There is nothing like a security conference to get an actual feel of the pulses and trends in the cyber security landscape. Last week, we participated in the 4th Israel HLS & Cyber international conference, and gained a unique opportunity to interact and share experiences with multiple OT security stake holders from all around the globe.
What struck me the most from the event was the diversity of the crowd to which the security of OT networks – or SCADA, Industrial Control Systems, PCN – was a critical issue. When I say diversity, I mean it in the widest sense of the word: geolocation, security knowledge, role within the corporation – you name it, it was a mixed bag. From hard core process automation engineers, to power plant contractor and railway C-suite managers, to regulators and government officials, they were all there and they were all interested in talking OT network security innovation. We can safely say that developing a robust, defense-in-depth OT cyber security is starting to get the acknowledgement it should.
Consider these random examples of some of our interactions from the event:
· We met with a CISO of a vertically integrated oil company seeking to close the security gap in his production and refining facilities
· We talked with an Engineering Procurement and Construction (EPC) contractor that needs to comply with newly enforced regulations that mandate the implementation of cyber security in every delivered power plant.
· One of conversations was with an executive of a global insurance company searching for a security solution that can protect HVAC systems from being compromised and, as a result, ensure the reliable functioning of its data centers.
· Governments from around the globe were represented – we sat with an Energy Ministry representative from an African nation tasked with setting security practices for country water and electric utilities.
OT cyber risk is increasingly becoming common knowledge – and the discussion on handling this risk is heating up across organizations - ranging from hands-on security personnel to the board of directors. It appears to be one of those rare moments in security in which the pressure senior level management exerts from above aligns with the needs of security teams. As a result, companies are nurturing an open-eyed approach to managing and proactively mitigating the risks threat actors pose to automation systems networks.
It is stimulating to see that the lessons from the IT domain have been learned and that action is heating up before major incidents are widespread. The fact that the trend we are witnessing was not triggered by an ‘OT Pearl Harbor’ - the corresponding peer of Target, Home Depot or Anthem data breaches – but by sound risk analysis might imply that the OT networks that run our world’s critical infrastructure can indeed reach the level of cyber resiliency that would ensure their safety and reliability.
We’re thrilled to be bringing to market innovations in OT security at just the right time and we’re getting really, really busy talking to leaders across industry about ways we can help.
If you’re interested in learning more about Claroty, we invite you to drop us a line and get the conversation started. If last week was any indication, we think you’ll be impressed by what we can do to help.