This year’s IBM X-Force report focused on the growing trend of “Bring your Own Device,” or BYOD. It reported a 19 percent increase over the prior year in the number of exploits publicly released that can be used to target mobile devices. Workers bring in various mobile devices that have unpatched vulnerabilities to publicly released exploits, creating an opportunity for attackers to use the device as an access points. So, what does BYOD mean for ICS?
Kevin McCaney, managing editor of Government Computer News, decided to look further into ways companies can make BYOD work. When inquiring about critical infrastructures, Jacob Kitchel, senior manager of security and compliance for Industrial Defender, was more than prepared to offer some advice. And his advice was don’t do it. According to Jacob:
“Critical infrastructure is a whole different ball game when it comes to BYOD. BYOD is a no-no within the Industrial Control System environments that operate critical infrastructure. Given the possibility of affecting critical physical processes and due to compliance concerns, ICS operators, engineers and technicians shouldn’t be attaching the BYOD devices to the ICS networks.”
While enterprise companies may implement a BYOD policy and therefore encourage employees to safely bring their own device to the office, operators and managers at industrial control systems cannot afford to take that risk.
Interested in learning more about what policies companies should make when it comes to BYOD? Check out the full article here: 9 keys to making BYOD work.