Why shouldn't ICS security focus primarily on patching vulnerabilities?

Blindly applying patches in ICS environments can cause operational disruptions and downtime. For example, Microsoft patches for the Spectre/Meltdown processor vulnerability broke OPC servers, preventing HMI systems from communicating with field devices. A threat-informed approach that understands adversary tactics and tests patches in development environments is more effective than reactive patching.

How does the connectivity spectrum affect ICS security architecture?

Modern ICS deployments range from traditional isolated hierarchical systems to cloud-connected, remotely controlled environments. Security architecture must evolve from rigid Purdue model segmentation to zero trust networking and micro-segmentation based on production concepts, allowing necessary connectivity while preventing lateral movement and unauthorized access.

Designing Productive & Secure Industrial Control Systems

Name: Designing Productive & Secure Industrial Control Systems
Uploaded: 2026-04-02T21:52:48-04:00
Duration: 51 min 36 s
Description: TL;DR Industrial control system security must be built around process and business requirements, not simply imposed through isolation and disconnection, as modern ICS environments require connectivity to deliver operational value. Understanding adversa...

Dragos

04/02/2026

0 (0%)

Report Like Favorite

TL;DR

Industrial control system security must be built around process and business requirements, not simply imposed through isolation and disconnection, as modern ICS environments require connectivity to deliver operational value.
Understanding adversary tactics and techniques provides more effective security guidance than blindly patching vulnerabilities, which can actually cause operational disruptions in ICS environments.
Traditional Purdue model network architectures don't fit modern ICS deployments that require cloud connectivity and cross-enterprise data sharing, necessitating zero trust and micro-segmentation approaches.
Recent ICS attacks including WannaCry, NotPetya, CRASHOVERRIDE, and TRITON demonstrate that threats range from opportunistic ransomware to sophisticated nation-state operations targeting safety systems.
The GE-Dragos partnership combines industrial system design expertise with ICS threat intelligence to provide practical security guidance that balances operational requirements with realistic threat mitigation.
Effective ICS security requires understanding information flows, connectivity requirements, and business value before implementing security controls that could inadvertently disrupt critical processes.

Security Built Around Process Requirements

The webinar emphasizes that effective industrial control system security must be designed to support operational processes rather than simply restricting connectivity. GE and Dragos challenge the traditional IT security approach of isolation and disconnection, arguing that modern ICS environments require remote control, third-party access, and data connectivity to deliver business value. Examples include power production optimization that can generate $1 million annually through real-time market pricing integration, predictive maintenance programs saving $17 million in avoided shutdowns, and remote mining operations preventing weeks of downtime. The speakers advocate for understanding information flows and business requirements first, then building security architectures that enable these critical connections while managing risk appropriately.

Threat-Informed Defense Strategy

Rather than focusing solely on patching vulnerabilities, the presentation advocates for understanding adversary tactics and techniques to prioritize security investments. Reid Whiteman discusses recent ICS attacks including WannaCry and NotPetya ransomware incidents, the CRASHOVERRIDE attack on Ukrainian power infrastructure, and the TRITON malware targeting safety systems at a Saudi Arabian facility. The webinar introduces the Diamond Model for threat analysis, emphasizing that defenders should focus on adversary capabilities and infrastructure rather than attribution. Dragos recommends analyzing how threat actors move laterally through networks, what tools they deploy, and which protocols they exploit to determine where defensive controls will be most effective.

Evolution Beyond Traditional Network Models

The speakers challenge the applicability of traditional Purdue/ISA-95 hierarchical models for modern ICS architectures that require cloud connectivity, edge computing, and cross-enterprise data sharing. Kenneth Crowther describes a connectivity spectrum from isolated hierarchical systems to remotely monitored and controlled cloud-based solutions, arguing that security architecture must evolve accordingly. The webinar advocates for zero trust networking principles and micro-segmentation based on production concepts rather than rigid network levels. This approach allows necessary information sharing while preventing lateral movement, addressing scenarios where engineers might inappropriately use historians in the enterprise zone to send control commands back to field devices.

Partnership Approach to ICS Security

The collaboration between GE as an industrial system designer and Dragos as an ICS security intelligence provider demonstrates the value of combining operational technology expertise with threat intelligence. The partnership emerged from recognizing complementary capabilities: GE's deep understanding of process requirements and system design paired with Dragos's knowledge of adversary tactics and ICS-specific vulnerabilities. The webinar represents an effort to translate this collaboration into practical guidance through a three-part whitepaper series, with the speakers emphasizing that effective ICS security requires both engineering discipline around process requirements and intelligence-driven understanding of realistic threats rather than theoretical vulnerabilities.

