SlideShare a Scribd company logo

Key Challenges Facing IT/OT: Hear From The Experts

Tripwire
Tripwire

When you think of Information Technology (IT) and Operational Technology (OT), which side are you on? You may not feel that you fall on any side of that technological skirmish, but when you stop to carefully consider the differences in these two disciplines, it is nearly impossible to avoid a tendentious leaning. However, the time may be upon us when the conflicts of IT and OT will be put to rest for the broader purpose of making businesses more agile, efficient, resilient and ultimately, more profitable. We spoke with experts in the field who offered their insights about the challenges facing IT and OT convergence. Here’s what they shared!

Technology
1 of 17
Download to read offline
Key Challenges Facing IT/OT: Hear From The Experts
"The main challenge is solid communication. Yes, there are technology differences between IT and OT that smart security professionals on either side of the firewall will iron out. But what really comes into play is the sense of IT and OT being able to sit down and openly discuss the issues they each face, and make decisions on what is best for the organization. IT needs to fully understand that when OT says they need to stay up and running 24x7, they stay up and running. OT needs to understand that IT has been in the security business for quite a bit longer, and they know what they are talking about. That level of communication does not just appear out of thin air. It needs to come from the top. You see it all the time in winning organizations when everyone knows the plan and understands the importance of their role. In those settings, teams will always thrive." Greg Hale Editor at ISSSource
"One of the biggest challenges facing IT and OT professionals is the implication of merging IT with OT networks. With Industry 4.0 growing larger, there is a drive towards greater amounts of data from automation equipment and sensors on the factory floor. With the massive amounts of data created from automation, this requires ever-increasing data streams between IT and OT networks that need to work together. A key challenge will be executing these streams efficiently and effectively while not negatively impacting the operational integrity of the OT network, and thus still prioritizing quality, safety, and uptime." Kevin Holley Director of the Customer Innovation Center at Belden
Lane Thames "Asset discovery is a critical cybersecurity component because it provides visibility into our networks. Without visibility, it is impossible to secure our systems. Asset discovery within the OT domain is different and much more challenging than in the IT domain. Gaining complete and accurate visibility holistically across IT and OT is a current challenge faced by technology professionals. There are various reasons for this, due to both technology and human factors. For example, common security technologies used in IT can’t always be used in the OT domain due to engineering and performance constraints. On the other hand, IT and OT professionals have very different backgrounds and priorities that can make collaboration difficult from an asset discovery and cybersecurity perspective." Principal Security Researcher at Tripwire
Alex Bagwell "The biggest challenges that we are seeing with IT-OT convergence is how to consolidate overlapping solutions across multiple business units within seemingly separate IT and OT networks. CISOs have historically focused on their IT networks, investing heavily into security solutions that give them full visibility of what is going on inside their domain. Now that operational technology is being inherited by the CISO or being forced to the forefront by the Board and United States Government, that CISO is looking for ways to reduce the number of tools but also to maintain the same IT familiarity with their OT environments." Vice President of Industrial Sales at Tripwire Newton Fernandez "I believe that the main challenge for IT professionals is to understand how different the characteristics of OT (availability, safety...) are from IT. Thus, be ready to help them protect their networks while realizing the criticality of the process and the problems of an interruption can cause. At the same time, OT professionals will need to become familiar with new threats (many of them already common to IT teams) and thus, with the help of the IT team, study ways to mitigate risks and threats while maintaining the availability and safety of the application. Indeed, perhaps the biggest challenge lies in adapting common IT tools to the OT environment without disrupting the process (for updates, patches, or active monitoring)." Technical Director (LATAM) at Baumier Automation
Divji Agarwal "One key challenge IT-OT faces and will continue to endure in the times to come is related to data management and governance. As more and more OT devices are getting networked and connected, the potential for data management in terms of data storage, transfer, and analytics is growing tremendously. Organizations need to have a strong data governance policy that outlines how data needs to be stored, managed, accessed, analyzed, and by whom. Data is the next gold. Industrial data has already found several applications, with machine learning and artificial intelligence helping to improve business performance and machine efficiency as well as reduce downtime. Correspondingly, it’s critical to protect this data from loss, theft, damage, and misuse. " Senior Product Manager at Belden
