The PrOTect OT Cybersecurity Podcast Aaron Crow

About Todd Beebe: Todd Beebe, a cybersecurity veteran since the early 90s, commenced his journey by thwarting attempts to hack his BBS. His expertise led to pivotal roles with an international organization, securing remote access, fortifying websites, and pioneering firewall deployment. Later, at Ernst & Young, he spearheaded the Attack & Penetration practice in Houston, penetrating Fortune 500 clients and contributing to the precursor of the Hacking Exposed book series. Todd's entrepreneurial spirit thrived as he founded cybersecurity companies, notably inventing the telecom firewall 'TeleWall' and the web application firewall 'eServer Secure,' holding nine US patents. His career includes fortifying the White House and Pentagon against cyber threats and building cybersecurity programs for multiple Fortune 500 organizations.

In this episode, Aaron and Todd Beebe discuss:
Their journeys into cybersecurity careersNavigating the convergence of IT and OT securityFinding common ground and overcoming historical hurdlesShared labs for enhanced understanding and effective problem-solvingCybersecurity challenges in critical infrastructure
Key Takeaways:
In addressing cybersecurity challenges, it's crucial for IT and OT teams to collaborate closely, recognizing that the threat landscape targets common denominators such as IP addresses, ports, and Windows systems, and adopting a unified approach to securing both environments is essential in the evolving landscape of cyber threats.In navigating the convergence of IT and OT, the key lies in recognizing the shared technological foundation, fostering collaboration to merge expertise, and dispelling the misconception of a takeover, ultimately shifting the focus from being adversaries to allies in the pursuit of a secure and efficient operational landscape.Fostering collaboration between IT and OT teams through shared advisory roles, regular communication, and the establishment of a collaborative lab environment not only enhances technical expertise but also builds trust, camaraderie, and a common language, ultimately contributing to a more resilient and stable organizational infrastructure.While Todd is excited about the increasing diversity of people entering the cybersecurity field, he expresses concern about the SEC's decision to hold CISOs accountable for breaches and emphasizes the challenge of training junior analysts to effectively identify and respond to cyber threats in the evolving landscape. 
"I'm ready to continue learning. I believe that's the most important part for anyone in cybersecurity. It's whether they have that mindset: it's not failure, it's learning. If we can get that into the mindsets of the next generation, I think then we've done what we needed to do." — Todd Beebe
 

Connect with Todd Beebe:  
Email: tvbeebe@freeportlng.com
LinkedIn: https://www.linkedin.com/in/toddbeebe/

Connect with Aaron:
LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about Industrial Defender:
Website: https://www.industrialdefender.com/podcast 
LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/
Twitter: https://twitter.com/iDefend_ICS
YouTube: https://www.youtube.com/@industrialdefender7120


Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it. 

About Ron Fabela: Ron Fabela, a seasoned cybersecurity professional with over 20 years of experience, specializes in safeguarding Industrial Control Systems (ICS) and Operations Technology (OT). Currently serving as the Field CTO at XONA, Ron leads initiatives to establish secure industrial access, ensuring safe operations for asset owners globally. With a background rooted in hands-on experience across diverse critical infrastructure sectors such as power generation, offshore oil, and refineries, he excels in overcoming industry-specific challenges and possesses a unique skill set to articulate technical and business concepts effectively to a broad audience.

In this episode, Aaron and Ron Fabela discuss:
Adopting secure remote access in OT as an operational requirementThe complex landscape of active scanning in ICSBuilding trust and bridging the gap between cybersecurity and OTBalancing innovation, risk, and security in a changing landscape
Key Takeaways:
In the dynamic world of ICS, securing remote access is not just a cybersecurity necessity but a practical operational requirement, as witnessed through the evolution from air gaps to accepted industry practices, embracing the concept of zero trust while facilitating secure access is not only a cybersecurity feat but a collaborative effort aligning operational needs with stringent security measures.The shift from passive to active scanning is crucial for effective threat detection and asset visibility; while skepticism persists, bridging the gap between security and operations through trust-building and advocacy is essential to navigate the challenges and seize the opportunities in securing critical infrastructure.To establish trust and enhance cybersecurity in operational environments, genuine collaboration, understanding the challenges of control system engineers, and acknowledging small victories are crucial steps toward securing critical infrastructure and ensuring operational resilience.The future of industrial cybersecurity brings excitement and concern with the shift to advanced systems like cloud, edge, and virtualization, offering scalability but inheriting a substantial attack surface. This underscores the importance of a strategic security approach in this evolving landscape. 
"I appreciate where I'm at. That's why I stay in the community. I don't think I could ever go back to enterprise and have that same feeling of mission and importance without letting it get to you. Early on, a lot of us were like, "We're saving the world." It's like, "No, no, no. We're just trying to help people, and we're helping ourselves in the process." That's why I love the community." — Ron Fabela
 
