Topics:
Vivek Pineda is an OT cybersecurity veteran. He has seen this specialized security practice mature from the need to protect largely air-gapped systems to securing systems that have now morphed into data-rich environments that are communicating with the cloud and through expensive 4G and 5G networks.
“Interestingly, it's not from within,” Ponnada said about current drivers of OT security. “So I come from the OT space, the ICS space for years, back when I was doing PLC programming or starting up gas turbines, whatnot. We never thought about security, right? That hasn't fundamentally changed even today.”
Incidents such as the Triton attacks, the targeting of the Ukrainian grid, and even Colonial Pipeline have forced the hand of security teams to embrace OT under their collective umbrellas.
“When these external things happen, a lot of people question: ‘What is this? What is this OT security that we're talking about?’ Are we prepared? Oh, I thought we were good with all the controls we have in the IT space.
“Turns out, we have this huge gap where really where the production happens, where we actually make revenue, but we have no clue what's in there,” Ponnada said during an episode of the Nexus Podcast. “So that outside-in perspective helped bring the industry to to a higher level compared to what it was before so that we can now start looking deep and figure out what the gaps are.”
One means of filling in those gaps is to bring additional context to OT security decision making, and evolve beyond believing that complete asset visibility and a vulnerability management program are the be-all of protecting critical infrastructure.
“For years people used to say that they were air gapped. So we're good, right?” Ponnada, SVP Growth & Strategy at Frenos, said. “Unknowingly they were providing this context that ‘Hey, I'm isolated. I'm segmented from other connectivity. So I'm managing matters that way.
“The reality is nobody was air-gapped,” he said. “People did have lot of connections both internally to IT and to external cloud systems. Many of them were simply not aware.”
Now with the availability of firewall data and routing information, and more segmentation projects happening, all of that information can be ingested to form a holistic view of OT networks and risks, and security teams can adjust their strategies by deploying compensating controls where in order to fill some of the gaps they’re seeing. It comes down to analyzing risk and threats, and applying mitigation strategies, he said.
“The mitigations are not necessarily in vulnerability management only. They're also in the segmentation or configuration management.”
Michael Mimoso is Director of Influencer Marketing at Claroty and Editorial Director of Nexus.
