Analysis
Attacks and Vulnerabilities
Control device security
Critical infrastructure
Features
ICS Security Framework
Industrial Cyber Attacks
IT/OT Collaboration
Malware, Phishing & Ransomware
Regulation, Standards and Compliance
SBOM
Secure Remote Access
Secure-by-Design
Supply Chain Security
System Design & Architecture
Threat Landscape
Vulnerabilities

Elevating industrial cybersecurity: Insights from the 2024 RSA conference

May 15, 2024
Elevating industrial cybersecurity: Insights from the 2024 RSA conference

The recently concluded 2024 RSA Conference highlighted industrial cybersecurity as a central theme, underscoring its integration into mainstream concerns. With the increasing reliance on interconnected industrial systems, the sector faces rising threats ranging from ransomware to supply chain vulnerabilities. Discussions at the conference focused on topics, such as safeguarding critical infrastructure, bridging IT and OT (operational technology) security, and fostering collaboration between industry and government, particularly in the realm of OT. 

The increased focus on industrial cybersecurity at the RSA conference is a response to the growing interconnectivity of industrial systems. This trend is evident in the 2024 RSA Conference agenda, featuring dedicated industrial cybersecurity sessions, seminars, and innovation showcases, highlighting the mainstream acceptance of industrial cybersecurity within the tech community.

As more processes become digitized and connected to the internet, the potential attack surface for cyber threats grows, necessitating specialized cybersecurity measures to safeguard these critical systems. The repercussions of a cyber attack on industrial systems can be extensive and severe, impacting essential services, finances, and public safety. 

Recognizing this, industrial cybersecurity has transitioned from a niche concern to a vital component of overall cybersecurity strategy. Companies showcased advanced threat detection technologies, secure remote access solutions, and robust incident response frameworks tailored for industrial environments. Stakeholders are increasingly prioritizing proactive defense strategies, regulatory compliance, and investments in resilient infrastructure in response to the prominence of industrial cyber attacks.

Evolution of industrial cybersecurity at the RSA conference

Industrial Cyber reached out to experts to evaluate the evolution of industrial cybersecurity as a focal point at the RSA conference in recent years. They also examined the factors contributing to the increased mainstream acceptance of industrial cybersecurity within the tech community.

Thomas Pace, CEO and co-founder at NetRise
Thomas Pace, CEO and co-founder at NetRise

The evolution of industrial cybersecurity into a key focus area at the RSA Conference reflects the critical need to secure OT and ICS environments, Thomas Pace, CEO and co-founder at NetRise, told Industrial Cyber. “Traditionally, cybersecurity efforts have been directed at IT systems. But now, the focus is more balanced between IT and OT. Key drivers behind this shift include a growing awareness of the potentially devastating effects of attacks on industrial systems and the regulatory mandates demanding stronger security measures. Furthermore, high-profile incidents continue to highlight the vulnerabilities within legacy critical infrastructure.”

At NetRise, Pace highlighted having seen firsthand how vulnerabilities in firmware and SBOMs (Software Bill of Materials) can pose significant threats to industrial operations, especially in sectors like manufacturing, energy, and transportation. 

“Overall, the RSA Conference has become a crucial platform for driving mainstream acceptance of industrial cybersecurity within the tech community,” Pace evaluated. “The conference is now emphasizing the need for proactive, collaborative approaches to securing critical infrastructure, and highlighting innovative organizations providing dedicated industrial cybersecurity solutions.”

Bill Moore, CEO and founder at Xona Systems
Bill Moore, CEO and founder at Xona Systems

Bill Moore, CEO and founder at Xona Systems assesses that industrial cybersecurity has steadily gained prominence and that’s reflected in both the formal sessions and topics of conversation at the 2024 RSA Conference. “Generally, the key factor in the growing recognition of industrial cybersecurity is of course its role in safeguarding national critical infrastructure.” 

He pointed out that the continued frequent news coverage of sophisticated threats, from both nation-state actors and cybercriminals, targeting industrial control systems with attacks, such as ransomware and supply chain exploits, is prompting much of the industry to prioritize industrial security.

“Regulatory and national initiatives are also driving industrial cybersecurity into mainstream cyber conversations. Government mandates and standards, such as NIST SP 1800-10 and the CISA initiatives, have driven organizations to focus more on their industrial cybersecurity measures,” Moore told Industrial Cyber. “And finally, the general rise of industrial cybersecurity vendor solutions is helping to elevate the topic in cybersecurity circles.”

Bryson Bort, founder of SCYTHE
Bryson Bort, founder and CEO at SCYTHE

“We’ve been supporting the RSA Conference with the ICS Village 501c3 since 2016, giving us a front-row seat to the growth in industrial control system security attention in an event that encapsulates a mainstream sense of awareness and understanding,” Bryson Bort, founder and CEO of SCYTHE told Industrial Cyber. “The primary driver of interest is the convergence of IT and OT, which is driven by operational efficiencies that can be achieved in production. This results in the increased requirement for security which correlates to the opportunities we’ve seen threats taking advantage of in critical infrastructure.”