Connect with Ron Fabela:  
Email: ron@fabela.co (unofficial business) & ron@xonasystems.com (official business)
LinkedIn: https://www.linkedin.com/in/ronniefabela/
Twitter: https://twitter.com/ron_fab

Connect with Aaron:
LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about Industrial Defender:
Website: https://www.industrialdefender.com/podcast 
LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/
Twitter: https://twitter.com/iDefend_ICS
YouTube: https://www.youtube.com/@industrialdefender7120


Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.

About Dan Gunter: Dan Gunter, founder and CEO of Insane Forensics, is a seasoned cybersecurity professional renowned for his extensive expertise in the field. With a background as an officer in the United States Air Force, specifically with the Air Force Computer Emergency Response Team (AFCERT) and operational CYBERCOM teams, Dan has a wealth of experience in protecting critical infrastructure sites. His leadership extends to the private sector, where he served as the Director of Research and Development for Dragos Inc. before founding Insane Forensics. As a prominent speaker at major cybersecurity events, including Black Hat and ShmooCon, Dan shares his insights on incident response, threat hunting, consequence analysis, and security operations. Under his guidance, Insane Forensics provides a cutting-edge cybersecurity automation platform and services, catering to the unique challenges faced by industrial sites with limited cybersecurity resources.

In this episode, Aaron and Dan Gunter discuss:
Addressing the growing threat of cyber attacks on critical infrastructure, reflecting on Mandiant’s report on attacks in UkraineNavigating the complexities, resource limitations, and timely application of threat intelligenceRethinking industrial cybersecurityThe intersection of cybersecurity, AI, and OT
Key Takeaways:
In the face of escalating cyber threats to critical infrastructure, exemplified by recent attacks like the Ukraine power grid incident, it is evident that a passive approach alone is insufficient; as attackers grow more sophisticated, understanding and actively monitoring both network and host activities become imperative for effective defense strategies.The evolving landscape of OT cybersecurity demands a nuanced approach, addressing the historical lack of understanding, resource constraints, and the critical need for timely threat intelligence application, highlighting the urgency for industry-wide collaboration and the integration of advanced technologies like AI.To navigate the integration of AI and ML in industrial settings, overcoming fear and resistance is key. Scaling incident response, fostering collaboration, and embracing proactive and reactive measures are essential for building a resilient security foundation in critical infrastructure.In the next 5 to 10 years, the increasing scale and sophistication of cyber attacks, especially in critical infrastructure, pose a significant concern, requiring a holistic approach that combines people, processes, and technology to address evolving threats and vulnerabilities, emphasizing the need for proactive design considerations in new environments and fostering collaborative efforts to share knowledge and solutions.
"I worry about how we keep up. We're not going to do it by people alone. We won't do it by process or technology alone. It's going to be all three. It's going to be just us being smart about it and being open to the future." — Dan Gunter
 

Connect with Dan Gunter: 
Website: https://insaneforensics.com/ 
Email: dan@insaneforensics.com
YouTube: https://www.youtube.com/channel/UCSBx8on8ffSm00kqUcTrRPA
LinkedIn: https://www.linkedin.com/in/dan-gunter/
Twitter: https://twitter.com/insaneforensics

Connect with Aaron:
LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about Industrial Defender:
Website: https://www.industrialdefender.com/podcast 
LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/
Twitter: https://twitter.com/iDefend_ICS
YouTube: https://www.youtube.com/@industrialdefender7120

Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.

