Danish OT security consultant Søren Knudsen discusses the challenge of OT security procurement in light of current geopolitical tensions. He and host Klaus Mochalski explore how procurement processes have shifted, the importance of due dilligence in procurement processes, and the risks associated with relying on foreign vendors.
Guest in this episode:
Keywords
OT security, procurement, geopolitical risks, cybersecurity, critical infrastructure, product selection, European vendors, Kaspersky, supply chain, USA, Russia, China, Israel
Summary
Danish OT security consultant Søren Knudsen discusses the challenge of OT security procurement in light of current geopolitical tensions. He and host Klaus Mochalski explore how procurement processes have shifted, the importance of due dilligence in procurement processes, and the risks associated with relying on foreign vendors.
Takeaways
Hardware and software procurement becomes a matter of business continuity.
Often managers are too afraid to make a wrong decision in procurement, so they choose the market leader without actually looking.
Companies become more and more cautious about sourcing equipment from certain countries due to geopolitical tensions or ethical questions.
The importance of understanding the risks associated with specific vendors is crucial.
Organizations should conduct thorough research on available products before making decisions.
In particular, US and Israeli vendors often put more money into marketing including being cited in high-impact market research reports.
Smaller vendors can offer competitive solutions that meet specific needs.
There is a growing interest in European-developed security products.
Sound Bites
It's not easy for some companies to switch technology at ones, especially the big ones. So it's more a question of how can we protect those possible vulnerabilities?
It was actually a surprise for me how many non-US, non-Israeli or non-Chinese products for OT security exist. You need to ask yourself: Do I want to use a bit more time to find out?
Doing a requirement specification is fine, but sometimes you add too much from products you're used to or you know of. Instead, find what is actually on the market.
Chapters
00:00 Introduction
01:10 Shifts in OT security procurement strategy
09:17 How to become sovereign in OT procurement
17:20 Understanding Risks in Product Selection
22:25 Closing Thoughts