Ready for Goodbyes? : Critical System Obsolescence

Arguments

Ben Miller is a representative of Dragos who works to protect and secure industrial control systems

---

Companies are moving from protection-based measures like segmentation to more proactive measures that involve creating the right visibility to detect threats

---

Prevention in terms of security measures can eventually fail

---

Crucial to create a defensible architecture with people actively monitoring systems

---

Staff members need to understand how to operate in an environment where they might be given the wrong information

---

A 100% bulletproof, secure system is not a reality

---

Cybersecurity is a journey, not a destination

---

The life cycle and pace of change in IT and OT are entirely different.

---

Report

In the analysis, several speakers provided insights on various aspects of cybersecurity in relation to industrial control systems (ICS) and digital transformation. Dragos, represented by Ben Miller, is a notable company dedicated to protecting and securing ICS. Miller leads Dragos' services team, which includes instant response and preparedness checks, demonstrating the proactive approach of the company.

The analysis highlights a shift in companies' cybersecurity approach from solely relying on protection-based measures, like segmentation, to more proactive measures that involve creating visibility for threat detection. This change is needed as companies integrate more similar systems, increasing the attack surface.

Outdated infrastructures, running on systems that reached end of life several years ago, are particularly vulnerable and require enhanced visibility. The analysis emphasizes the need to combat obsolescence and vulnerabilities through implementing appropriate technology. Recent incidents, such as a case where ransomware affected an undetected traffic control system for months, highlight the urgent need for improved defensive measures.

Prevention alone is not enough, and visibility is crucial to understand the environments. Additionally, the analysis acknowledges that prevention in terms of security measures can eventually fail. It is crucial to create a defensible architecture with active system monitoring and capable personnel to respond to threats or incidents.

Staff members should understand how to operate in an environment where they may be provided with incorrect information. The analysis suggests that achieving a completely secure system is not a realistic goal due to the constant introduction of new technologies and capabilities by adversaries.

Cybersecurity is an ongoing journey that requires continuous adaptation and improvement. Collaboration between IT and OT is crucial in the context of cybersecurity. It is acknowledged that the life cycle and pace of change in IT and OT are significantly different.

Conversations between the domains should focus on understanding the facility's mission and working within constraints to avoid disruptions. IT disruptions to OT systems can cause downtime in revenue-generating assets, leading to tension between the two domains. In conclusion, the analysis provides a comprehensive overview of cybersecurity in relation to industrial control systems and digital transformation.

It highlights the proactive approach of companies like Dragos in protecting and securing ICS. The shift towards creating visibility for threat detection, combating obsolescence, and the importance of a defensible architecture with active system monitoring are emphasized. The analysis recognizes that achieving absolute security is not feasible and that cybersecurity is an ongoing journey.

Collaboration between IT and OT is seen as crucial, focusing on understanding the facility's mission and constraints to prevent disruptions.

Arguments

The obsolescence of critical infrastructure due to the outdating of software and hardware components can pose threats to the provided services

---

Dr. Yacine Djemaiel emphasizes the need for regulatory guidelines for critical infrastructure.

---

Dr. Yacine Djemaiel highlights the issue of upgrades for critical infrastructure.

---

Report

The obsolescence of software and hardware components in critical infrastructure can pose significant threats to the services they provide. There is a strong dependency between the software and hardware for each component in most cases. When the hardware fails to respond after software updates, the process to replace such hardware is initiated.

However, this process can be time-consuming and may lead to potential threats regarding critical infrastructure if not addressed promptly. This raises concerns about the need for up-to-date regulations and strategies for critical infrastructure. From the Tunisian experience, it has been observed that targeting regulation is essential in addressing this issue.

In 2023, Tunisia defined a new law for cybersecurity, updating a previous law from 2004. Critical infrastructure had a dedicated chapter and a set of laws that major companies must respect. This demonstrates the significance of up-to-date regulations and highlights the importance of having specific laws that govern critical infrastructure.

