The RSA Conference took place from 16 to 20 April, 2018 in San Francisco California. Is one of the most important cybersecurity events in the world. A forum in which attendees learned about new approaches to information security by participating to multiple conferences and panel discussions.
After the global malware/ransomware events of the last year, it was to be expected that they were mentioned during RSA 2018 sessions. Several questions arose regarding the level of cybersecurity that each company has. Such questions encouraged to think about if we are truly prepared for similar incidents.
- Do we have a solid strategy for backups performing?
- Are these procedures properly tested?
- Is there any way to validate the integrity and usability of the information we are supporting?
- How long would it take to restore our critical operations if we had to use such backups for the purpose of restoring a jeopardized asset?
- Are we able to detect and face a threat by using tools and defense mechanisms that our organization has?
- Can we do it without external support?
If the answer to most of these questions is yes, then it seems that organizations learned from those events and acted accordingly. Unfortunately the news still report cases around the world related to this type of incidents, some of which occurred less than one month ago in Atlanta, which indicates that there is still a long way to go and a lot of work to do.
How do we protect a network which (today) is invisible?
Another issue under discussion during this event was the current state of security in OT (Operational Technology) networks, where control systems for manufacturing and transportation abound.
Much of the critical infrastructure of a country resides in the OT world, and it is common to find networks of this type where there are no controls or tools that provide visibility and protection in the same way as in an IT network. Even many of the critical elements in these types of networks are still run by obsolete or out-of-support operating systems, making them easy prey to countless threats.
Many ideas were shared about how to improve the safety of such environments:
- The fact that there are no evidences does not mean that something bad is not occurring in an OT network.
- It is very important to have tools that provide visibility, and information that help in the detection of specific threats to this type of environment.
- It is very important to be aware of the existence of blind spots in our OT networks, and provide support in relation to them.
When a safety incident becomes (literally) a health problem:
One of the most impressive presentations was “Hacking Healthcare Live: Bits and Bytes Meet Flesh and Blood”, where a dramatization showing the impact of a safety incident on a basic medical instrument was performed. It was about the modification of the firmware of a medicine infusion pump, which, instead of dosing, administered the medicine in an uncontrolled way until causing an overdose and a cardiac arrest to a patient.
As part of the demonstration, the medical team had to react to care for the patient who was treated for a routinely discomfort and, however, ended in critical condition due to a malfunction of a device which is often considered as infallible.
RSA Conference 2018: cybersecurity lessons
These exercises leave us a message: in highly connected environments where IoT technologies proliferate and critical services reside (as in the OT world), we must devote special attention to implement controls that help us to minimize the attack surface and the related impact.
As an example of this are the solutions that Ikusi offers, through which communications and IT infrastructures, critical operations of the business and work teams are protected.