Why Control System Cyber-Security Sucks

Explore the challenges and shortcomings of industrial control system (ICS) cyber-security in this 58-minute Black Hat conference talk by Dr. Stefan Lüders. Examine the evolution of ICS security since the 2010 Stuxnet incident, including the emergence of "Industrial Security" appliances and enhanced security claims from vendors. Analyze the effectiveness of current security measures, standards, and certification schemes in protecting critical infrastructure. Consider whether ICS should adopt more standard IT practices given increasing interconnectivity. Investigate the reasons behind the slow patching process for control systems compared to computer centers. Gain insights into the hurdles faced in aligning ICS cyber-security with that of traditional IT environments. Understand why a paradigm shift focusing on people rather than technology is necessary to improve control system cyber-security.

Why Control System Cyber-Security Sucks…