Dealing with cyber attacks and APTs continued
This blind spot makes it difficult for providers to become more proactive and informed in applying cybersecurity best practices. "Until critical infrastructure organizations see themselves as probable targets and gain an understanding of the threat actor capability to penetrate, avoid detection, and maintain a presence on their networks, they will not make the necessary investments in cybersecurity," the ICS-CERT report concluded.
Fortunately, the critical infrastructure and IT communities as a whole have taken numerous steps to improve training and education about cybersecurity. ISA has created ISA99, its Industrial Automation and Control System Security Committee, which is developing a series of American National Standards Institute (ANSI) standards. Additionally, many colleges, universities and professional organizations and conferences have created training programs and certifications. These options and others offer critical infrastructure providers the chance to educate employees and enable them to pick the right partners, processes and technology for their particular needs.