Ask the Expert: Why is it important now that the energy sector focus on securing their OT devices?
Michael DeLoach, Solution Consultant at Iceberg Networks and Mitch Blackburn, Global Head of Energy & Utilities Industry Solutions at ServiceNow discuss why it’s critical that the energy sector focus on securing their operational technology devices today. The following is an edited transcript of the conversation.
Mitch Blackburn: We’re seeing that prior approaches rely heavily on air gaps, yet digitization is eliminating those gaps and the OT devices are advancing too. Meanwhile, we have the bad actors that are ramping up, we’ve seen all the recent stories. Those new devices have new vulnerabilities and those vulnerabilities will continue to morph over time. I think the best companies are proactively adopting new solutions that help them understand that network, help them map it out, help them understand where those vulnerabilities are and the challenges and then enable them to create ways to mitigate any of those risks. When they do this, we see those companies better equipped to ensure their financial, operational and reputational success.
Michael DeLoach: I would say quite simply that our adversaries are becoming increasingly sophisticated and they are increasing their focus on attacking critical infrastructure OT systems. I think they’re patient and oftentimes very well funded. Their knowledge of operational technology is getting better and better. In some cases, they’re actually able to procure the equipment that they are attacking so can test their various methods of attack. As such, having solid cybersecurity practices is more important now than ever before.
It’s also true that while many critical infrastructure operators have segregated their IT and OT networks, it’s also true that more workers are functioning remotely today, more now than ever, and at times those [remote workers] have access to operational technology systems. That broadens the attack surface the organization has to protect, which lends more credence to increasing the focus on OT security.