Klaus Mochalski and OT security veteran Daniel Ehrenreich discuss the true nature and measurement of industrial cyber incidents. Discover why paying for OT ransomware is a critical mistake that won't guarantee safe operations, why applying classic IT SOC concepts to operational technology is fundamentally flawed, and why the biggest threat to your infrastructure isn't necessarily a hacker, but untrained personnel.
Sound Bites
Daniel Ehrenreich: "[...] you ask yourself a question can I be confident that industrial control system PLC HMI control server which were encrypted can be returned to a safe operation after conducting the decrypting process using the key that I purchase from the attacker. All people will say you wow no way I will never sign on that decision."
Klaus Mochalski: "[...] you should never pay for ransomware attacks. [...] in OT specifically, because even if you get the keys and decrypt, you can never be sure that you have the same safe state as you had before. So, that's an additional reason."
Daniel Ehrenreich: "[...] if you expose to the internet the SCADA system, what you can expect, you can expect that the nonprofessional attacker even a ransomware attacker will attack your system."
Daniel Ehrenreich: "[...] even if you have the best technology even if you know the person who is connecting [...] you still don't have an idea if someone is threatening that person to take a risky action. You don't know that. So not only technology but tracking procedures are very very important to ensure operating safety and reliability and performance."
Daniel Ehrenreich: "Some people are talking about the term OT SOC, and I tell them, “No, OT SOC was never defined and it's not a good solution.” [...] because by the definition of the SOC for IT, you allow intervention into the system in order to stop the attack [...] For industrial control systems, you are not allowed to do that."
Daniel Ehrenreich: "I would like to call it SCADA supervision center. [...] where a person will be sitting in a room and simultaneously watch about 15 16 screens and I think that he will have good chances to detect any type of anomaly condition or a problematic situation and alert the right person."
Daniel Ehrenreich: "[...] the biggest risk to industrial control systems are not the cyber attacks but the risk caused by people who were never trained on industrial control system, cyber security. So, and the IT people who have completely different approach to what cyber security is [...]"
Chapters
00:00 Introduction to OT Security
02:48 The Challenges of Cyber Incidents
05:53 Ransomware and Cyberattacks
08:43 Remote Access and Security Practices
11:55 The Role of Technology in OT Security
14:30 Best Practices for Critical Infrastructure
17:44 The Importance of Cybersecurity Training
20:37 Conclusion and Outlook on Future Topics
Keywords
OT security, cybersecurity, Industry 4.0, ransomware, cyberattacks, training, critical infrastructure
