A while back, a tweet flashed across my timeline, and it got me thinking about ERP (Enterprise Resource Planning) security. An ERP system, a class of software, dominated by SAP and Oracle’s PeopleSoft, is a tremendously large and complex collection of applications that drives nearly everything modern businesses do. Material management, financial transactions, operational systems, customer service, and human resources are all examples of business processes that are managed by ERPs.
Focus on ICS (Industrial Control System) security is higher now than it has ever been before. It seems nearly every security company on the planet now offers “ICS” capabilities to protect against threats in pretty much the same manner as IT (Information Technology). The growth in support is happening for a multitude of reasons, but primarily we see IT interacting more and more with OT (Operational Technology) as systems are upgraded to take advantage of newer technologies. Problems from integrating IT with OT arise, but what we need to consider is the impact on our friends in OT. The mere act of plugging in a blinking box within an ICS environment can only get you so far. Without a robust relationship infrastructure with OT, your security program is going to struggle to operationalize your security efforts within the ICS environment. Getting OT to work with you is easier said than done because in general… OT doesn’t trust IT.