As a young Marine during the first Gulf War, I found myself assigned to the Presidential Honor Guard detail in Washington D.C. where I augmented Marine Security Forces in a variety of assignments. Over the years, I worked in force protection, physical security, intelligence analysis and most recently, in the cyber arena. Even though my assignments changed, there was one thing that never seemed to change. Unfortunately, it was always the same response when it came time to beefing up security measures. Too many times, I’d hear responses like, “We simply can’t afford the security upgrades” or “We are going to submit a budget for security upgrades next year.” Well, next year came and went and the cycle continued.

Why do people play Russian Roulette when it comes to securing assets? Too many of us only worry about what is happening today, instead of being concerned about what could happen tomorrow. To these people, if something happens, THEN they’ll take care of it. But the reality is, some things are much easier to prevent and can cause a whole lot less headaches if taken care of properly ahead of time, especially when you’re talking about industrial control systems which have the ability to really cause havoc.

An annual security report based on a survey from security experts, showed that 85% expected their country to suffer a major critical infrastructure hack in the next five years. This is coming from security experts. If that doesn’t concern you, maybe you should read that again.

There’s a great article on The Parallax that describes this issue more in detail. According to Dewan Chowdhury, CEO of MalCrawler, “More than ever devices with IT are being integrated into operational technology,” he says. “But when it comes to security architecture, [when they’ve said] ‘Let’s make this thing connect to the Internet,’ did they consider security design? Ninety-nine percent of the time, the answer is no.”

Something needs to change. With cryptojacking malware and ransomware targeting industrial control systems, it’s only a matter of time. The question is, are you going to continue to put off cyber security or are you going to step up to your responsibility and minimize your risk?

Red Trident Inc offers various cyber security services from threat assessments to implementing comprehensive cyber security programs. Call us at 832.493.1153 or email us at info@redtridentinc.com to learn more.

 

Author: Damon Mathews