{"id":991,"date":"2022-10-12T12:31:40","date_gmt":"2022-10-12T10:31:40","guid":{"rendered":"https:\/\/insightevents.dk\/isc-cph\/?p=991"},"modified":"2022-10-18T13:00:42","modified_gmt":"2022-10-18T11:00:42","slug":"we-are-often-focusing-on-the-wrong-things","status":"publish","type":"post","link":"https:\/\/insightevents.dk\/isc-cph\/2022\/10\/12\/we-are-often-focusing-on-the-wrong-things\/","title":{"rendered":"We are often focusing on the wrong things"},"content":{"rendered":"<p><strong>At the international <a href=\"https:\/\/insightevents.dk\/isc-cph\/\" target=\"_blank\" rel=\"noopener\">Industrial Security Conference<\/a>, the 14-15-16 November Mark Bristow, Director at the Cyber Infrastructure Protection Innovation Center, <a href=\"https:\/\/www.mitre.org\/our-impact\/mitre-labs\/cyber-infrastructure-protection-innovation-center\" target=\"_blank\" rel=\"noopener\">MITRE Labs<\/a> will give a presentation about ensuring operational resiliency in a contested world.<\/strong><\/p>\n<p>Read an interview with Mark here.<\/p>\n<h2><em>What is your background? And how do you work with industrial security on a daily basis?<\/em><\/h2>\n<p>As the director of MITRE\u2019s Cyber Infrastructure Protection Innovation Center (CIPIC), I work with asset owners and operators of critical infrastructure, industry consortium, U.S. government agencies, and international partners every day. MITRE is helping these organizations better secure critical infrastructure by leveraging our cyber defender resources such as MITRE ATT&amp;CK, CALDERA, D3FEND, and ENGAGE but with an ICS or OT focus. We are building tools that can be leveraged by the cyber community to better secure critical assets.<\/p>\n<p>Before joining MITRE this year, I spent the last 14 years in various leadership roles at CISA, including incident response for ICS-CERT and subsequent organizations. I have a family connection to control systems; my father worked for a major vendor for most of his career, and I found my first ICS software bug at 10 years old one Saturday at the lab with my father. I also teach the ICS515 Visibility, Detection and Response class for SANS.<\/p>\n<h2><em>What do you see as the biggest opportunities and challenges in connection with cyber- and industrial security?<\/em><\/h2>\n<p>The control systems cybersecurity community is at a critical point. For many years, we have struggled to raise awareness about the need for security for industrial control systems. Once we became successful in getting business leaders to understand the need, now we must implement smart solutions that drive operational outcomes. This is both an opportunity and a challenge. With acceptance of the need, implementing defenses is the next challenge. In too many cases, a compliance-based approach has been taken to ICS cybersecurity which ultimately prioritizes \u201ceasy to measure\u201d security controls like patch levels and password complexity. The challenge with applying these controls to ICS is that in my cases, while good for security, these controls will not substantively impact the safety or reliability of the process. We need better ways to measure risk that allow us to prioritize the impactful and likely scenarios that ultimately will reduce the risk of failure.<\/p>\n<h2><em>When looking forward just 5-10 years, what do you think will be different within security?<\/em><\/h2>\n<p>I\u2019m really excited to see the concept of cyber-informed engineering (CIE) taking hold. The U.S. Department of Energy recently released a strategy for CIE that takes the concept of Consequence-driven Cyber-Informed Engineering (CCE) to the next level. This is changing the way that process control engineers are looking at how they design systems, much in the same way we do in safety engineering, to insure that malfunctioning or maliciously manipulated control systems components have minimal impact to safety and process reliability. This concept is gaining adoption across the industry which will greatly improve the resiliency of our systems in the future.<\/p>\n<h2><em>Besides more funds for security, what do you think would make a difference in the industry?<\/em><\/h2>\n<p>While many organizations are increasing their funding for ICS security, it\u2019s time for the ICS security industry to focus those resources for maximized return-on-investment. Significant work is done in the areas of compliance with standards and regulatory frameworks. While this is a great first step and ensures a baseline of cybersecurity throughout the industry, it is insufficient to stop many adversaries who want to hold infrastructure at risk. Much of the focus on these efforts is on items like ICS device patch management where actual ICS intrusions are using credential stealing\/impersonation as a key vector that is not adequately addressed by the standards. The community needs to prioritize resources to where they will be the most impactful in stopping the adversary.