MYSEC.TV

Home   /   RESOURCES   /   MYSEC.TV   / Winning the OT Security Battle

Winning the OT Security Battle

Tech & Sec Weekly
SHARE:

IN THIS VIDEO

We sat down with Tim Conway and Robert Lee, two leading cybersecurity experts, to discuss pressing issues in OT cybersecurity.

CrowdStrike Lessons Learned
Tim and Robert began by examining the CrowdStrike incident from July 2024. They highlighted the dangers of over-relying on trusted technology without sufficient testing and verification, and the importance of integrating resilience into systems and avoiding a one-size-fits-all security approach.

Cyber Threat Landscape
Robert discussed the rise of sophisticated malware like Fuxnet, Frostygoop and Pipe Dream, designed to target OT systems. Fuxnet was a highly targeted attack aimed at disrupting critical infrastructure in Russia, while Frostygop used similar techniques against Ukraine. In contrast, Pipe Dream serves as a more versatile attack framework applicable to various OT systems.

He underscored an important lesson: even if specific malware isn’t reused, studying its tactics can improve our prevention, detection, and response strategies. The key takeaway: threats to OT environments are growing, with increasingly targeted efforts from a range of actors.

Critical Control – ICS Network Visibility
Tim and Robert addressed the challenges of gaining visibility into OT devices. Tim noted that OT environments are diverse and require more than a one-size-fits-all approach. Each environment has unique characteristics that must be considered. While attackers exploit both commonalities and specific features, defenders must balance the need for visibility with the risk of disrupting operations. Legacy systems without modern security features further complicate these efforts. Despite historical challenges in visibility due to limited capabilities and resistance to change, recent technological advances have improved the situation. However, new technologies, such as encryption, introduce additional complexities. A balanced approach, using critical controls as a framework, is essential for prioritizing security efforts and adapting to evolving needs.

Critical Control – Incident Response Plan
Tim and Robert highlighted that many organizations lack specific incident response plans for OT, relying instead on general IT plans. Backup plans for power outages often do not address cyber attack scenarios. Effective OT incident response requires a tailored plan that includes data collection, safety procedures, and appropriate tools. In addition, maturity in incident response involves having a detailed, operationally integrated plan that addresses various scenarios, including handling outages and restoring systems without SCADA support.

OT and IT Convergence
Tim and Robert discussed several crucial aspects of OT security. They noted that the increasing interconnection between IT and OT systems has elevated the risk of attacks transitioning from IT to OT environments. Additionally, remote access, often used for vendor support, presents a significant security threat.

They emphasized the distinct characteristics of OT systems, which necessitate specialized security approaches. Treating OT and IT as identical can lead to dangerous oversimplifications and vulnerabilities. Therefore, security measures must be tailored to the specific needs of OT environments, considering their safety, physical constraints, and unique risks.

Tim and Robert also touched on cyber-informed engineering. Key takeaways include recognizing common attack vectors from IT systems, implementing distinct security strategies for OT, and avoiding the assumption that OT and IT are the same. Tailoring security measures to the specific needs and constraints of OT environments is essential for effective protection.

Celebrating Wins
Finally, Tim and Robert highlighted the importance of celebrating cybersecurity successes, such as defending against VOLTZITE. Recognizing and celebrating these victories can boost morale and encourage teams to continue their efforts.

Tim Conway, Senior Instructor, https://www.sans.org/profiles/tim-con…

Tim serves as the Technical Director of ICS and SCADA programs at SANS, and he is responsible for developing, reviewing, and implementing technical components of the SANS ICS and SCADA product offerings. A recognized leader in CIP operations, he formerly served as the Director of CIP Compliance and Operations Technology at Northern Indiana Public Service Company (NIPSCO), where he was responsible for Operations Technology, NERC CIP Compliance, and the NERC training environments for the operations departments within NIPSCO Electric.

Robert M. Lee, Fellow, https://www.sans.org/profiles/robert-…

SANS fellow Robert M. Lee brings to the classroom one of the most valuable and respected of credentials: real-world experience. Robert is the CEO and founder of his own company, Dragos, Inc., that provides cyber security solutions for industrial control system networks.

Further viewing;  Operational Technology (OT) Cybersecu…  

#mysecuritytv  #otcybersecurity

OTHER VIDEOS IN THIS SERIES

avlon25
April 3, 2025
We speak with Mr Anantha Venugopal, Program Manager for Space and Emerging Technologies at the WA Defence Stand at the Avalon Australian International Airshow 2025. Watch Now
space-01
April 3, 2025
Aircraft-grade coaxial unmanned aerial systems company Ascent AeroSystems has released HELIUS, the company’s first entry into the sub-250g UAV sector. Watch Now
space-380325
March 28, 2025
We speak with astronaut Col. Mike Bloomfield (STS-86, 97, & 110) who took to the stage with Australian astronaut Katherine Bennell-Pegg to present and congratulate four Australian secondary students and STEM teacher selected for the prestigious Endeavour scholarship. Watch Now
space-2803
March 28, 2025
The Space Industry Association of Australia (SIAA) newly appointed chief executive officer Dan Lloyd outlines the 2025-2026 Pre-Budget Submission made by SIAA and the call for an Australian National Space Taskforce to monitor and respond to national and global space activities and articulate a structured national approach to space. Watch Now