The PrOTect OT Cybersecurity Podcast

• Todd Beebe: Beyond IT vs. OT, The Common Ground for Securing Any Environment

  About Todd Beebe: Todd Beebe, a cybersecurity veteran since the early 90s, commenced his journey by thwarting attempts to hack his BBS. His expertise led to pivotal roles with an international organization, securing remote access, fortifying websites, and pioneering firewall deployment. Later, at Ernst & Young, he spearheaded the Attack & Penetration practice in Houston, penetrating Fortune 500 clients and contributing to the precursor of the Hacking Exposed book series. Todd's entrepreneurial spirit thrived as he founded cybersecurity companies, notably inventing the telecom firewall 'TeleWall' and the web application firewall 'eServer Secure,' holding nine US patents. His career includes fortifying the White House and Pentagon against cyber threats and building cybersecurity programs for multiple Fortune 500 organizations.In this episode, Aaron and Todd Beebe discuss:Their journeys into cybersecurity careersNavigating the convergence of IT and OT securityFinding common ground and overcoming historical hurdlesShared labs for enhanced understanding and effective problem-solvingCybersecurity challenges in critical infrastructureKey Takeaways:In addressing cybersecurity challenges, it's crucial for IT and OT teams to collaborate closely, recognizing that the threat landscape targets common denominators such as IP addresses, ports, and Windows systems, and adopting a unified approach to securing both environments is essential in the evolving landscape of cyber threats.In navigating the convergence of IT and OT, the key lies in recognizing the shared technological foundation, fostering collaboration to merge expertise, and dispelling the misconception of a takeover, ultimately shifting the focus from being adversaries to allies in the pursuit of a secure and efficient operational landscape.Fostering collaboration between IT and OT teams through shared advisory roles, regular communication, and the establishment of a collaborative lab environment not only enhances technical expertise but also builds trust, camaraderie, and a common language, ultimately contributing to a more resilient and stable organizational infrastructure.While Todd is excited about the increasing diversity of people entering the cybersecurity field, he expresses concern about the SEC's decision to hold CISOs accountable for breaches and emphasizes the challenge of training junior analysts to effectively identify and respond to cyber threats in the evolving landscape. "I'm ready to continue learning. I believe that's the most important part for anyone in cybersecurity. It's whether they have that mindset: it's not failure, it's learning. If we can get that into the mindsets of the next generation, I think then we've done what we needed to do." — Todd Beebe Connect with Todd Beebe: Email: [email protected]: https://www.linkedin.com/in/toddbeebe/Connect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrowLearn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.

  --------  

  1:03:45
• Ron Fabela: Secure Access That Makes Sense for Operations

  About Ron Fabela: Ron Fabela, a seasoned cybersecurity professional with over 20 years of experience, specializes in safeguarding Industrial Control Systems (ICS) and Operations Technology (OT). Currently serving as the Field CTO at XONA, Ron leads initiatives to establish secure industrial access, ensuring safe operations for asset owners globally. With a background rooted in hands-on experience across diverse critical infrastructure sectors such as power generation, offshore oil, and refineries, he excels in overcoming industry-specific challenges and possesses a unique skill set to articulate technical and business concepts effectively to a broad audience.In this episode, Aaron and Ron Fabela discuss:Adopting secure remote access in OT as an operational requirementThe complex landscape of active scanning in ICSBuilding trust and bridging the gap between cybersecurity and OTBalancing innovation, risk, and security in a changing landscapeKey Takeaways:In the dynamic world of ICS, securing remote access is not just a cybersecurity necessity but a practical operational requirement, as witnessed through the evolution from air gaps to accepted industry practices, embracing the concept of zero trust while facilitating secure access is not only a cybersecurity feat but a collaborative effort aligning operational needs with stringent security measures.The shift from passive to active scanning is crucial for effective threat detection and asset visibility; while skepticism persists, bridging the gap between security and operations through trust-building and advocacy is essential to navigate the challenges and seize the opportunities in securing critical infrastructure.To establish trust and enhance cybersecurity in operational environments, genuine collaboration, understanding the challenges of control system engineers, and acknowledging small victories are crucial steps toward securing critical infrastructure and ensuring operational resilience.The future of industrial cybersecurity brings excitement and concern with the shift to advanced systems like cloud, edge, and virtualization, offering scalability but inheriting a substantial attack surface. This underscores the importance of a strategic security approach in this evolving landscape. "I appreciate where I'm at. That's why I stay in the community. I don't think I could ever go back to enterprise and have that same feeling of mission and importance without letting it get to you. Early on, a lot of us were like, "We're saving the world." It's like, "No, no, no. We're just trying to help people, and we're helping ourselves in the process." That's why I love the community." — Ron Fabela Connect with Ron Fabela: Email: [email protected] (unofficial business) & [email protected] (official business)LinkedIn: https://www.linkedin.com/in/ronniefabela/Twitter: https://twitter.com/ron_fabConnect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrowLearn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.