Patrick Miller, president and CEO at Ampyx Cyber
Patrick Miller, president and CEO at Ampyx Cyber

Patrick Miller, president and CEO at Ampyx Cyber told Industrial Cyber that he is seeing things that are relevant to ICS at RSA more than in years past. “So that’s a good sign that we’re seeing an increase, or at least I’m seeing an increase in OT ICS security content here at RSA, not just in the presentation content, but also on the floor. And the villages in the sandbox area are, they’d been a fantastic addition. And of course, they’re knocking it out of the park for the OT /CS space. But in general, I would say the trend is moving in the right direction to get awareness and visibility for OT/ICS cybersecurity,” he added.

Proving details on the kind of things he is seeing at RSA, Miller said that on the vendor floor, everything is AI. “Which is understandable because it is so revolutionary in so many ways. So, we are seeing a lot of the introduction of AI in various ways for example into security tools or additional assistance for you security practitioners. I’m waiting to see what this looks like as it matures over time and becomes less of a buzzword and becomes more woven into the fabric of what we do and in our toolsets. But it’s just good to see that it is being considered. But it has stolen the RSAC show without question.” 

Other than that, Miller added that all the detection platforms are here. “And of course, they’re definitely adding AI, they’re getting more mature. In general, that’s the bulk of what I’m seeing. There are some interesting new hardware technologies that are out there as well.”

Trends in industrial cybersecurity from 2024 RSA conference

The executives offer insights into significant trends or innovations highlighted at the 2024 RSA conference that are set to revolutionize the field of industrial cybersecurity.

Pace noted that the 2024 RSA Conference showcased several trends and innovations to reshape the industrial cybersecurity landscape. Two key trends that stood out are the focus on securing the software supply chain and the integration of AI into cybersecurity practices.

“Industrial operations are now completely reliant on software. Securing this software supply chain for industrial organizations including the importance of SBOMs is a significant topic, underlining the need for greater transparency and visibility into the software components used across industrial environments,” according to Pace. “As industrial systems increasingly rely on third-party software, identifying vulnerabilities and managing misconfiguration risks in the software supply chain is crucial. Several sessions, like ‘SBOM: The Good, The Bad, and The Ugly,’ highlighted the challenges and opportunities of SBOM implementation, and helped demonstrate the crucial nature of NetRise’s commitment to comprehensive firmware analysis.”

Pace identified that another key innovation at the RSA conference deals with AI and automation. “Innovations in AI and machine learning are transforming cybersecurity practices, particularly in automating threat detection and response. Sessions covering the hype and research on how cybercriminals are really using Gen AI looked at how threat actors exploit generative AI tools like ChatGPT highlighting the risks from adopting these solutions without the necessary oversight.”

Overall, Pace added that these trends and innovations showcase a promising future for industrial cybersecurity, with organizations leading the way in providing cutting-edge tools to tackle the challenges.

“There have been several notable trends and innovations shown at the 2024 RSA Conference related to industrial cybersecurity,” Moore said. “One such trend is the adoption of zero trust architectures and solutions. With the complexity of industrial networks, a zero-trust approach has become crucial.”

Moore added that another innovative area in industrial cybersecurity is generative AI and machine learning for threat detection and other use cases. “These models are now integral in identifying and mitigating threats in real-time and vendors showcased how these technologies can enhance the detection of anomalies specifically in industrial networks.”

Lastly, Moore pointed to the need for increases in collaboration and information sharing is a trending topic at the 2024 RSA Conference. “There is a strong emphasis on collaboration between industry, government, and technology providers that has been evident. And you see it in initiatives like the RSAC 365 Innovation Showcase and OT-CERT that encourage sharing threat intelligence and best practices,” he added.

Bort said that he has been teaching ICS security concepts for years through IANS. “I look at refreshing the materials annually based on what’s changed and from student feedback. And, each year, I continue to reinforce the basics that JJ Minella and I discussed in our RSAC talk beginning with asset discovery. OT has a pretty good idea of their systems, but they are not centrally tracked, and IT is looking to pull this information.” 

He added that there is a lot of innovation in maturing automated discovery, which needs to be precise to be safe, from a passive to a much more active approach for capability and convenience; and the zero trust movement in IT shows up in OT as the design of a defensible architecture with well-defined segmentation to limit impact between production zones and establish monitoring and oversight of north-south traffic and further authentication as traditionally seen in IT.

Miller said AI was the big trend this year. “It was everywhere in everything. As I walked the expo floor I could hear ‘just let the AI do the work’ or ‘that’s where the AI magic happens’ at virtually every booth.”

He added that he gets the sense that AI is moving into the ICS space fairly quickly. “And I think what is not commonly known is that we’ve been using AI for a very long time already. We have always used analytics and algorithms heavily, and all of our control systems already do predictive elements and responsive behaviors based on logic, which is essentially what AI is. We’ve been doing this for a long time. So, we’re just adding more and more of it now to do I guess, larger sets of evaluation, and in some cases more refined; so wider and deeper,” he added.

