The need for a solid cybersecurity strategy has been discussed and debated for almost a half a century now, and yet the basic worm-type attacks first documented back in 1972 are still with us today. Why? Because even the most basic measures to protect control systems from these types of attacks are still not systematically employed.
It’s hard to believe that there are still thousands of systems in operations today without any basic security controls in place. If you own a car, or a house, or a boat — just about any “big ticket” item that would be expensive to replace — you protect that asset with insurance. And even though you can’t see it or feel it, you know, instinctively, that it’s worth the money. You sleep better at night knowing you have it, and it would be a high-priority item to reacquire if you lost it, especially if it contributed to your livelihood. But when it comes to control system cybersecurity, this thinking, for some reason, often is not applied. Cyber experts are still struggling to convince senior management they need to spend money to protect their control system assets.