About Thomas VanNorman: Thomas VanNorman, a seasoned professional with almost three decades of experience in OT, is currently leading the CyPhy Product group at GRIMM. His primary focus involves securing Industrial Control Systems and networking within this domain. Additionally, Tom is a co-founder of the ICS Village, a 501(c)(3) non-profit organization dedicated to Control System security and awareness, where he has volunteered for almost a decade. Tom retired from the Air National Guard after serving in Cyber Warfare Operations, capping off a diverse career that included working on airplane control systems for 12 years.

In this episode, Aaron and Thomas VanNorman discuss:
Starting up The ICS VillageNavigating the world of industrial control systemsAddressing the unique challenges of OT securityThe chicken and egg dilemma in industrial cybersecurityInsights from recent SEC actions and the role of CISOs in risk acceptance
Key Takeaways:
The ICS Village, founded eight years ago, focuses on educating and raising awareness about industrial control systems (ICS) and their security, using conferences, events, and roadshows to provide hands-on experiences, non-sales discussions, and tabletop exercises, with a mission to bridge knowledge gaps, address terminology variations, and emphasize the importance of both old and new threats in the ICS space.Addressing cybersecurity challenges in the OT space, particularly with aging technology, requires a unique approach due to potential impacts on production and safety, leading to the launch of a four-year apprenticeship program initially targeting veterans to bridge the skills gap.Navigating the challenges of cybersecurity in industrial settings requires a blend of technical expertise, an understanding of operational processes, and effective risk communication, as demonstrated by the importance of bridging the gap between IT and OT and addressing vulnerabilities in a context-specific manner.In the ever-evolving landscape of cybersecurity, the role of CISOs is becoming increasingly crucial, with recent legal actions targeting them personally; however, it's essential to recognize that CISOs often lack the executive power to make decisions, highlighting the need for a shift in organizational dynamics and a deeper understanding of the risks being accepted.
"Our role as technologists is to explain the facts: Why does this matter? What happens if you fix it? What happens if you don't fix it? It may cost millions of dollars to fix it. It might be for an air handler that operates the warehouse, which doesn't matter much. Or it could be an air handler for that warehouse that does matter because it has to be climate-controlled. Things go south quickly. It's the same piece of hardware, the same piece of technology, but with different applications." — Thomas VanNorman
 
Connect with Thomas VanNorman:  
Email: tom@icsvillage.com
Website: https://www.icsvillage.com/
LinkedIn: https://www.linkedin.com/in/thomasvannorman/

Connect with Aaron:
LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about Industrial Defender:
Website: https://www.industrialdefender.com/podcast 
LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/
Twitter: https://twitter.com/iDefend_ICS
YouTube: https://www.youtube.com/@industrialdefender7120

Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.

About Don C. Weber: Don C. Weber is the Principal Consultant and Founder of Cutaway Security, LLC, an information security consulting firm based in Texas. With a master's degree in network security and a Certified Information Systems Security Professional (CISSP) certification, Don has a wealth of expertise gained over two decades. As a seasoned leader, he has spearheaded large-scale incident response efforts, overseen the certification and accreditation of classified federal and military systems, and managed distributed security teams safeguarding mission-critical Navy assets. A prolific contributor to open-source projects in the realm of information security and incident response, Don focuses his current efforts on assisting organizations in fortifying their critical infrastructure and operational technology environments through comprehensive vulnerability evaluations and strategic security solutions.