Future opportunities, challenges in industrial cybersecurity post-2024 RSA conference

Moving forward, the executives assess the anticipated opportunities and challenges that industrial cybersecurity professionals expect in the upcoming years, drawing from insights shared during discussions at the 2024 RSA conference.

Pace said that insights gathered from 2024 RSA Conference discussions reveal that the industrial cybersecurity landscape is evolving rapidly, presenting significant opportunities and challenges.

“On the opportunity front, the integration of AI and machine learning into cybersecurity practices offers to change forever the potential for improving threat detection and response times,” Pace added. Organizations can leverage predictive analytics to identify vulnerabilities and potential exploits, enabling them to respond effectively. Securing the software supply chain is a promising area, and solutions like SBOMs and comprehensive firmware analysis are getting adopted, providing unprecedented visibility into software vulnerabilities and misconfiguration risks.”

However, Pace pointed out that significant challenges remain. “Many industrial environments rely on legacy systems that are often incompatible with today’s cybersecurity solutions. Integrating advanced security measures into these systems without disrupting operations often requires tailored approaches and specialized expertise. Additionally, the regulatory landscape is becoming more complex, with different regions enforcing their own cybersecurity standards and requirements. So, navigating this regulatory maze while meeting global compliance standards is challenging.”

Despite these challenges, Pace mentioned that the industrial cybersecurity sector is primed for growth and innovation. “The right blend of technology, expertise, and collaboration will help organizations secure their critical operations,” he added.

Moore said that the 2024 RSA Conference highlighted that the challenges in industrial cybersecurity are significant, but the opportunities for innovation, collaboration, and proactive defense strategies are poised to shape the future of our critical infrastructure industries.

“Challenges that are top of mind based on RSA Conference discussions include the ongoing talent shortage in industrial cybersecurity as the demand for skilled OT cybersecurity professionals remains high. Further, the integration and protection of OT and ICS legacy systems is a critical challenge,” Moore said. “Many critical infrastructure organizations still rely on legacy systems that lack robust security features. For example, the use of legacy VPNs and jump servers for secure remote access is problematic, especially considering the recent exposure of the TunelVision VPN vulnerability that threatens to neuter their entire purpose. And regulatory compliance remains a significant challenge.”

Moore added that there are a variety of industrial cybersecurity opportunities based on 2024 RSA conversations. “One notable opportunity is the move to proactive security measures and shifting the emphasis from reactive to proactive industrial cybersecurity. Another massive opportunity is the continued adoption of advanced analytics and generative AI technologies in all sorts of areas including AI-driven threat detection, and predictive maintenance. Finally, enhancements in collaboration between government agencies and private-sector companies can bolster the future defense of national critical infrastructure.”

Bort said that the challenges lie less in the tooling and more in building trust and relationships inside the organizations between the two groups, IT and OT. “The increasing surface area will present an internal challenge for security requirements while threats, like the Cyber Army of Russia Reborn (CARR), recently responsible for a couple of incidents, continue to proliferate and toe the ‘red line’ of a USG response,” he added.

Miller expressed that future challenges will be whether or not organizations can trust AI to perform critical OT tasks that involve safety and security. 

In conclusion, he added “I’m welcoming the increased attention. It’s not necessarily a bad thing. As far as RSA goes for the OT people it’s a solid event. It’s not just an IT security world anymore. It’s a lot more hybrid, and it does bleed into our space in a real and meaningful way.”

Anna Ribeiro

Related

CISA outlines forward-looking National Plan for critical infrastructure security and resilience
CISA outlines forward-looking National Plan for critical infrastructure security and resilience
GAO adds priority recommendation for EPA, drives focus on need for continued cybersecurity measures
GAO adds priority recommendation for EPA, drives focus on need for continued cybersecurity measures
NIST releases finalized security guidelines for controlled unclassified information in SP 800-171r3, SP 800-171Ar3
NIST launches ARIA program to assess societal impacts, ensure trustworthy AI systems
DoD issues information collection requirements for assessing contractor compliance with cybersecurity standards
DoD issues information collection requirements for assessing contractor compliance with cybersecurity standards
EU releases Network Code on Cybersecurity for electricity sector to boost resilience, cross-border protection
EU releases Network Code on Cybersecurity for electricity sector to boost resilience, cross-border protection
NATO conducts initial meeting for undersea infrastructure network to boost security against rising threats
NATO conducts initial meeting for undersea infrastructure network to boost security against rising threats
BlackBerry exposes cyber espionage by Transparent Tribe targeting Indian government, defense sectors
BlackBerry exposes cyber espionage by Transparent Tribe targeting Indian government, defense sectors
Strengthening industrial supply chain security by addressing challenges, strategies, collaborative initiatives
Strengthening industrial supply chain security by addressing challenges, strategies, collaborative initiatives
New Diverse Cybersecurity Workforce bill to promote inclusivity, provide CISA with millions for outreach
New Diverse Cybersecurity Workforce bill to promote inclusivity, provide CISA with millions for outreach
Claroty reports critical OT assets vulnerable to internet exploitation; release of xDome Secure Access
Claroty reports critical OT assets vulnerable to internet exploitation; release of xDome Secure Access