<\/p>\n<h2><em>What are your own expectations for the conference? And which keynotes are you looking forward to hearing?<\/em><\/h2>\n<p>As an American, I\u2019m always really interested to see how my international colleagues are looking at control systems cybersecurity and what challenges are being faced. Industrial processes often are not isolated to a single country or region. Having a shared international perspective is critical. Additionally, the technologies that underpin our control systems are similar across industries and political boundaries, so we have a number of shared challenges.<\/p>\n<p>I\u2019m looking forward to hearing about how the cloud and data analytics are transforming our industry (presentations by Vivek Ponnada, Patrick Miller) as well as how we can increase ties between organizational culture and operations (James McQuiggan). I\u2019m also really interested in how cyber conflict has evolved, and I think the presentation on recreating the 2015 Ukraine attack (Casper Bladt and Jens Nielsen) and the Cyber Conflict talk (Joe Slowik) will be interesting in that regard, along with my presentation.<\/p>\n<h2><em>What will your keynote be about, and which learnings are you hoping the participants take with them?<\/em><\/h2>\n<p>We often are focusing on the wrong things. When participants leave my keynote, I want them to have strategies for evaluating what the \u201cright\u201d things are for them.<\/p>\n<p>Over the last 20 years, we have gone from industrial cybersecurity being barely an afterthought to a topic that is a focus for owners and operators but also for the public. This increased awareness is great, and now we have resources to tackle these problems, but it came with some drawbacks. Often organizations are driven to a compliance mindset by regulatory regimes, insurance underwriters, and risk managers who don\u2019t understand process control. This creates scenarios where resources are expended on activities and mitigations that may not have tangible impact on the overall resiliency of the system. We need to do better.<\/p>\n<p>We need to take a consequence and threat-informed approach to mitigation prioritization that ensures that our defense strategies will frustrate an adversary. Long gone are the days where obscurity of these systems could be counted on to help reduce probability of impact, so now we must focus not only on what is vulnerable but what our adversaries are likely to do and how we can stop them. We also must look beyond the cyber domain for solutions. In some cases, resiliency can be achieved through physical modifications to the control system or processes instead of only through cyber means.<\/p>\n<h2>WOULD YOU LIKE TO HEAR MORE FROM MARK BRISTOW?<\/h2>\n<p>At the <a href=\"https:\/\/insightevents.dk\/isc-cph\/\" target=\"_blank\" rel=\"noopener\">Industrial Security Conference<\/a> the 14 \u2013 15 \u2013 16 November, Mark will give a presentation about will cover how the landscape has changed over the past 10 years and discuss some ways that owners and operators can engineer resiliency solutions to prioritize activities and reduce these risks.<\/p>\n<p><a href=\"https:\/\/insightevents.dk\/isc-cph\/\" target=\"_blank\" rel=\"noopener\">Read more about the conference and sign up here!<\/a><\/p>\n<p>\u00a92022 The MITRE Corporation. ALL RIGHTS RESERVED.\u00a0 Approved for Public Release; Distribution Unlimited. Public Release Case Number 22-01053-6<\/p>\n","protected":false},"excerpt":{"rendered":"<p>At the international Industrial Security Conference, the 14-15-16 November Mark Bristow, Director at the Cyber Infrastructure Protection Innovation Center, MITRE Labs will give a presentation about ensuring operational resiliency in a contested world. Read an interview with Mark here. What is your background? And how do you work with industrial security on a daily basis? [&hellip;]<\/p>\n","protected":false},"author":15,"featured_media":992,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[3],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>We are often focusing on the wrong things<\/title>\n<meta name=\"description\" content=\"At the ISC conference the 14-16 November Mark Bristow will give a presentation about ensuring operational resiliency in a contested world.