Security Built Around Process Requirements
The webinar emphasizes that effective industrial control system security must be designed to support operational processes rather than simply restricting connectivity. GE and Dragos challenge the traditional IT security approach of isolation and disconnection, arguing that modern ICS environments require remote control, third-party access, and data connectivity to deliver business value. Examples include power production optimization that can generate $1 million annually through real-time market pricing integration, predictive maintenance programs saving $17 million in avoided shutdowns, and remote mining operations preventing weeks of downtime. The speakers advocate for understanding information flows and business requirements first, then building security architectures that enable these critical connections while managing risk appropriately.
Threat-Informed Defense Strategy
Rather than focusing solely on patching vulnerabilities, the presentation advocates for understanding adversary tactics and techniques to prioritize security investments. Reid Whiteman discusses recent ICS attacks including WannaCry and NotPetya ransomware incidents, the CRASHOVERRIDE attack on Ukrainian power infrastructure, and the TRITON malware targeting safety systems at a Saudi Arabian facility. The webinar introduces the Diamond Model for threat analysis, emphasizing that defenders should focus on adversary capabilities and infrastructure rather than attribution. Dragos recommends analyzing how threat actors move laterally through networks, what tools they deploy, and which protocols they exploit to determine where defensive controls will be most effective.
Evolution Beyond Traditional Network Models
The speakers challenge the applicability of traditional Purdue/ISA-95 hierarchical models for modern ICS architectures that require cloud connectivity, edge computing, and cross-enterprise data sharing. Kenneth Crowther describes a connectivity spectrum from isolated hierarchical systems to remotely monitored and controlled cloud-based solutions, arguing that security architecture must evolve accordingly. The webinar advocates for zero trust networking principles and micro-segmentation based on production concepts rather than rigid network levels. This approach allows necessary information sharing while preventing lateral movement, addressing scenarios where engineers might inappropriately use historians in the enterprise zone to send control commands back to field devices.
Partnership Approach to ICS Security
The collaboration between GE as an industrial system designer and Dragos as an ICS security intelligence provider demonstrates the value of combining operational technology expertise with threat intelligence. The partnership emerged from recognizing complementary capabilities: GE's deep understanding of process requirements and system design paired with Dragos's knowledge of adversary tactics and ICS-specific vulnerabilities. The webinar represents an effort to translate this collaboration into practical guidance through a three-part whitepaper series, with the speakers emphasizing that effective ICS security requires both engineering discipline around process requirements and intelligence-driven understanding of realistic threats rather than theoretical vulnerabilities.