  --------  

  52:23
• Dan Gunter: Lessons Learned from Real-World Attack on Ukraine’s Critical Infrastructure

  About Dan Gunter: Dan Gunter, founder and CEO of Insane Forensics, is a seasoned cybersecurity professional renowned for his extensive expertise in the field. With a background as an officer in the United States Air Force, specifically with the Air Force Computer Emergency Response Team (AFCERT) and operational CYBERCOM teams, Dan has a wealth of experience in protecting critical infrastructure sites. His leadership extends to the private sector, where he served as the Director of Research and Development for Dragos Inc. before founding Insane Forensics. As a prominent speaker at major cybersecurity events, including Black Hat and ShmooCon, Dan shares his insights on incident response, threat hunting, consequence analysis, and security operations. Under his guidance, Insane Forensics provides a cutting-edge cybersecurity automation platform and services, catering to the unique challenges faced by industrial sites with limited cybersecurity resources.In this episode, Aaron and Dan Gunter discuss:Addressing the growing threat of cyber attacks on critical infrastructure, reflecting on Mandiant’s report on attacks in UkraineNavigating the complexities, resource limitations, and timely application of threat intelligenceRethinking industrial cybersecurityThe intersection of cybersecurity, AI, and OTKey Takeaways:In the face of escalating cyber threats to critical infrastructure, exemplified by recent attacks like the Ukraine power grid incident, it is evident that a passive approach alone is insufficient; as attackers grow more sophisticated, understanding and actively monitoring both network and host activities become imperative for effective defense strategies.The evolving landscape of OT cybersecurity demands a nuanced approach, addressing the historical lack of understanding, resource constraints, and the critical need for timely threat intelligence application, highlighting the urgency for industry-wide collaboration and the integration of advanced technologies like AI.To navigate the integration of AI and ML in industrial settings, overcoming fear and resistance is key. Scaling incident response, fostering collaboration, and embracing proactive and reactive measures are essential for building a resilient security foundation in critical infrastructure.In the next 5 to 10 years, the increasing scale and sophistication of cyber attacks, especially in critical infrastructure, pose a significant concern, requiring a holistic approach that combines people, processes, and technology to address evolving threats and vulnerabilities, emphasizing the need for proactive design considerations in new environments and fostering collaborative efforts to share knowledge and solutions. "I worry about how we keep up. We're not going to do it by people alone. We won't do it by process or technology alone. It's going to be all three. It's going to be just us being smart about it and being open to the future." — Dan Gunter Connect with Dan Gunter: Website: https://insaneforensics.com/ Email: [email protected]: https://www.youtube.com/channel/UCSBx8on8ffSm00kqUcTrRPALinkedIn: https://www.linkedin.com/in/dan-gunter/Twitter: https://twitter.com/insaneforensicsConnect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrowLearn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.

  --------  

  58:28
• Thomas VanNorman: ICS Security Takes a Village - Building an OT Security Community