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/insightevents.dk\/isc-cph\/2022\/10\/12\/we-are-often-focusing-on-the-wrong-things\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"We are often focusing on the wrong things\" \/>\n<meta property=\"og:description\" content=\"At the ISC conference the 14-16 November Mark Bristow will give a presentation about ensuring operational resiliency in a contested world.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/insightevents.dk\/isc-cph\/2022\/10\/12\/we-are-often-focusing-on-the-wrong-things\/\" \/>\n<meta property=\"og:site_name\" content=\"Industrial Security Conference Copenhagen\" \/>\n<meta property=\"article:published_time\" content=\"2022-10-12T10:31:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-10-18T11:00:42+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/insightevents.dk\/isc-cph\/wp-content\/uploads\/sites\/4\/2022\/10\/Markbristow1200x630.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Line\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Line\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/insightevents.dk\/isc-cph\/2022\/10\/12\/we-are-often-focusing-on-the-wrong-things\/\",\"url\":\"https:\/\/insightevents.dk\/isc-cph\/2022\/10\/12\/we-are-often-focusing-on-the-wrong-things\/\",\"name\":\"We are often focusing on the wrong things\",\"isPartOf\":{\"@id\":\"https:\/\/insightevents.dk\/isc-cph\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/insightevents.dk\/isc-cph\/2022\/10\/12\/we-are-often-focusing-on-the-wrong-things\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/insightevents.dk\/isc-cph\/2022\/10\/12\/we-are-often-focusing-on-the-wrong-things\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/insightevents.dk\/isc-cph\/wp-content\/uploads\/sites\/4\/2022\/10\/Markbristow1200x630.jpg\",\"datePublished\":\"2022-10-12T10:31:40+00:00\",\"dateModified\":\"2022-10-18T11:00:42+00:00\",\"author\":{\"@id\":\"https:\/\/insightevents.dk\/isc-cph\/#\/schema\/person\/e1b949cdb7e6339b6ba34b36365c444c\"},\"description\":\"At the ISC conference the 14-16 November Mark Bristow will give a presentation about ensuring operational resiliency in a contested world.\",\"breadcrumb\":{\"@id\":\"https:\/\/insightevents.dk\/isc-cph\/2022\/10\/12\/we-are-often-focusing-on-the-wrong-things\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/insightevents.dk\/isc-cph\/2022\/10\/12\/we-are-often-focusing-on-the-wrong-things\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/insightevents.dk\/isc-cph\/2022\/10\/12\/we-are-often-focusing-on-the-wrong-things\/#primaryimage\",\"url\":\"https:\/\/insightevents.dk\/isc-cph\/wp-content\/uploads\/sites\/4\/2022\/10\/Markbristow1200x630.jpg\",\"contentUrl\":\"https:\/\/insightevents.dk\/isc-cph\/wp-content\/uploads\/sites\/4\/2022\/10\/Markbristow1200x630.jpg\",\"width\":1200,\"height\":630,\"caption\":\"Mark Bristow, Director at the Cyber Infrastructure Protection Innovation Center\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/insightevents.dk\/isc-cph\/2022\/10\/12\/we-are-often-focusing-on-the-wrong-things\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/insightevents.dk\/isc-cph\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"We are often focusing on the wrong things\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/insightevents.dk\/isc-cph\/#website\",\"url\":\"https:\/\/insightevents.dk\/isc-cph\/\",\"name\":\"Industrial Security Conference Copenhagen\",\"description\":\"Industrial Security Conference Copenhagen\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/insightevents.dk\/isc-cph\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/insightevents.dk\/isc-cph\/#\/schema\/person\/e1b949cdb7e6339b6ba34b36365c444c\",\"name\":\"Line\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/insightevents.dk\/isc-cph\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/7b77f339adf5c930d53d064e7fb88017?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/7b77f339adf5c930d53d064e7fb88017?s=96&d=mm&r=g\",\"caption\":\"Line\"},\"url\":\"https:\/\/insightevents.dk\/isc-cph\/author\/line\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"We are often focusing on the wrong things","description":"At the ISC conference the 14-16 November Mark Bristow will give a presentation about ensuring operational resiliency in a contested world.