Insecure by design: What you need to know about defending critical infrastructure

Patching security vulnerabilities in industrial control systems (ICS) is useless in most cases and actively harmful in others, ICS security expert and former NSA analyst Robert M. Lee of Dragos told the US Senate in written testimony last Thursday. The “patch, patch, patch” mantra has become a blind tenet of faith in the IT security realm, but has little application to industrial control systems, where legacy equipment is often insecure by design.

The Senate committee hearing highlighted the gulf between information technology (IT) and operational technology (OT) security, and how few of the lessons learned in the IT security space carry over to industrial security. “Operational technology” is a newish term that has emerged to distinguish industrial networks and systems from traditional business-focused information technology.

To read this article in full, please click here

Read more: Insecure by design: What you need to know about defending critical infrastructure

Story added 7. March 2018, content source with full text you can find at link above.