Opening his Keynote speech at the third edition of 4SICS in Stockholm, Robert M. Lee, CEO of ICS security company Dragos Security, said that “ICS threats are currently mostly unknown.”
Highlighting the distinct lack of information in the industry, Lee said that according to reports from ICS CERT, most threats to ICS environments are largely unknown. The big threats that we do know of are spear-phishing which shows generally when an attack happens it is targeted and network scanning, presumably looking for ports which have been left open.
Lee encouraged information sharing within the industry. Discussing a small amount of actual real-world incidents, such as the Black Energy incident in Ukraine, and even those which are misreported such as the attack on the power regulation board in Israel, he said, “we simply don't have a lot to go by.”
Lee then discussed where the big vendors are currently failing us - they fail at detecting most threats - Lee gave the example of the Irongate malware which went undiscovered for two years before being discovered by FireEye.
Concluding, Lee said that, “we need to be taking a threat hunting approach to hunt down the threats.” He said, “when we do this we will be secure.”