Regulatory guidelines for critical infrastructure are also crucial. Dr. Yacine Djemaiel emphasises the need for such guidelines to ensure that these infrastructures are maintained and updated in a timely manner. Including criteria against which the components of the infrastructure should be certified in the regulations can further enhance their effectiveness.

However, upgrading hardware or software for critical infrastructure can be challenging for government companies. It requires detailed planning and budgeting. The process of acquiring the necessary budget and carrying out the changes in compliance with regulations may be lengthy, causing delays in maintaining and improving the infrastructure.

This issue underscores the need for more efficient solutions to reduce the time required for infrastructure replacement and upgrades. Dr. Yacine Djemaiel advocates for reducing the time needed for updates, as it would make compliance with regulations more efficient. Faster replacement and upgrades can mitigate the risks posed by outdated infrastructure.

By streamlining the process and making it more time-efficient, the potential threats to critical infrastructure can be reduced. In conclusion, the obsolescence of software and hardware components in critical infrastructure poses significant threats to the services they provide. It is crucial to have up-to-date regulations and strategies to mitigate these risks.

Regulatory guidelines, along with efficient infrastructure replacement and upgrade solutions, can help maintain and update critical infrastructures more effectively. By addressing these issues, the potential threats to critical infrastructure can be mitigated, ensuring the smooth and secure provision of essential services.

Arguments

Obsolescence is a constant change in technology

---

Technology is the leading cause of obsolescence

---

The biggest pain point in transitioning from legacy to modern technologies and infrastructure systems is people.

---

Absolute security is absolutely impossible.

---

Strategic planning is crucial for a successful transition from legacy to next generation technologies.

---

Report

The rapid pace of technological change leads to obsolescence as new technologies continuously replace older ones. Telecommunications, for instance, have moved from 3G to 4G and now to the latest 5G network, rendering previous generations obsolete. This highlights the constant need for adaptation to keep up with the ever-evolving landscape of technology.

Adaptability emerges as the best approach to embrace these changes. Being flexible and adaptive is crucial in navigating technological advancements. Surara, for instance, actively cultivates a culture of adaptability through research and development, training, and promoting workforce diversity. This helps prepare their employees to anticipate and embrace obsolescence.

Technology itself is a major driver of obsolescence. The introduction of new technologies like artificial intelligence (AI), 5G networks, quantum computing, and space technologies fuels rapid change. For example, the development of a new navigation system for airlines can make an entire fleet of aircraft obsolete.

Similarly, the potential rise of driverless cars could make drivers themselves obsolete. However, the biggest challenge in transitioning from legacy to modern technologies lies in people. Individuals are often resistant to change and may struggle to adapt to new technologies and ways of doing things.

Despite being the largest asset of a company, human resources can be the pain point in the transition process. Overcoming this challenge requires effective training and change management strategies to facilitate successful adoption of new technologies. The concept of absolute security is explored, suggesting that it is impossible to achieve complete security.

The security vendor community's obsession with achieving absolute security is questioned, as it is proposed that resilience and good enough security should be prioritised instead. This highlights the importance of finding a balance between security and usability in technology. The expectations of consumers and the government also need to be recalibrated in response to technological changes.

It is argued that the government does not always hold the responsibility to address every issue, and consumers should have a concept of resilience. Furthermore, the sudden criticality of modern services necessitates a revised understanding of their importance as critical infrastructure.

Strategic planning emerges as a crucial factor in successfully transitioning from legacy to next-generation technologies. Without a well-thought-out plan, organisations risk accumulating a plethora of technologies without a sense of security. To mitigate this, it is recommended to establish a shelf life for technology, adopt a modular architecture, and involve vendors in the upgrade processes.

These strategic considerations can help facilitate a smooth and successful transition. In conclusion, the constant change in technology drives obsolescence, necessitating adaptability to embrace these changes. Technology itself is the leading cause of obsolescence, and the transition from legacy to modern technologies can present challenges, particularly related to human resources.