"The first thing we need to notice is that the wide adoption of IP-based protocols in OT networks—and, therefore, the convergence with IT—has created a serious problem of network ownership and functional accountability. In the past, for instance, network requirements for services latency or even cybersecurity were well marked off. Nowadays, the boundaries of both networks have completely disappeared, and we need to take into consideration that what you do in one network has implications on the other side. So, different departments will have to work together to allow the network to meet the challenge of the digitalization, to allow the company to compete in a real digital world. So, I think the biggest challenge is to set clear ownership and define responsibilities based on a mixed team that’s functionally oriented across IT and OT networks. It is becoming less relevant where the devices are physically located compared to the function they perform or the treatment we are giving to the data we are acquiring." German Fernandez Director of South & East Europe at Belden
"It is important to understand that cybersecurity tools designed for modern IT environments may not suit legacy Industrial Control Systems (ICS). Consider, for example, an ICS that is end-of-life with known vulnerabilities that can’t be patched and is too costly to replace. It still needs to be secured, and while investigating for vulnerabilities, if IT runs a port scan across the ICS network, it may lock up a PLC and shut down production for 24 hours. This situation can be avoided using passive scanning technologies that don’t introduce new traffic on the network but instead inspect every packet of data. Tools are available that can detect and audit network assets as well as monitor for configuration changes and anomalous behavior, all while mapping out the source and destination of traffic. If there is data flowing to or from an ICS, it can be identified and tracked." Markus Bloem Industrial Sales Engineer at Tripwire (EMEA)
Chris Furtick "The biggest challenge I see currently and on the horizon for IT/OT professionals has little to do with technology; it’s the blurring of the line between “work” hours and personal/family hours. During the global pandemic, we have proven that many roles can function in a remote capacity, which has resulted in many professionals embracing the “Zoom from Home” work culture. But the fact that we can work from ANYWHERE has transitioned to a mindset that we now work from EVERYWHERE. Technology professionals will need to be mindful to disconnect from the computers, tablets, and smart phones and reconnect with family and friends. It’s easy to allow the “tyranny of the urgent” to override the importance of having time to relax and recharge." Director of Incident Response and Planning at Fortalice Solutions
Scott Kornblue "One area I see as a long-term challenge in the IT-OT convergence is the growing need for secure remote access into sensitive/critical networks. Specifically, as the typical work environment is shifting to more remote/work from home processes, the need to allow trusted engineers and operators to reach networks remotely will grow. Secure remote access strategies will have to traverse both IT and OT networks. IT network administrators will need to work closely with OT/SCADA network operators to properly design these remote access policies and procedures. Over the next five years, this challenge will most certainly evolve as secure remote access moves from a position of convenience to one of necessity." Lead Solutions Designer at Belden Michael Sanchez "All too often, new products are deployed without set standards, making them difficult to manage, service, and secure. Broader adoption of BYOD and remote work environments requires enhanced security methodologies. This raises questions around how inventory, monitoring, baselines, patching, and change and configuration management will be supported. Meeting these challenges requires organizations to look beyond minimal compliance and checking proverbial “boxes” to advanced security solutions. Legacy firewalls, routers, and switches are insufficient when it comes to the modern world. Advanced security technologies such as the cloud, AI, and global threat intelligence are now requisite to protect today’s OT/IoT devices." CEO at ITENGRITI Corporation
Dean Ferrando "Rather than trying to compare which security methodology (IT or OT) is better and how we need to bring one up to the other, why not combine the best of both worlds into one global security policy that could work for both the IT and OT estates? Physical security is as important as cybersecurity, and cybersecurity is as important as physical security. The two should not be seen as mutually exclusive but rather as complementary to one another. The only challenge we are seeing in the marketplace today to make this dream a reality is for both environments to find a common language that is understood by all." Systems Engineer Manager (EMEA) at Tripwire
