Critical Infrastructure Security , Events , Governance & Risk Management

Effective Operational Technology Security? Embrace Response

Critical Infrastructure Over-Focuses on Prevention, Says Dragos' Robert M. Lee
Robert M. Lee, CEO and co-founder, Dragos

An uptick in the tempo of attacks targeting operational technology networks means the industry must improve its ability to respond to such attacks, said Robert M. Lee, CEO and co-founder of industrial cybersecurity firm Dragos.

See Also: Why the Future of Security Is Identity

One challenge is that while many of the standards and frameworks directed at critical infrastructure asset owners are "very well-intentioned and they're written by really good folks," about 95% of all guidance still focuses on prevention, Lee said. This includes such essentials as patching, passwords, segmentation and antivirus. "Only about 5% is going to identify, detect, respond and recover type of efforts," despite the targeting and penetration of OT networks only continuing to increase, he said.

Another challenge is that despite the preventative guidance, many organizations are failing to implement it. Dragos' recently released annual study of manufacturing sector security incidents found that in one-third of cases, organizations had incorrectly configured firewalls, while in another one-third of incidents, customers didn't have in place sufficient network segmentation (see: Defending Operational Technology Environments: Basics Matter).

In this video interview with Information Security Media Group at RSA Conference 2024, Lee also discussed:

  • How the risk management discussion is changing as CEOs and boards sharpen their focus on OT cybersecurity and risk;
  • Best practices for prioritizing vulnerability management in OT environments;
  • How a medium-size organization repelled a nearly yearlong effort by the China-linked Volt Typhoon APT group to pivot from its IT to OT network, thanks to doing the basics.

Lee is considered a pioneer in the industrial control systems threat intelligence and incident response community. He currently serves on the U.S. Department of Energy's Electricity Advisory Committee and is part of the World Economic Forum's subcommittees on cyber resilience for the oil and gas and electricity communities.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.