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/insightevents.dk\/isc-cph\/2022\/10\/12\/we-are-often-focusing-on-the-wrong-things\/","og_locale":"en_GB","og_type":"article","og_title":"We are often focusing on the wrong things","og_description":"At the ISC conference the 14-16 November Mark Bristow will give a presentation about ensuring operational resiliency in a contested world.","og_url":"https:\/\/insightevents.dk\/isc-cph\/2022\/10\/12\/we-are-often-focusing-on-the-wrong-things\/","og_site_name":"Industrial Security Conference Copenhagen","article_published_time":"2022-10-12T10:31:40+00:00","article_modified_time":"2022-10-18T11:00:42+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/insightevents.dk\/isc-cph\/wp-content\/uploads\/sites\/4\/2022\/10\/Markbristow1200x630.jpg","type":"image\/jpeg"}],"author":"Line","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Line","Estimated reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/insightevents.dk\/isc-cph\/2022\/10\/12\/we-are-often-focusing-on-the-wrong-things\/","url":"https:\/\/insightevents.dk\/isc-cph\/2022\/10\/12\/we-are-often-focusing-on-the-wrong-things\/","name":"We are often focusing on the wrong things","isPartOf":{"@id":"https:\/\/insightevents.dk\/isc-cph\/#website"},"primaryImageOfPage":{"@id":"https:\/\/insightevents.dk\/isc-cph\/2022\/10\/12\/we-are-often-focusing-on-the-wrong-things\/#primaryimage"},"image":{"@id":"https:\/\/insightevents.dk\/isc-cph\/2022\/10\/12\/we-are-often-focusing-on-the-wrong-things\/#primaryimage"},"thumbnailUrl":"https:\/\/insightevents.dk\/isc-cph\/wp-content\/uploads\/sites\/4\/2022\/10\/Markbristow1200x630.jpg","datePublished":"2022-10-12T10:31:40+00:00","dateModified":"2022-10-18T11:00:42+00:00","author":{"@id":"https:\/\/insightevents.dk\/isc-cph\/#\/schema\/person\/e1b949cdb7e6339b6ba34b36365c444c"},"description":"At the ISC conference the 14-16 November Mark Bristow will give a presentation about ensuring operational resiliency in a contested world.","breadcrumb":{"@id":"https:\/\/insightevents.dk\/isc-cph\/2022\/10\/12\/we-are-often-focusing-on-the-wrong-things\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/insightevents.dk\/isc-cph\/2022\/10\/12\/we-are-often-focusing-on-the-wrong-things\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/insightevents.dk\/isc-cph\/2022\/10\/12\/we-are-often-focusing-on-the-wrong-things\/#primaryimage","url":"https:\/\/insightevents.dk\/isc-cph\/wp-content\/uploads\/sites\/4\/2022\/10\/Markbristow1200x630.jpg","contentUrl":"https:\/\/insightevents.dk\/isc-cph\/wp-content\/uploads\/sites\/4\/2022\/10\/Markbristow1200x630.jpg","width":1200,"height":630,"caption":"Mark Bristow, Director at the Cyber Infrastructure Protection Innovation Center"},{"@type":"BreadcrumbList","@id":"https:\/\/insightevents.dk\/isc-cph\/2022\/10\/12\/we-are-often-focusing-on-the-wrong-things\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/insightevents.dk\/isc-cph\/"},{"@type":"ListItem","position":2,"name":"We are often focusing on the wrong things"}]},{"@type":"WebSite","@id":"https:\/\/insightevents.dk\/isc-cph\/#website","url":"https:\/\/insightevents.dk\/isc-cph\/","name":"Industrial Security Conference Copenhagen","description":"Industrial Security Conference Copenhagen","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/insightevents.dk\/isc-cph\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/insightevents.dk\/isc-cph\/#\/schema\/person\/e1b949cdb7e6339b6ba34b36365c444c","name":"Line","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/insightevents.dk\/isc-cph\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/7b77f339adf5c930d53d064e7fb88017?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7b77f339adf5c930d53d064e7fb88017?s=96&d=mm&r=g","caption":"Line"},"url":"https:\/\/insightevents.dk\/isc-cph\/author\/line\/"}]}},"_links":{"self":[{"href":"https:\/\/insightevents.dk\/isc-cph\/wp-json\/wp\/v2\/posts\/991"}],"collection":[{"href":"https:\/\/insightevents.dk\/isc-cph\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/insightevents.dk\/isc-cph\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/insightevents.dk\/isc-cph\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/insightevents.dk\/isc-cph\/wp-json\/wp\/v2\/comments?post=991"}],"version-history":[{"count":0,"href":"https:\/\/insightevents.dk\/isc-cph\/wp-json\/wp\/v2\/posts\/991\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/insightevents.dk\/isc-cph\/wp-json\/wp\/v2\/media\/992"}],"wp:attachment":[{"href":"https:\/\/insightevents.dk\/isc-cph\/wp-json\/wp\/v2\/media?parent=991"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/insightevents.dk\/isc-cph\/wp-json\/wp\/v2\/categories?post=991"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/insightevents.dk\/isc-cph\/wp-json\/wp\/v2\/tags?post=991"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}