: Network Access and Step Two: Operation Access. Compromise of the enterprise network would be Step One. The access to the operational networks, Step Two, and then being able to use that access has been publicly documented in only two cases: Stuxnet and BlackEnergy/CRASHOVERRIDE. While such attacks are a concern, they are far from an everyday occurrence.
One final point which is worth bearing in mind is the level of monitoring of ICS systems that is typically in place. Power stations and other systems which are safety critical and are monitored closely by operators. Response procedures are also present. Even in the case of the attack against the Ukrainian power network in December 2015, the power was out for a maximum of 6 hours before the Prykarpattyaoblenergo Company successfully restored power.
As with many issues in cyber security, we see an evolutionary arms-race playing out between attackers and defenders with each side attempting to gain the upper hand. As for our strawmen, both have their good points, they should remind us of what the strengths and weaknesses of ICS systems are together with a cautionary note to not be complacent.