MYSEC.TV

Home   /   RESOURCES   /   MYSEC.TV   / Cyber threats and cyber-physical systems, and impacts for APAC

Cyber threats and cyber-physical systems, and impacts for APAC

Tech & Sec Weekly
SHARE:

IN THIS VIDEO

Tim serves as the Technical Director – ICS and SCADA programs at SANS, and is responsible for developing, reviewing, and implementing technical components of the SANS ICS and SCADA product offerings. Additionally, performing contract and consulting work in the areas of ICS cybersecurity with a focus on energy environments.

A recognized leader in CIP operations, he formerly served as the Director of CIP (Critical Infrastructure Protection) Compliance and Operations Technology at Northern Indiana Public Service Company (NIPSCO) and was responsible for Operations Technology, NERC CIP Compliance, and the NERC training environments for the operations departments within NIPSCO Electric.

Recognizing the need for ICS-focused cyber security training throughout critical infrastructure environments and an increased need for NERC CIP hands-on training, Tim authored and instructs the ICS curriculum’s newest course ICS456 – Essentials for NERC Critical Infrastructure Protection.

Outside of SANS, Tim continues to perform contract and consulting work in the areas of ICS cyber security with a focus on the energy sector.

Before accepting the opportunity to join SANS, Tim enjoyed a 15-year career with NIPSCO (Northern Indiana Public Service Company) – one of Indiana’s largest natural gas and electric companies in the state, where he held management and leadership positions as well as EMS Computer Systems Engineer responsibilities over the control system servers and the supporting network infrastructure.

During his career, Tim has served as the Chair of the RFC CIPC, Chair of the NERC CIP Interpretation Drafting Team, Chair of the NERC CIPC GridEx Working Group, and Chair of the NBISE Smart Grid Cyber Security panel.

In this interview held on-site at the SANS ICS APAC Summit and Training 2022, Tim shares his insights on the developments in ICS (Industrial Control Systems).

He starts by explaining the evolution of the term “ICS” into “cyber-physical” – from “data-at-rest, data-in-use, data-in-motion” perspective to one where “data that does something, data that means something,” or in other words, data that has a “kinetic component,” a “physics component.”

Viewed this way, cyber-physical systems could be large scale, like SCADA covering multiple states, or could be on a plant floor distributed control system, could be individual PLCs, or the IIoT (Industrial Internet of Things) which are “using small edge devices to control parts of buildings, or SMART cities or transportation.”

Tim also gives an update on the threat landscape in cyber-physical systems and how intellectual property/data theft has evolved to process manipulation. The latest is the recently discovered malware – “Pipedream,” where the modularity of the malware framework is a “force multiplier.” By piecing different malicious components, he explains that threat actors can achieve their goals without knowing their specific environments – and also across multiple sectors.

Besides the evolving threat landscape, Tim also touches on varied levels of digital adoption in the cyber-physical environment across sectors means that the SANS courses are necessarily developed for professionals coming from a variety of experiences and cover legacy, existing, and new environments.

Depending on the complexities of the infrastructure specific to the country, Tim also shares his perspectives on differing priorities and approaches when it comes to cyber protection.

Recorded on 21st November 2022, 3pm, Grand Copthorne Hotel, Singapore.

OTHER VIDEOS IN THIS SERIES

dragos
November 22, 2024
Are you prepared for a cyber-attack? Whether you’re managing a national or state-wide critical infrastructure organisation, or you’re a small rural provider with a lean team, the stakes are higher than ever for Australia’s Energy and Utility operators. Watch Now
acsm_19=11
November 19, 2024
In response to new questions asked by the annual study, sponsored by Adobe—which showcases the feedback of more than 1,800 global cybersecurity professionals on topics related to the cybersecurity workforce and threat landscape. Watch Now
space-1411
November 14, 2024
We cross to Singapore and speak with Dr Mark Shmulevich who has over 15 years of experience as an entrepreneur and venture capitalist Watch Now
asean5112
November 9, 2024
Jane Lo, MySecurity Media Singapore Correspondent sat down with Syed Ubaid Ali Jafri, Head of Cyber Defense and Offensive Security at Habib Bank Limited (HBL), at Tech Week Singapore, to get his insights on the sophistication of these threats. Watch Now