Industrial information security awareness

Having dusted-off an old security awareness module on SCADA/ICS, we reviewed it to see what needed updating for May. It soon became clear that things have changed significantly in this area in the past seven years, hence we ended up re-scoping and re-writing the entire module. This time around we’ve broadened our perspective to cover all sorts of industrial IT systems and networks (including but going well beyond SCADA/ICS) and picked up on the issues relating to protecting critical national and corporate infrastructures.

There are important lessons to be learned from industrial incidents such as Fukushima, including the cascading failures that turned a Japanese disaster in 2011 into a global incident lasting much longer.

[I’m currently enjoying “The Power of Resilience: How the Best Companies Manage the Unexpected”, a fascinating book by Yossi Sheffi that uses the Sendai tsunami and other examples to illustrate business supply chain resilience.  Recommended reading.]

We also touch on the health and safety implications of industrial IT, acknowledging that shop-floor workers are valuable yet vulnerable information assets too and deserve every bit as much protection as do the robots, machine tools and pump controllers around them.