Q&A: The Cybersecurity Training Gap in Industrial Networks

Cyberattacks on critical infrastructure are steadily increasing, driven by geopolitical conflicts as well as the longtime problem of poorly secured devices that remain exposed and unprotected on the public Internet.

But with cyberattacks on water treatment plants rising and the US federal government issuing a high-profile warning about China's plans to disrupt US critical infrastructure, the stakes could not be higher for protecting today's ICS/OT systems.

Irfan Shakeel, the Dubai-based vice president of training and certification services at cybersecurity vendor OPSWAT spoke with Dark Reading on what he sees as a knowledge gap in protecting critical infrastructure — and how the Middle East and Africa region stands to improve cyber defenses in its ICS/OT networks. (OPSWAT offers a certification in critical infrastructure protection).

Irfan Shakeel, vice president of training and certification services at OPSWAT

Dark Reading: Why are we seeing more urgency this past year in protecting industrial networks?

Irfan Shakeel: Previously, all of IT [networks in these organizations] used to come under attack, but now even the OT [is under attack]. The challenges organizations are facing — particularly for the OT environment — is that most of the systems are legacy, and we need to think about OT from the OT perspective; we cannot manage OT from the IT perspective.

So as far as the cybersecurity challenges are concerned: yes, the cyberattacks are growing and attackers are targeting the OT side of the operation ... [attackers] know that OT is the weakness.

DR: What type of security training and certification is available for OT defenders?

Shakeel: In the IT training environment, we have tons of training available online and offline, and universities are also focusing on IT cybersecurity. However, as far as the OT security is concerned, [the industry does] not have proper education or training available in the market. That's why in most of the organizations, people doing OT are not aware of how to secure their OT environment.

They are really good in managing the operation, but they do not know the security challenges and how to properly design, or securely design, the OT environment architecture.

If we train people properly ... if we give them the right skillset and knowledge and up-to-date resources about the evolving threat landscape and the evolving cybersecurity challenges, they will be able to effectively protect their environment.

Without proper education or training, they won't be able to do that.

DR: What resources are available to security teams in this sector?

Shakeel: [With] SCADA systems and other devices such as programmable logic controllers (PLCs) ... even if you search online, you will not find information about how to properly or securely configure Siemens models or PLCs.

You can find guides available in the Siemens [documentation]. but most people don't really read the documentation, that's why we need a user-friendly way to teach them — to teach them how to configure a specific device, or how to ensure that their PLC is transmitting or sending the data securely over the channel to the other OT devices.

People also need to understand how to encrypt their data, because most of the communications are still happening in plain text [in these environments].

Typically [OT] should be the isolated network, and should not be available online ... [when it is], it's basically your organization welcoming attackers: "Hey, come and see what kind of devices we are using, and see that our devices are not properly patched."

DR: From a Middle East and Africa perspective, what is the state of OT security?

Shakeel: In the Middle East and Africa region, the entire cybersecurity market is growing ... and now organizations are focusing on ... securing their organizations.

OT in the Middle East region is very important, specifically in the energy sector, and the oil and gas field. After the Saudi Aramco [attack], they have realized that cybersecurity is very key to keep their operation running.

The attack on Saudi Aramco changed the way organizations invested in cybersecurity. Oil and gas organizations are now investing in cybersecurity solutions, tools, and technologies, — and also investing in human resources.

So, in the Middle East region: it's already there. The African region is growing rapidly, and organizations now also are looking to invest in cybersecurity.

Cyberattacks [on OT networks] cause disruption and these organizations cannot afford disruption and they cannot afford their processes to be halted.