Conversations At The Intersection Of IT Security And Society
Edna Conway, Cisco | John Felker, DHS
Sean Martin | Marco Ciappelli
What Could Ever Go Wrong With An Industrial Control System?
The concept of trust has been one of the core pillars in any information security program; it remains — perhaps becomes even more relevant — when we cross over from IT to OT and from IT to IoT to IIoT.
The proliferation of systems, services, applications and data — oftentimes blurring the lines between our personal space, our home environment, where we work and the neighborhood in which we live — allows us to do things that weren’t possible even just a couple years ago. We are able to augment our lives — and the lives of those around us — by generating, consuming and using data and “things” to help us make faster and better-informed decisions ourselves, to help others make decisions for us, and to ultimately hand over the decision-making power to an ecosystem of physical things we rely on in our homes, workplace, vehicles, offices and cities.
We are placing trust in many more people, businesses and things.
Trust is paramount in this new world we live in. But how do you establish trust and what does trust even look like? What are the systems and devices? Who is in the ecosystem? And what are you sharing with them and allowing them to do with your data?
This challenge is exacerbated when we look at the whole of the ecosystem. Third-party components — in both hardware and software form, including the third-party vendors that the whole ecosystem relies upon — are an issue. According to Edna, it is with these third parties where the accident (aka “breach”) originates most of the time (75-80%).
Additionally, in many cases, the users of the aforementioned products, devices and related services may not know that trust is required or that there is even an ecosystem of things with which they need to establish and maintain trust. It boils down to most of society taking this new world for granted — expecting that it will operate in an ethical fashion. As a society, we’ve lost a bit of the desire to be curious, to understand how things work and why they work a certain way. This is amplified in the younger generations and will certainly be perpetuated for future generations if we don’t explore the need to educate the constituents residing within this new world.
The responsibility surrounding this need to educate doesn’t sit squarely on the shoulders of the citizens, mind you; in fact, there are many players in this game. Government certainly has a role to play, as do our schools, but so do the manufacturers of these products and services. So do the implementers and managers of the devices and applications that get used within the businesses we rely upon to deliver these products and services.
The question is: Are we doing enough to educate, early and often, with the right, simple message? Or are we trying to boil the cyber safety academic ocean at the expense of getting something right as a starting point?
Listen to this podcast episode to find out how this ends.
We’ll just say this: “Only you can prevent forest fires.”
Visit STEALTHbits’ page here on ITSPmagazine
Learn more about sponsoring the Unusual Gatherings Talk Show
We are, and will always be a free publication.
Our mission is to raise awareness for cybersecurity by making it understandable, accessible, and part of everyone’s everyday life.
If you can donate $1/month, you can help us to make a difference.