Industrial manage systems (ICS) are no strangers to digital attacks. In its Threat Landscape for Industrial Automation Procedures in H1 2017 report (PDF), Kaspersky Lab blocked attack attempts against 37.6 percent of ICS computers that use the Russian sanctuary firm’s products. It also detected 18,000 variants of 2,500 distinctive malware families that infected 20.4 percent of ICS computers via web downloads or phishing fights.To better understand these and other digital threats confronting ICS contrivances, I decided to speak with Robert Landavazo. He’s an ICS engineer at Tripwire who specializes in NERC CIP compliance. Below is a apportionment of our conversation.Maribeth Pusieski: How did you first get involved in the industrial security play? What was your career path?Robert Landavazo: I was always interested in sanctuary when I was younger, and I was fortunate to be supported by family. So I went to school for Report Technology and Security. I don’t think it’s typical to follow through with adolescence career aspirations, but it somehow played out exactly that way for me, and I wouldn’t switch a thing.Once out of university, I got into software development working on an effort that automated design documentation of complex systems in the video building industry. From there, I went into IT for public safety (i.e. 911) and was then take oned by a NM electric utility. There, having access to appropriate funding and resources stopped me and the team I was on create from the ground up a more mature security program, of which Tripwire was a substantial component. In fact, this whole experience helped open my scrutinizes to what can occur when a corporation makes implementing a mature shelter and compliance program a priority.Not only that, but the move to Tripwire was astonishing, as I can now evangelize, educate, and assist others with what I already be informed.MP: What brought you to Tripwire?RL: My career path exposed me to a variety of believably disparate industries. But as I encountered more of them, I began to see an emerging motif – the value across corporations for solid foundational security programs. For prototype, consider the fact that the Internet of Things (IoT) covers all sorts of apparatus from refrigerators to “smart” Firemen helmets with heads-up flaunts. That type of diverse environment could create incidents that are identical to something out of a Twilight Zone episode or Stephen King novel. Well-deserved to illustrate, what if all the refrigerators were able to band tighter (remark to HBO’s Silicone Valley) to skew or make unavailable incident information being sent to the firefighters to a DDoS attack?MP: We´ve seen a lot of attacks on various critical infrastructure. Do any restricted characteristic of events stand out as turning points for you?RL: It’s easy to reference the Ukranian power public limited company incident and others like it in the news, but what interests me are those that aren’t entirely associated with critical infrastructure but can and probably are having direct take places on ICS environments. Take the KRACKs WPA2 security flaw, for instance. It highlights why there wants to be more work and investment around cybersecurity. While it’s true that the measureless majority of critical infrastructure isn’t reliant on 802.11x, environments closely neighboring them pull someones leg large Wi-Fi deployments, making them a huge target in wonky to get a foothold for an attack vector into critical infrastructure environments. It in the end is all about corporations maturing into best practices as well as their agility to conduct oneself quickly to vulnerabilities in their environment.MP: How do you think IT and OT can work together more intelligent? Any practical insight or advice?RL: Administrators and analysts with responsibilities in the individual IT or OT environments have a lot to offer each other. The days where each categorizing could successfully operate independently are over. The hold-outs in opening the doors of communication choice quickly find themselves behind the curve. Experts in OT can teach their IT counterparts a lot take uptime and availability, and experts in IT can teach their OT counterparts a lot about surety and best practices that can and should overlap.MP: In your opinion, what does the subsequent look like for industrial cyber security?RL: The first time I set foot in a substation, I did a doppelgaenger take when looking at a lot of the equipment’s nameplates. Yes, some of this accoutrements predated me. While traditional IT environments matured much faster, ICS media did not. I think this will start to change; I think we are about to see the bend of innovation in ICS speed up. Perhaps not like we saw with IT over the past 10+ years, but devaluate my words, it’s happening!MP: Finally, what advice would you give any folks looking to learn varied about industrial cyber security?RL: There are a lot of resources out there, but be forewarned – a lot of the comfortable I’ve run across recently smells a lot like IT, and that isn’t always the best fit for industrial mise en scenes. That being said, it is improving as ICS security gains more notice, so carefully evaluate your source of information while keeping an clear mind about what’s out there. Again, IT has a lot it can teach OT, just as OT has a lot it can inculcate IT.On November 7, Tripwire will host a “Tripwire University: ICS/SCADA Copy” webcast, where Robert Landavazo & Jonathan Skeele will pole over differing views and methods in a point-counterpoint between IT Security and Directions.
Both gentlemen are knowledgeable and experienced professionals within what we weight say are at times incompatible disciplines. Somehow, they’ll get along as they teach us on how it works and sometimes doesn’t when ICS security is in the spotlight.To sign up to the at the time, click here!