Iatrogenics (harm caused by the healer) is most tied to medicine, but it should also be considered with ICS security controls. What if a security control actually increases risk of an outage or catastrophe?
The panelists will debate how to evaluate if the introduction of a security control or OT component (intervention) impacts the risk and robustness of the ICS. This session will use case studies as a vehicle to discuss the decision, and attempt to come up with a list of factors and approach to making the correct decision. Some of the case studies include security controls that the panelists differ on whether they should or should not be applied.
Nassem Taleb popularized the term Iatrogenics in his book Antifragile, and expanded the concept well beyond medicine. Ralph Langner has compared ICS security professionals to doctors bleeding patients with no real knowledge of the impact and causing more harm than good. “It will affect system reliability and could cause an outage” is the constant refrain of those fighting the addition of security or any change to a deployed ICS, but there are clear cases where layering many security controls has increased risk and caused outages.