Chapters

0:00 - Introduction and Partnership Overview
1:11 - Speaker Introductions
3:16 - Three Core Concepts
6:09 - Security Supporting Process Value
9:26 - Business Case Examples
13:25 - Connectivity Spectrum
15:13 - Beyond the Purdue Model
19:03 - ICS Threat Landscape
21:11 - Patching Pitfalls
24:15 - Diamond Model for Threat Analysis

Key Quotes

4:02 "When I first start talking to cybersecurity experts who sometimes come from the IT security world, their first kind of reaction is, if it's really important, then let's disconnect it. Let's disable remote control. Let's focus on segmentation and access restrictions."
4:37 "The process and the information that supports the process is what derives value. And so security needs to be built around that process."
12:32 "We need to make sure that we're not jumping to security architectural conclusions just from what has worked in the IT security space."
21:53 "I'm a vulnerability analyst. I love finding bugs and I love making companies make patches for vulnerabilities. And even I say like that's not the right way to do it."
22:27 "If you install that patch, you can break a really important part of a lot of process control systems called an OPC server. That will cause your HMI systems to no longer be able to communicate to all your field devices."
22:49 "If you blindly apply that patch, you're actually kind of doing the attackers job for them. If you're actually causing your own downtime and costing yourself money."

Categories:

» Cybersecurity » Zero Trust
» Data Protection

Tags:

Show more Show less

Browse videos

Upcoming Webinar Calendar

04/30/2026

10:00 AM

04/30/2026

Insights into SaaS Data Protection from the Keepit Annual Data Report 2026

https://www.truthinit.com/index.php/channel/1868/insights-into-saas-data-protection-from-the-keepit-annual-data-report-2026/
04/30/2026

01:00 PM

04/30/2026

The New Economics of a VMware Exit

https://www.truthinit.com/index.php/channel/1880/the-new-economics-of-vmware-exit/
05/06/2026

02:00 AM

05/06/2026

Detecting Cyber Attacks Before They Evolve Into Breaches with AI Insights

https://www.truthinit.com/index.php/channel/1886/detecting-cyber-attacks-before-they-evolve-into-breaches-with-ai-insights/
05/06/2026

10:00 PM

05/06/2026

World Password Day: Strategies for Managing Your Passwords Effectively.

https://www.truthinit.com/index.php/channel/1913/world-password-day-strategies-for-managing-your-passwords-effectively/
05/07/2026

05:00 AM

05/07/2026

World Password Day: Strategies for Managing Your Passwords Effectively.

https://www.truthinit.com/index.php/channel/1914/world-password-day-strategies-for-managing-your-passwords-effectively/
05/07/2026

01:00 PM

05/07/2026

World Password Day: Strategies for Managing Your Passwords Effectively

https://www.truthinit.com/index.php/channel/1915/world-password-day-strategies-for-managing-your-passwords-effectively/
05/12/2026

01:00 PM

05/12/2026

Transforming Black Box to Glass Box: Revealing Hidden Threats and AI Risks through Data Lineage

https://www.truthinit.com/index.php/channel/1895/transforming-black-box-to-glass-box-revealing-hidden-threats-and-ai-risks-through-data-lineage/
05/12/2026

11:30 PM

05/12/2026

Implement Effective Strategies for Securing Active Directory and Minimizing Data Exposure

https://www.truthinit.com/index.php/channel/1888/implement-effective-strategies-for-securing-active-directory-and-minimizing-data-exposure/
05/13/2026

01:00 AM

05/13/2026

Transforming the Black Box: Revealing AI Risks and Hidden Threats through Data Lineage

https://www.truthinit.com/index.php/channel/1890/transforming-the-black-box-revealing-ai-risks-and-hidden-threats-through-data-lineage/
05/13/2026

05:00 AM

05/13/2026

Transforming Black Box to Glass Box: Revealing AI Risks and Hidden Threats through Data Lineage

https://www.truthinit.com/index.php/channel/1894/transforming-black-box-to-glass-box-revealing-ai-risks-and-hidden-threats-through-data-lineage/
05/19/2026

01:00 PM

05/19/2026

Spring of Satori: A Deep Dive into 2026's Threat Landscape and Findings

https://www.truthinit.com/index.php/channel/1930/spring-of-satori-a-deep-dive-into-2026s-threat-landscape-and-findings/
05/21/2026

11:00 AM

05/21/2026

The Autonomous Era: Orchestrating a Resilient Enterprise

https://www.truthinit.com/index.php/channel/1372/the-autonomous-era-orchestrating-a-resilient-enterprise/
05/27/2026

04:00 AM

05/27/2026

Rivoluziona i rischi dell'AI in opportunità con Netskope AI Security

https://www.truthinit.com/index.php/channel/1925/rivoluziona-i-rischi-dellai-in-opportunità-con-netskope-ai-security/
05/28/2026

10:00 AM

05/28/2026

Transforming AI from fantasy to purposeful management

https://www.truthinit.com/index.php/channel/1924/transforming-ai-from-fantasy-to-purposeful-management/