Achieving absolute security is deemed impossible, and instead, the focus should be on resilience and good enough security. The expectations of consumers and the government need to be adjusted, and strategic planning is crucial for a successful transition.

Arguments

Obsolescence is not a new concept and has been practiced by militaries with certain percentages maintained in their inventories

---

A cycle should be created to effectively manage obsolescence while maintaining functionality and security

---

Major General Manjeet Singh is working on minimizing the impact of obsolescence in India

---

Report

Obsolescence, the concept of something becoming outdated or no longer useful, has long been practised in military inventories, with certain percentages of outdated equipment maintained. However, the pace of technological advancements, user expectations, market forces, and security requirements have significantly accelerated obsolescence.

In response to this accelerated obsolescence, it is crucial to establish a cycle to effectively manage it while ensuring functionality and security. This means finding ways to address the challenges posed by rapidly changing technologies, evolving user needs, and the market-driven demand for up-to-date equipment.

One notable effort in mitigating the impact of obsolescence is being undertaken by Major General Manjeet Singh in India. India boasts a large population of approximately 800 million internet users and 1.3 billion phone users, resulting in a significant number of transactions, around 10 billion per month.

Recognising the importance of minimising obsolescence in such an advanced and connected society, Major General Manjeet Singh is working towards finding effective strategies to manage and reduce the impact of obsolescence in India. Furthermore, India is also making commendable strides in securing its cyberspace.

They are actively addressing governance issues related to cyberspace, developing comprehensive crisis management plans, and creating resilient infrastructure. Additionally, India is taking measures to ensure disaster recovery and backup plans for data, emphasising the importance of network resilience. The analysis reveals that obsolescence is not a new concept for militaries, with certain strategies like maintaining specific percentages of outdated equipment being employed.

However, the increasing speed of technological progress, evolving user expectations, market dynamics, and security considerations present challenges that require proactive management of obsolescence. The case of India highlights how the country recognises the significance of addressing obsolescence in its technologically advanced society and is taking measures to both minimise its impact and secure its cyberspace.

Overall, the detailed summary highlights the various factors accelerating obsolescence and the importance of managing it effectively. It also underscores the efforts made by Major General Manjeet Singh in India, along with the country's commitment to securing its cyberspace.

Arguments

Level of preparedness and protection of companies and entities against obsolescence and vulnerabilities.

---

Report

This comprehensive analysis examines the level of preparedness and protection of companies and entities against obsolescence and vulnerabilities. It sheds light on the budget companies allocate for upgrades and resilience measures, questioning whether it is adequate. The analysis also explores the broader perspective of how well-protected or exposed entities are in the face of obsolescence.

One of the key points raised is the budget companies allocate for upgrades and resilience measures. This raises concerns about whether companies are sufficiently prepared for potential obsolescence and vulnerabilities. The analysis emphasizes the importance of investing in upgrades and resilient infrastructure to mitigate the risks associated with technological advancements and changing market dynamics.

Another significant point is the overall preparedness of entities when it comes to obsolescence. The analysis urges us to take a broader view and consider the extent to which entities have considered the implications of obsolescence and taken proactive measures to protect themselves.

By doing so, entities can ensure their sustained viability and competitiveness in the face of rapidly evolving technologies and changing industry landscapes. The analysis also notes the neutral sentiment surrounding this topic. While it does not provide a clear indication of stakeholders' views, it signifies the importance of a balanced perspective when examining the level of preparedness and protection against obsolescence and vulnerabilities.

It suggests that a well-rounded assessment is essential in identifying areas of improvement and developing strategies to address any gaps. In conclusion, this analysis highlights the significance of preparedness and protection when it comes to obsolescence and vulnerabilities. It underscores the need for companies to allocate sufficient budget for upgrades and resilience measures, as well as the importance of taking a comprehensive approach to ensure entities are adequately protected against obsolescence.

By addressing these issues, companies and entities can enhance their ability to adapt, thrive, and remain competitive in an ever-evolving business landscape.