In this episode, Aaron and Don C. Weber discuss:
Navigating the convergence of IT and OT in cybersecurityAddressing the gray area in OT and IT collaborationEnhancing cybersecurity in control systemsEmbracing cloud technology in ICS security
Key Takeaways:
Understanding the distinct languages, processes, and incident response approaches between IT and OT is crucial for effective cybersecurity in the evolving landscape, requiring a collaborative baseline to ensure efficient communication and decision-making during critical incidents.The integration of OT and IT in cybersecurity strategies is crucial, and addressing the often overlooked gray area between these domains requires proactive collaboration, communication, and education to bridge the gap and ensure a comprehensive approach to security measures.The integration of cybersecurity measures in control systems requires a holistic approach, involving clear requirements, collaboration between IT and OT experts, and a shift from the traditional "we've always done it this way" mindset to address evolving challenges and ensure the resilience and safety of critical infrastructure.As industries rapidly transition to cloud-based solutions, failure to integrate IT and OT teams, train IT professionals about OT, and prepare for potential vulnerabilities in cloud services can lead to increased costs, heightened risks, and a competitive disadvantage in the evolving landscape of ICS security.
"Does the OT side understand anything about cloud? No, that's not their job. Whose job is it? It's the job, right now every company has an IT admin or an IT team, a full team for managing cloud within the corporate environment. If you don't accept, if you don't allow some leadership people from those teams in and start building out your cloud team, you're going to quickly fall behind the times, you're going to be deploying solutions that are vulnerable to remote attacks." — Don C. Weber
 
Additional Resources:

SANS Industrial Control Systems Security: https://www.sans.org/industrial-control-systems-security/
ICS Village: https://www.icsvillage.com/

Connect with Don C. Weber:  
Email: don@cutawaysecurity.com
Website: https://www.cutawaysecurity.com
LinkedIn: https://www.linkedin.com/in/cutaway/
GitHub: https://github.com/cutaway-security

Connect with Aaron:
LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about Industrial Defender:
Website: https://www.industrialdefender.com/podcast 
LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/
Twitter: https://twitter.com/iDefend_ICS
YouTube: https://www.youtube.com/@industrialdefender7120


Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.

About Ron Brash: Ron Brash, a renowned figure in ICS/OT cybersecurity and embedded vulnerability research, garnered acclaim as the recipient of the Top 40 under 40 award for Engineering Leaders 2020 from Plant Engineering. Serving as the VP of Technical Research & Integrations at aDolus Technology Inc., Ron aligns his passion for ICS/OT security by leveraging his extensive experience in advising major asset owners across industries such as oil & gas, manufacturing, energy, and aviation. His notable achievements include playing a pivotal role in creating datasets for the S4 ICS Detection Challenges, reflecting his commitment to advancing industry standards and fostering innovation in cybersecurity.

In this episode, Aaron and Ron Brash discuss:
Understanding and managing vulnerabilities in OT systemsBalancing risk, detection, and recoveryExploring the intersection of cybersecurity, business risk, and vendor collaborationNavigating challenges in industrial networks
Key Takeaways:
In the complex world of industrial cybersecurity, understanding and managing vulnerabilities is like conducting a home inspection or maintaining a car—focus on what matters most, prioritize based on critical assets, and approach it with a measured, pragmatic strategy rather than panicking in the face of a long list of issues.Achieving zero incidents is an unrealistic goal, and the focus should shift towards proactive detection, deflection, and defense, along with a robust recovery plan, emphasizing the importance of people, processes, and technology, particularly in the context of evolving technologies and complex vendor landscapes.The key to cybersecurity success lies in translating technical intricacies into tangible business value, effectively correlating cyber and architectural considerations to business risk, as demonstrated by a strategic approach involving transparency, attestation, and collaboration with vendors, ultimately leading to improved security measures and operational efficiency.Navigating the challenges of aging industrial systems, transparency issues in software development, and evolving threat landscapes underscores the crucial importance of a collaborative community effort to ensure the resilience and security of critical infrastructure in the face of emerging threats.
"Some are very forward-leaning and some believe in the democratization of data, and some are more old school and don't want to share a thing. Within the realm of business, and to be truly fair, no business is homogenous. So, there are different business units that might be more modern and more open facing, and others that are like, don't touch this because you don't know what other industries we're working in." — Ron Brash
 
Connect with Ron Brash:  
Email: ron.brash@adolus.com
Website: www.adolus.com
LinkedIn: https://www.linkedin.com/company/adolus & https://www.linkedin.com/in/ronbrash/
Twitter: https://twitter.com/ron_brash


Connect with Aaron:
LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about Industrial Defender:
Website: https://www.industrialdefender.com/podcast 
LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/
Twitter: https://twitter.com/iDefend_ICS
YouTube: https://www.youtube.com/@industrialdefender7120

Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.