Mike Holcomb , independent OT/ICS security advisor and former Director of OT security at Fluor, talks about the shift of cyber threats in the OT space and the struggles of small entities to secure themselves. He proposes the BASIC principle to get started fast despite limited budgets.
Keywords OT security, ICS security, network security monitoring, state adversaries, hacktivism, cybersecurity regulations, colonial pipeline
Sound Bites “What's really concerning to me is that we're starting to see an alignment between state adversaries and hacktivists.”
“State actor attacks are rare but high impact. Hacktivist attacks are very often but low impact. The alignment of both is really concerning.”
“I think a lot of people don't realize that OT or ICS environments are made up of a lot of Windows systems.”
“If you're not watching your network, how are you going to know if an attacker is in the environment?”
“Only 5 to 10 % of industrial companies monitor their OT networks, and I would say that about half of those aren't even doing a very good job. So yeah, there's a lot we just aren't seeing in terms of OT attacks.”
“If you don’t have OT visibility, it's very easy to claim that here's no sign of a cyber security attack. But we need to get to the point where we can say we have the evidence to definitely say this is or this is not the result of a cyberattack.”
Chapters 00:00 Introduction
01:08 Shift in speed and source of OT cyber attacks
06:30 The Windows ecosystem in OT networks
08:29 The scaring strategic threat in town: VoltTyphoon
10:10 The mounting lack of network security monitoring in OT
11:45 The even more scaring threat in town: hacktivists going hand in hand with APTs
13:45 Increase of OT incidents over the years
15:18 The illusion of secure OT networks
16:49 Regulated sectors have better cybersecurity
18:50 The struggle of and possible solutions for small entities
23:40 The BASIC program to start your OT security journey
