Effective Operational Technology Security? Embrace Response
Critical Infrastructure Security
,
Events
,
Governance & Risk Management
Critical Infrastructure Over-Focuses on Prevention, Says Dragos’ Robert M. Lee
An uptick in the tempo of attacks targeting operational technology networks means the industry must improve its ability to respond to such attacks, said Robert M. Lee, CEO and co-founder of industrial cybersecurity firm Dragos.
See Also: The Operationalization of Threat Intelligence Programs
One challenge is that while many of the standards and frameworks directed at critical infrastructure asset owners are “very well-intentioned and they’re written by really good folks,” about 95% of all guidance still focuses on prevention, Lee said. This includes such essentials as patching, passwords, segmentation and antivirus. “Only about 5% is going to identify, detect, respond and recover type of efforts,” despite the targeting and penetration of OT networks only continuing to increase, he said.
Another challenge is that despite the preventative guidance, many organizations are failing to implement it. Dragos’ recently released annual study of manufacturing sector security incidents found that in one-third of cases, organizations had incorrectly configured firewalls, while in another one-third of incidents, customers didn’t have in place sufficient network segmentation (see: Defending Operational Technology Environments: Basics Matter).
In this video interview with Information Security Media Group at RSA Conference 2024, Lee also discussed:
- How the risk management discussion is changing as CEOs and boards sharpen their focus on OT cybersecurity and risk;
- Best practices for prioritizing vulnerability management in OT environments;
- How a medium-size organization repelled a nearly yearlong effort by the China-linked Volt Typhoon APT group to pivot from its IT to OT network, thanks to doing the basics.
Lee is considered a pioneer in the industrial control systems threat intelligence and incident response community. He currently serves on the U.S. Department of Energy’s Electricity Advisory Committee and is part of the World Economic Forum’s subcommittees on cyber resilience for the oil and gas and electricity communities.
link