"With the rapid growth of Ethernet on the industrial side and the organization converging into a single data network spanning both IT and OT, the conflict seems inevitable. Which department gets oversight and control of the Ethernet network? A lot of organizations are finding out—perhaps not without a bit of pain—that the “either/or” question can be problematic. The chasm between IT and OT in everything from processes to knowledge and culture can be quite large. There needs to be a way to bridge the gap between IT and OT. One pathway to achieve this is by finding an individual capable of communicating with and relating to both departments. This person could ensure that the departments work synergistically rather than as adversaries, and they could use a sub-organization around him or her to ensure that the proper backing and resources are provided. We call this individual the “Automation & Data Exchange (ADX) Engineer” and the support system for this person the IT/OT “Joint Task Force” or “Steering Committee.” Both entities are critical in ensuring the success of IT/OT convergence." Jeremy Friedmar Senior Product Line Manager of Industrial Connectivity at Belden
"In the energy industry and in energy-intensive industries, the post-COVID world will catalyze substantive change in how we operate in the future. The biggest challenge that OT and IT security professionals face in these industries is how to support this operational evolution with security being addressed at its foundation. In the OT space, cybersecurity was often treated like a final step or “afterthought.” In this phase, security teams need a seat at the table not only around topics related to new technology itself but also to be engaged on the people and process aspects involved in this evolution. As security professionals, we are critical stakeholders in the mission to enable different operating models. Given this evolution towards new ways of working, there is a lot of investment in new enabling technology." Susan Peterson Serves on the advisory boards of Bayshore Networks, Cognite, Innosphere Ventures and One Warm Coat
"The convergence of IT & OT technology is happening at a quicker pace. It is motivated by market forces that mandate ever-increasing connectivity of all assets across enterprises. Conjunction of these worlds exhibits directly in the shifting responsibility for ICS security into the IT security and risk C-Suite. Today, IT security and risk leaders are progressively forced to take over the security of OT devices at a fast pace. This newborn accountability has left IT security and risk leaders fighting to adopt the OT security labor gaps, contrasting technology solutions and costs. Although OT and IIoT security concerns are benefiting from increased budget prioritization, security and risk leaders remain keen for simplification of their existing tech stack. Added to above, the lack of skilled OT security personnel has been a big challenge due to the silos created between IT and OT. Each group has their unique way of handling security, and most of the time, it does not align, as IT and OT environments operate on different technology stacks." Viral Trivedi CBO at Ampcus Cyber
"Biggest challenges to OT and IT professionals now and in the next five years will be ransomware, supply chain, and digital transformation. Ransomware will shift attention to incident response and recovery first, then eventually it will find its way into better network designs such as intelligence slanting and shear-away networks. If you can island off the critical OT and let the other stuff burn then rebuild/recover, we get closer to resilience. Supply chain is stealing much of the oxygen in the room despite the lower probability of it happening. Nonetheless, SBOM/HBOM and the like will take off to assist. Mix in some politics and security theater with the depth and breadth of truly managing supply chain risk, and the scope of the mess becomes apparent." Patrick C. Miller CEO at Ampere Industrial Security
"OT professionals have been traditionally challenged due to new technologies coming into the automation field. This is, from my point of view, the first trait of the so-called “IT-OT Convergence trend.” A good example is the evolution of the initial control systems from wired logic (based on electrical relays interconnected in big and complex electrical cabinets) to Programmable Logic Controllers. PLCs were microprocessor-based devices and thus a direct application of the computing technology already used in the IT field. Even if this new technology was full of benefits in automation applications—for instance, much smaller cabinets could cope with more complex systems—its adaption to the OT professional was key for its success. Ladder programming language allowed the ‘circuit & relay OT’ way of thinking at that time to program and maintain these new systems. But in time, high-level programming languages made their way into the industrial scene, and professionals took to them naturally. This trend has become much more intense now, with the time for new IT technologies to land on the factory floor having shrunk over the past few years." Ignacio Bravo Lead Solution Designer LATAM at Belden
To learn more about Belden and Tripwire's IT/OT security solutions visit: https://www.tripwire.com/solutions/industrial-control- systems/tripwire-industrial-solutions-catalog @TripwireInc

