It is certainly not impossible to maintain an air gapped control system network, but all too often risk assessments and penetration tests reveal they are a dying breed. Likewise, numerous case studies and research into ICS-focused adversaries reveal many threat groups leveraging IT exploits to traverse into the OT network. Both scenarios confirm the fact that OT and IT cybersecurity need each other for a holistic security posture. A recent case study by Mandiant’s OT Red Team – to access the endpoint meter control infrastructure for a state-wide smart grid environment from the Internet and turn it off – illustrates how the concept of an ‘air gap’ separating OT assets from external networks is a rare exception and not the rule. Read more at FireEye.
Thank you to everyone who helped make H2OSecCon Spring 2024 happen! As noted during the event, WaterISAC intends to conduct another H2OSecCon this year, so stay tuned for updates!