Many of us come from IT or cyber security background . I have nothing against that. Im proud to have many skills in those areas. It’s been a long time for me in this domain. I made the shift to ICS security in 2012. Thats when new knowledge came by. I had to learn many engineering topics in order for me to understand ICS processes. It took me a while to know the stuff that gets me understand the main concepts in ICS and the perception that enables you to think like an ICS engineer or an asset owner. My fellow IT friends you have to forget what you know about cyber security and start learning the basics of ICS. Im not just talking about how a particular process works ! Yes this important but you need to understand the whole picture in the industry that you wanted to share your cyber security skills with.
Once you understand how ICS works, you can migrate your IT skills to industrial practices. However, you need to be aware of few things! You need to be in touch with assets owners and engineers so you know what to focus on and what is critical. Again, what is important to secure in IT doesn’t mean its important too in ICS. The most important factor for ICS is to keep the production going , so functionality and availability is the number one factor. So there is no point in investing resources to protect assets that are irrelevant to ICS production, before protecting what is critical , priority is everything. Another aspect to consider is your IT skills have to be tailored to fit ICS. What I mean by that is you need to be careful not to affect production network or performance. You wont know this unless you are guided by an ICS engineer. Once you keep those two aspects in your mind: priority and performance, you are almost good to go. This is a very short discussion about considerations to watch for, and this is not how to do risk assessment or penetration testing . There is a lot of knowledge that need to be absorbed before applying your IT skills. That’s why Im blogging here and that’s why I’m sharing this. To learn together. To sum up , IT skills are the foundation to do cyber security, but to do ICS security you need to combine and tailor those skills with ICS knowledge.