Recommended

Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Tripwire
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire
 
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityPAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
Mighty Guides, Inc.
 
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
EnergySec
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, Anecdotally
EnergySec
 
Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integration
Sridhar Karnam
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
EnergySec
 
Integrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator DisplayIntegrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator Display
EnergySec
 

Recommended

Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Tripwire
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire
 
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityPAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
Mighty Guides, Inc.
 
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
EnergySec
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, Anecdotally
EnergySec
 
Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integration
Sridhar Karnam
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
EnergySec
 
Integrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator DisplayIntegrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator Display
EnergySec
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber Defense
EnergySec
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
EnergySec
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsFrederic Roy-Gobeil, CPA, CGA, M.Tax.
 
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
North Texas Chapter of the ISSA
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?
Jonathan Sinclair
 
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development Presentation
EnergySec
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
IBM Security
 
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
North Texas Chapter of the ISSA
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
centralohioissa
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
centralohioissa
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
North Texas Chapter of the ISSA
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directors
centralohioissa
 
SC Magazine eSymposium: SIEM
SC Magazine eSymposium: SIEMSC Magazine eSymposium: SIEM
SC Magazine eSymposium: SIEM
Emulex Corporation
 
Achieving Compliance Through Security
Achieving Compliance Through SecurityAchieving Compliance Through Security
Achieving Compliance Through Security
EnergySec
 
Intel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealthIntel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealth
rcnossen
 
Proactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatProactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider Threat
Andrew Case
 
Defense In-Depth
Defense In-DepthDefense In-Depth
Defense In-DepthWill Kelly
 
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasBlack Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Tripwire
 
Cloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research SummaryCloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research Summary
Intel IT Center
 
Lessons Learned: Protecting Critical Infrastructure from Cyber Attacks
Lessons Learned: Protecting Critical Infrastructure from Cyber AttacksLessons Learned: Protecting Critical Infrastructure from Cyber Attacks
Lessons Learned: Protecting Critical Infrastructure from Cyber Attacks
Mighty Guides, Inc.
 
Adapting for the Internet of Things
Adapting for the Internet of ThingsAdapting for the Internet of Things
Adapting for the Internet of Things
Tripwire
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Tripwire
 

More Related Content

What's hot

Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber Defense
EnergySec
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
EnergySec
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsFrederic Roy-Gobeil, CPA, CGA, M.Tax.
 
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
North Texas Chapter of the ISSA
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?
Jonathan Sinclair
 
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development Presentation
EnergySec
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
IBM Security
 
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
North Texas Chapter of the ISSA
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
centralohioissa
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
centralohioissa
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
North Texas Chapter of the ISSA
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directors
centralohioissa
 
SC Magazine eSymposium: SIEM
SC Magazine eSymposium: SIEMSC Magazine eSymposium: SIEM
SC Magazine eSymposium: SIEM
Emulex Corporation
 
Achieving Compliance Through Security
Achieving Compliance Through SecurityAchieving Compliance Through Security
Achieving Compliance Through Security
EnergySec
 
Intel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealthIntel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealth
rcnossen
 
Proactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatProactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider Threat
Andrew Case
 
Defense In-Depth
Defense In-DepthDefense In-Depth
Defense In-DepthWill Kelly
 
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasBlack Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Tripwire
 
Cloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research SummaryCloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research Summary
Intel IT Center
 
Lessons Learned: Protecting Critical Infrastructure from Cyber Attacks
Lessons Learned: Protecting Critical Infrastructure from Cyber AttacksLessons Learned: Protecting Critical Infrastructure from Cyber Attacks
Lessons Learned: Protecting Critical Infrastructure from Cyber Attacks
Mighty Guides, Inc.
 

What's hot (20)

Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber Defense
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of Things
 
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?
 
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development Presentation
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
 
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directors
 
SC Magazine eSymposium: SIEM
SC Magazine eSymposium: SIEMSC Magazine eSymposium: SIEM
SC Magazine eSymposium: SIEM
 
Achieving Compliance Through Security
Achieving Compliance Through SecurityAchieving Compliance Through Security
Achieving Compliance Through Security
 
Intel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealthIntel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealth
 
Proactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatProactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider Threat
 
Defense In-Depth
Defense In-DepthDefense In-Depth
Defense In-Depth
 
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasBlack Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
 
Cloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research SummaryCloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research Summary
 
Lessons Learned: Protecting Critical Infrastructure from Cyber Attacks
Lessons Learned: Protecting Critical Infrastructure from Cyber AttacksLessons Learned: Protecting Critical Infrastructure from Cyber Attacks
Lessons Learned: Protecting Critical Infrastructure from Cyber Attacks
 

Similar to Key Challenges Facing IT/OT: Hear From The Experts

Adapting for the Internet of Things
Adapting for the Internet of ThingsAdapting for the Internet of Things
Adapting for the Internet of Things
Tripwire
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Tripwire
 
Advice for CISOs: How to Approach OT Cybersecurity
Advice for CISOs: How to Approach OT CybersecurityAdvice for CISOs: How to Approach OT Cybersecurity
Advice for CISOs: How to Approach OT Cybersecurity
Mighty Guides, Inc.
 
Strategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity RiskStrategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity Risk
Mighty Guides, Inc.
 
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...
Mighty Guides, Inc.
 
