Cyberattacks on critical infrastructure are steadily increasing, driven by geopolitical conflicts as well as the longtime problem of poorly secured devices that remain exposed and unprotected on the public Internet.
Irfan Shakeel, the Dubai-based vice president of training and certification services at cybersecurity vendor OPSWAT spoke with Dark Reading on what he sees as a knowledge gap in protecting critical infrastructure - and how the Middle East and Africa region stands to improve cyber defenses in its ICS/OT networks.
Irfan Shakeel: Previously, all of IT used to come under attack, but now even the OT. The challenges organizations are facing - particularly for the OT environment - is that most of the systems are legacy, and we need to think about OT from the OT perspective; we cannot manage OT from the IT perspective.
So as far as the cybersecurity challenges are concerned: yes, the cyberattacks are growing and attackers are targeting the OT side of the operation ... [attackers] know that OT is the weakness.
Shakeel: In the IT training environment, we have tons of training available online and offline, and universities are also focusing on IT cybersecurity.
As far as the OT security is concerned, not have proper education or training available in the market.
That's why in most of the organizations, people doing OT are not aware of how to secure their OT environment.
They are really good in managing the operation, but they do not know the security challenges and how to properly design, or securely design, the OT environment architecture.
If we train people properly ... if we give them the right skillset and knowledge and up-to-date resources about the evolving threat landscape and the evolving cybersecurity challenges, they will be able to effectively protect their environment.
Without proper education or training, they won't be able to do that.
Shakeel: [With] SCADA systems and other devices such as programmable logic controllers ... even if you search online, you will not find information about how to properly or securely configure Siemens models or PLCs. You can find guides available in the Siemens.
Most people don't really read the documentation, that's why we need a user-friendly way to teach them - to teach them how to configure a specific device, or how to ensure that their PLC is transmitting or sending the data securely over the channel to the other OT devices.
Shakeel: In the Middle East and Africa region, the entire cybersecurity market is growing ... and now organizations are focusing on ... securing their organizations.
OT in the Middle East region is very important, specifically in the energy sector, and the oil and gas field.
After the Saudi Aramco [attack], they have realized that cybersecurity is very key to keep their operation running.
The attack on Saudi Aramco changed the way organizations invested in cybersecurity.
Oil and gas organizations are now investing in cybersecurity solutions, tools, and technologies, - and also investing in human resources.
In the Middle East region: it's already there.
The African region is growing rapidly, and organizations now also are looking to invest in cybersecurity.
Cyberattacks cause disruption and these organizations cannot afford disruption and they cannot afford their processes to be halted.
This Cyber News was published on www.darkreading.com. Publication date: Mon, 19 Feb 2024 11:05:18 +0000