  About Thomas VanNorman: Thomas VanNorman, a seasoned professional with almost three decades of experience in OT, is currently leading the CyPhy Product group at GRIMM. His primary focus involves securing Industrial Control Systems and networking within this domain. Additionally, Tom is a co-founder of the ICS Village, a 501(c)(3) non-profit organization dedicated to Control System security and awareness, where he has volunteered for almost a decade. Tom retired from the Air National Guard after serving in Cyber Warfare Operations, capping off a diverse career that included working on airplane control systems for 12 years.In this episode, Aaron and Thomas VanNorman discuss:Starting up The ICS VillageNavigating the world of industrial control systemsAddressing the unique challenges of OT securityThe chicken and egg dilemma in industrial cybersecurityInsights from recent SEC actions and the role of CISOs in risk acceptanceKey Takeaways:The ICS Village, founded eight years ago, focuses on educating and raising awareness about industrial control systems (ICS) and their security, using conferences, events, and roadshows to provide hands-on experiences, non-sales discussions, and tabletop exercises, with a mission to bridge knowledge gaps, address terminology variations, and emphasize the importance of both old and new threats in the ICS space.Addressing cybersecurity challenges in the OT space, particularly with aging technology, requires a unique approach due to potential impacts on production and safety, leading to the launch of a four-year apprenticeship program initially targeting veterans to bridge the skills gap.Navigating the challenges of cybersecurity in industrial settings requires a blend of technical expertise, an understanding of operational processes, and effective risk communication, as demonstrated by the importance of bridging the gap between IT and OT and addressing vulnerabilities in a context-specific manner.In the ever-evolving landscape of cybersecurity, the role of CISOs is becoming increasingly crucial, with recent legal actions targeting them personally; however, it's essential to recognize that CISOs often lack the executive power to make decisions, highlighting the need for a shift in organizational dynamics and a deeper understanding of the risks being accepted."Our role as technologists is to explain the facts: Why does this matter? What happens if you fix it? What happens if you don't fix it? It may cost millions of dollars to fix it. It might be for an air handler that operates the warehouse, which doesn't matter much. Or it could be an air handler for that warehouse that does matter because it has to be climate-controlled. Things go south quickly. It's the same piece of hardware, the same piece of technology, but with different applications." — Thomas VanNorman Connect with Thomas VanNorman: Email: [email protected]: https://www.icsvillage.com/LinkedIn: https://www.linkedin.com/in/thomasvannorman/Connect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrowLearn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.

  --------  

  45:31
• Don C. Weber: The Gray Area Between OT and IT

  About Don C. Weber: Don C. Weber is the Principal Consultant and Founder of Cutaway Security, LLC, an information security consulting firm based in Texas. With a master's degree in network security and a Certified Information Systems Security Professional (CISSP) certification, Don has a wealth of expertise gained over two decades. As a seasoned leader, he has spearheaded large-scale incident response efforts, overseen the certification and accreditation of classified federal and military systems, and managed distributed security teams safeguarding mission-critical Navy assets. A prolific contributor to open-source projects in the realm of information security and incident response, Don focuses his current efforts on assisting organizations in fortifying their critical infrastructure and operational technology environments through comprehensive vulnerability evaluations and strategic security solutions.In this episode, Aaron and Don C. Weber discuss:Navigating the convergence of IT and OT in cybersecurityAddressing the gray area in OT and IT collaborationEnhancing cybersecurity in control systemsEmbracing cloud technology in ICS securityKey Takeaways:Understanding the distinct languages, processes, and incident response approaches between IT and OT is crucial for effective cybersecurity in the evolving landscape, requiring a collaborative baseline to ensure efficient communication and decision-making during critical incidents.The integration of OT and IT in cybersecurity strategies is crucial, and addressing the often overlooked gray area between these domains requires proactive collaboration, communication, and education to bridge the gap and ensure a comprehensive approach to security measures.The integration of cybersecurity measures in control systems requires a holistic approach, involving clear requirements, collaboration between IT and OT experts, and a shift from the traditional "we've always done it this way" mindset to address evolving challenges and ensure the resilience and safety of critical infrastructure.As industries rapidly transition to cloud-based solutions, failure to integrate IT and OT teams, train IT professionals about OT, and prepare for potential vulnerabilities in cloud services can lead to increased costs, heightened risks, and a competitive disadvantage in the evolving landscape of ICS security."Does the OT side understand anything about cloud? No, that's not their job. Whose job is it? It's the job, right now every company has an IT admin or an IT team, a full team for managing cloud within the corporate environment. If you don't accept, if you don't allow some leadership people from those teams in and start building out your cloud team, you're going to quickly fall behind the times, you're going to be deploying solutions that are vulnerable to remote attacks." — Don C. Weber Additional Resources:SANS Industrial Control Systems Security: https://www.sans.org/industrial-control-systems-security/ICS Village: https://www.icsvillage.com/Connect with Don C. Weber: Email: [email protected]: https://www.cutawaysecurity.comLinkedIn: https://www.linkedin.com/in/cutaway/GitHub: https://github.com/cutaway-securityConnect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrowLearn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.

  --------  

  55:58

Więcej Biznes podcastów

Trendy w podcaście Biznes

O The PrOTect OT Cybersecurity Podcast