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Troy Marshall
 
Networking Plus December 2014: Connecting Mobile Workers
Networking Plus December 2014: Connecting Mobile WorkersNetworking Plus December 2014: Connecting Mobile Workers
Networking Plus December 2014: Connecting Mobile Workers
Eric Wong
 
Digitization
DigitizationDigitization
Digitization
BurraqITSloution
 
Mobility at the network’s edge
Mobility at the network’s edgeMobility at the network’s edge
Mobility at the network’s edge
DImension Data
 
Cybersecurity Improvement eBook
Cybersecurity Improvement eBookCybersecurity Improvement eBook
Cybersecurity Improvement eBook
Pablo Junco
 
Top 3 security concerns for enterprises
Top 3 security concerns for enterprisesTop 3 security concerns for enterprises
Top 3 security concerns for enterprises
Taranggg11
 
Telefónica security io_t_final
Telefónica security io_t_finalTelefónica security io_t_final
Telefónica security io_t_final
Christopher Wang
 
Internet of Things - Asked and Answered
Internet of Things - Asked and AnsweredInternet of Things - Asked and Answered
Internet of Things - Asked and Answered
ADCBarcode
 
Internet
InternetInternet
Internet
hetal001
 
Ten Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things SecurityTen Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things Security
Dean Bonehill ♠Technology for Business♠
 
expert tips
expert tipsexpert tips
expert tips
Mcolisi Tineth Ngwenya
 
An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture
Symantec
 
PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715Jim Romeo
 
PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715Jim Romeo
 
Cybersecurity and the Role of Converged Infrastructure June 2016
Cybersecurity and the Role of Converged Infrastructure June 2016Cybersecurity and the Role of Converged Infrastructure June 2016
Cybersecurity and the Role of Converged Infrastructure June 2016David Rubal, CISSP
 

Similar to Key Challenges Facing IT/OT: Hear From The Experts (20)

Adapting for the Internet of Things
Adapting for the Internet of ThingsAdapting for the Internet of Things
Adapting for the Internet of Things
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
 
Advice for CISOs: How to Approach OT Cybersecurity
Advice for CISOs: How to Approach OT CybersecurityAdvice for CISOs: How to Approach OT Cybersecurity
Advice for CISOs: How to Approach OT Cybersecurity
 
Strategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity RiskStrategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity Risk
 
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...
 
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
 
Networking Plus December 2014: Connecting Mobile Workers
Networking Plus December 2014: Connecting Mobile WorkersNetworking Plus December 2014: Connecting Mobile Workers
Networking Plus December 2014: Connecting Mobile Workers
 
Digitization
DigitizationDigitization
Digitization
 
Mobility at the network’s edge
Mobility at the network’s edgeMobility at the network’s edge
Mobility at the network’s edge
 
Cybersecurity Improvement eBook
Cybersecurity Improvement eBookCybersecurity Improvement eBook
Cybersecurity Improvement eBook
 
Top 3 security concerns for enterprises
Top 3 security concerns for enterprisesTop 3 security concerns for enterprises
Top 3 security concerns for enterprises
 
Telefónica security io_t_final
Telefónica security io_t_finalTelefónica security io_t_final
Telefónica security io_t_final
 
Internet of Things - Asked and Answered
Internet of Things - Asked and AnsweredInternet of Things - Asked and Answered
Internet of Things - Asked and Answered
 
Internet
InternetInternet
Internet
 
Ten Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things SecurityTen Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things Security
 
expert tips
expert tipsexpert tips
expert tips
 
An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture
 
PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715
 
PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715
 
Cybersecurity and the Role of Converged Infrastructure June 2016
Cybersecurity and the Role of Converged Infrastructure June 2016Cybersecurity and the Role of Converged Infrastructure June 2016
Cybersecurity and the Role of Converged Infrastructure June 2016
 

More from Tripwire

Mind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughMind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't Enough
Tripwire
 
Data Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyData Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data Privacy
Tripwire
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo
Tripwire
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire
 
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire
 
Tripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase Cole
Tripwire
 
World Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationWorld Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest Celebration
Tripwire
 
Tripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key Findings
Tripwire
 
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportKey Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
Tripwire
 
The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!
Tripwire
 
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
Tripwire
 
Tripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key Findings
Tripwire
 
A Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsA Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber Moments
Tripwire
 
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire
 
Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK Framework
Tripwire
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber Attacks
Tripwire
 
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7 Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
Tripwire
 
Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks
Tripwire
 
Most RSAC Attendees Favor Shorter Vulnerability Disclosure Timelines
Most RSAC Attendees Favor Shorter Vulnerability Disclosure TimelinesMost RSAC Attendees Favor Shorter Vulnerability Disclosure Timelines
Most RSAC Attendees Favor Shorter Vulnerability Disclosure Timelines
Tripwire
 
ICS Security in the Energy Industry
ICS Security in the Energy IndustryICS Security in the Energy Industry
ICS Security in the Energy Industry
Tripwire
 

More from Tripwire (20)

Mind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughMind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't Enough
 
Data Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyData Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data Privacy
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale Peterson
 
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
 
Tripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase Cole
 
World Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationWorld Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest Celebration
 
Tripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key Findings
 
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportKey Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
 
The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!
 
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
 
Tripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key Findings
 
A Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsA Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber Moments
 
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
 
Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK Framework
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber Attacks
 
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7 Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
 
Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks
 
Most RSAC Attendees Favor Shorter Vulnerability Disclosure Timelines
Most RSAC Attendees Favor Shorter Vulnerability Disclosure TimelinesMost RSAC Attendees Favor Shorter Vulnerability Disclosure Timelines
Most RSAC Attendees Favor Shorter Vulnerability Disclosure Timelines
 
ICS Security in the Energy Industry
ICS Security in the Energy IndustryICS Security in the Energy Industry
ICS Security in the Energy Industry
 

Recently uploaded

Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
Abida Shariff
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 

Recently uploaded (20)

Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 

Key Challenges Facing IT/OT: Hear From The Experts

  • 1. Key Challenges Facing IT/OT: Hear From The Experts
  • 2. "The main challenge is solid communication. Yes, there are technology differences between IT and OT that smart security professionals on either side of the firewall will iron out. But what really comes into play is the sense of IT and OT being able to sit down and openly discuss the issues they each face, and make decisions on what is best for the organization. IT needs to fully understand that when OT says they need to stay up and running 24x7, they stay up and running. OT needs to understand that IT has been in the security business for quite a bit longer, and they know what they are talking about. That level of communication does not just appear out of thin air. It needs to come from the top. You see it all the time in winning organizations when everyone knows the plan and understands the importance of their role. In those settings, teams will always thrive." Greg Hale Editor at ISSSource
  • 3. "One of the biggest challenges facing IT and OT professionals is the implication of merging IT with OT networks. With Industry 4.0 growing larger, there is a drive towards greater amounts of data from automation equipment and sensors on the factory floor. With the massive amounts of data created from automation, this requires ever-increasing data streams between IT and OT networks that need to work together. A key challenge will be executing these streams efficiently and effectively while not negatively impacting the operational integrity of the OT network, and thus still prioritizing quality, safety, and uptime." Kevin Holley Director of the Customer Innovation Center at Belden
  • 4. Lane Thames "Asset discovery is a critical cybersecurity component because it provides visibility into our networks. Without visibility, it is impossible to secure our systems. Asset discovery within the OT domain is different and much more challenging than in the IT domain. Gaining complete and accurate visibility holistically across IT and OT is a current challenge faced by technology professionals. There are various reasons for this, due to both technology and human factors. For example, common security technologies used in IT can’t always be used in the OT domain due to engineering and performance constraints. On the other hand, IT and OT professionals have very different backgrounds and priorities that can make collaboration difficult from an asset discovery and cybersecurity perspective." Principal Security Researcher at Tripwire
  • 5. Alex Bagwell "The biggest challenges that we are seeing with IT-OT convergence is how to consolidate overlapping solutions across multiple business units within seemingly separate IT and OT networks. CISOs have historically focused on their IT networks, investing heavily into security solutions that give them full visibility of what is going on inside their domain. Now that operational technology is being inherited by the CISO or being forced to the forefront by the Board and United States Government, that CISO is looking for ways to reduce the number of tools but also to maintain the same IT familiarity with their OT environments." Vice President of Industrial Sales at Tripwire Newton Fernandez "I believe that the main challenge for IT professionals is to understand how different the characteristics of OT (availability, safety...) are from IT. Thus, be ready to help them protect their networks while realizing the criticality of the process and the problems of an interruption can cause. At the same time, OT professionals will need to become familiar with new threats (many of them already common to IT teams) and thus, with the help of the IT team, study ways to mitigate risks and threats while maintaining the availability and safety of the application. Indeed, perhaps the biggest challenge lies in adapting common IT tools to the OT environment without disrupting the process (for updates, patches, or active monitoring)." Technical Director (LATAM) at Baumier Automation
  • 6. Divji Agarwal "One key challenge IT-OT faces and will continue to endure in the times to come is related to data management and governance. As more and more OT devices are getting networked and connected, the potential for data management in terms of data storage, transfer, and analytics is growing tremendously. Organizations need to have a strong data governance policy that outlines how data needs to be stored, managed, accessed, analyzed, and by whom. Data is the next gold. Industrial data has already found several applications, with machine learning and artificial intelligence helping to improve business performance and machine efficiency as well as reduce downtime. Correspondingly, it’s critical to protect this data from loss, theft, damage, and misuse. " Senior Product Manager at Belden
  • 7. "The first thing we need to notice is that the wide adoption of IP-based protocols in OT networks—and, therefore, the convergence with IT—has created a serious problem of network ownership and functional accountability. In the past, for instance, network requirements for services latency or even cybersecurity were well marked off. Nowadays, the boundaries of both networks have completely disappeared, and we need to take into consideration that what you do in one network has implications on the other side. So, different departments will have to work together to allow the network to meet the challenge of the digitalization, to allow the company to compete in a real digital world. So, I think the biggest challenge is to set clear ownership and define responsibilities based on a mixed team that’s functionally oriented across IT and OT networks. It is becoming less relevant where the devices are physically located compared to the function they perform or the treatment we are giving to the data we are acquiring." German Fernandez Director of South & East Europe at Belden
  • 8. "It is important to understand that cybersecurity tools designed for modern IT environments may not suit legacy Industrial Control Systems (ICS). Consider, for example, an ICS that is end-of-life with known vulnerabilities that can’t be patched and is too costly to replace. It still needs to be secured, and while investigating for vulnerabilities, if IT runs a port scan across the ICS network, it may lock up a PLC and shut down production for 24 hours. This situation can be avoided using passive scanning technologies that don’t introduce new traffic on the network but instead inspect every packet of data. Tools are available that can detect and audit network assets as well as monitor for configuration changes and anomalous behavior, all while mapping out the source and destination of traffic. If there is data flowing to or from an ICS, it can be identified and tracked." Markus Bloem Industrial Sales Engineer at Tripwire (EMEA)
  • 9. Chris Furtick "The biggest challenge I see currently and on the horizon for IT/OT professionals has little to do with technology; it’s the blurring of the line between “work” hours and personal/family hours. During the global pandemic, we have proven that many roles can function in a remote capacity, which has resulted in many professionals embracing the “Zoom from Home” work culture. But the fact that we can work from ANYWHERE has transitioned to a mindset that we now work from EVERYWHERE. Technology professionals will need to be mindful to disconnect from the computers, tablets, and smart phones and reconnect with family and friends. It’s easy to allow the “tyranny of the urgent” to override the importance of having time to relax and recharge." Director of Incident Response and Planning at Fortalice Solutions
  • 10. Scott Kornblue "One area I see as a long-term challenge in the IT-OT convergence is the growing need for secure remote access into sensitive/critical networks. Specifically, as the typical work environment is shifting to more remote/work from home processes, the need to allow trusted engineers and operators to reach networks remotely will grow. Secure remote access strategies will have to traverse both IT and OT networks. IT network administrators will need to work closely with OT/SCADA network operators to properly design these remote access policies and procedures. Over the next five years, this challenge will most certainly evolve as secure remote access moves from a position of convenience to one of necessity." Lead Solutions Designer at Belden Michael Sanchez "All too often, new products are deployed without set standards, making them difficult to manage, service, and secure. Broader adoption of BYOD and remote work environments requires enhanced security methodologies. This raises questions around how inventory, monitoring, baselines, patching, and change and configuration management will be supported. Meeting these challenges requires organizations to look beyond minimal compliance and checking proverbial “boxes” to advanced security solutions. Legacy firewalls, routers, and switches are insufficient when it comes to the modern world. Advanced security technologies such as the cloud, AI, and global threat intelligence are now requisite to protect today’s OT/IoT devices." CEO at ITENGRITI Corporation
  • 11. Dean Ferrando "Rather than trying to compare which security methodology (IT or OT) is better and how we need to bring one up to the other, why not combine the best of both worlds into one global security policy that could work for both the IT and OT estates? Physical security is as important as cybersecurity, and cybersecurity is as important as physical security. The two should not be seen as mutually exclusive but rather as complementary to one another. The only challenge we are seeing in the marketplace today to make this dream a reality is for both environments to find a common language that is understood by all." Systems Engineer Manager (EMEA) at Tripwire
  • 12. "With the rapid growth of Ethernet on the industrial side and the organization converging into a single data network spanning both IT and OT, the conflict seems inevitable. Which department gets oversight and control of the Ethernet network? A lot of organizations are finding out—perhaps not without a bit of pain—that the “either/or” question can be problematic. The chasm between IT and OT in everything from processes to knowledge and culture can be quite large. There needs to be a way to bridge the gap between IT and OT. One pathway to achieve this is by finding an individual capable of communicating with and relating to both departments. This person could ensure that the departments work synergistically rather than as adversaries, and they could use a sub-organization around him or her to ensure that the proper backing and resources are provided. We call this individual the “Automation & Data Exchange (ADX) Engineer” and the support system for this person the IT/OT “Joint Task Force” or “Steering Committee.” Both entities are critical in ensuring the success of IT/OT convergence." Jeremy Friedmar Senior Product Line Manager of Industrial Connectivity at Belden
  • 13. "In the energy industry and in energy-intensive industries, the post-COVID world will catalyze substantive change in how we operate in the future. The biggest challenge that OT and IT security professionals face in these industries is how to support this operational evolution with security being addressed at its foundation. In the OT space, cybersecurity was often treated like a final step or “afterthought.” In this phase, security teams need a seat at the table not only around topics related to new technology itself but also to be engaged on the people and process aspects involved in this evolution. As security professionals, we are critical stakeholders in the mission to enable different operating models. Given this evolution towards new ways of working, there is a lot of investment in new enabling technology." Susan Peterson Serves on the advisory boards of Bayshore Networks, Cognite, Innosphere Ventures and One Warm Coat
  • 14. "The convergence of IT & OT technology is happening at a quicker pace. It is motivated by market forces that mandate ever-increasing connectivity of all assets across enterprises. Conjunction of these worlds exhibits directly in the shifting responsibility for ICS security into the IT security and risk C-Suite. Today, IT security and risk leaders are progressively forced to take over the security of OT devices at a fast pace. This newborn accountability has left IT security and risk leaders fighting to adopt the OT security labor gaps, contrasting technology solutions and costs. Although OT and IIoT security concerns are benefiting from increased budget prioritization, security and risk leaders remain keen for simplification of their existing tech stack. Added to above, the lack of skilled OT security personnel has been a big challenge due to the silos created between IT and OT. Each group has their unique way of handling security, and most of the time, it does not align, as IT and OT environments operate on different technology stacks." Viral Trivedi CBO at Ampcus Cyber
  • 15. "Biggest challenges to OT and IT professionals now and in the next five years will be ransomware, supply chain, and digital transformation. Ransomware will shift attention to incident response and recovery first, then eventually it will find its way into better network designs such as intelligence slanting and shear-away networks. If you can island off the critical OT and let the other stuff burn then rebuild/recover, we get closer to resilience. Supply chain is stealing much of the oxygen in the room despite the lower probability of it happening. Nonetheless, SBOM/HBOM and the like will take off to assist. Mix in some politics and security theater with the depth and breadth of truly managing supply chain risk, and the scope of the mess becomes apparent." Patrick C. Miller CEO at Ampere Industrial Security
  • 16. "OT professionals have been traditionally challenged due to new technologies coming into the automation field. This is, from my point of view, the first trait of the so-called “IT-OT Convergence trend.” A good example is the evolution of the initial control systems from wired logic (based on electrical relays interconnected in big and complex electrical cabinets) to Programmable Logic Controllers. PLCs were microprocessor-based devices and thus a direct application of the computing technology already used in the IT field. Even if this new technology was full of benefits in automation applications—for instance, much smaller cabinets could cope with more complex systems—its adaption to the OT professional was key for its success. Ladder programming language allowed the ‘circuit & relay OT’ way of thinking at that time to program and maintain these new systems. But in time, high-level programming languages made their way into the industrial scene, and professionals took to them naturally. This trend has become much more intense now, with the time for new IT technologies to land on the factory floor having shrunk over the past few years." Ignacio Bravo Lead Solution Designer LATAM at Belden
  • 17. To learn more about Belden and Tripwire's IT/OT security solutions visit: https://www.tripwire.com/solutions/industrial-control- systems/tripwire-industrial-solutions-catalog @TripwireInc