Industrial Talk chats with Huxley Barbee, Security Evangelist at runZero about “OT Security vs IT Security and Passive Discovery vs Active Scanning.” The following is a summary of the conversation:
Cybersecurity and OT with Huxley from runZero. (0:00) #
- Palo Alto Networks provides comprehensive security solutions for all assets, networks, and remote operations.
- Huxley Barbee, security evangelist at runZero, discusses cybersecurity and the importance of staying connected and safe in the digital world.
- Industrial Talk is a platform dedicated to amplifying voices and solving problems through various mediums, including podcasts, videos, and webcasts.
Cybersecurity in IoT, OT, and ICS environments. (4:36) #
- Security evangelist at Ron zero discusses chasm solution for cyber asset attack surface management.
- Huxley highlights the importance of security in IoT and OT environments, emphasizing that it’s often an afterthought.
-Scott MacKenzie agrees, noting that security should be a priority from the beginning of a project, rather than an add-on later on.
Industrial control systems security. (9:13) #
- Scott MacKenzie and Huxley discuss the importance of aligning security and operations in an organization, with Huxley highlighting the need for more conversations to understand the importance of including security in planning and decision-making.
- Huxley notes that operational teams may prioritize mechanical problems over security updates, but this can lead to negative consequences, such as security breaches or outages, which can affect the way devices operate.
- Huxley emphasizes the importance of knowing what assets are present in an OT or ICS environment for proper security controls.
Cybersecurity risks in industrial control systems. (14:04) #
- Huxley emphasizes the importance of selecting security controls commensurate with the value of assets.
- Huxley highlights the irony of introducing security measures to avoid outages, only to inadvertently cause them.
- Vendors and devices create variety and complexity in IoT security.
Active scanning techniques for IoT devices. (20:02) #
- Huxley explains how active scanning techniques can cause real-world problems, such as network outages, due to the way they are implemented.
- Huxley highlights the bias against active scanning that has developed as a result of poor deployments in the past.
- Huxley argues that active scanning can be safe for OT and ICS environments with proper development.
Active scanning vs passive device discovery in cybersecurity. (24:19) #
- Active scanning involves customizing security measures based on specific devices, while passive discovery tends to be more costly and effortful.
- Huxley discusses the challenges of passive discovery in network traffic analysis, including the need for multiple collectors and the difficulty of deploying collectors in the right locations.
- Huxley also highlights the advantages of active scanning over passive discovery, including the ability to be targeted and thorough in gathering information.
OT security challenges and ransomware attacks. (28:58) #
- Organizations prioritize availability over security in OT environments, leading to potential exposure to penetration.
- Huxley predicts decrease in cyber attacks due to increased payoffs.
- Huxley believes there are more adversaries lurking in OT environments than known breaches, with a ratio of 50x on the OT side compared to 5x on the IT side.
- Huxley thinks nation-state actors are waiting for political and military situations to make their moves, while financially driven actors are waiting for the right opportunity to strike.
Security programs and protocols for OTC organizations. (35:48) #
- Scott MacKenzie and Huxley discuss the importance of security programs in organizations, with Huxley mentioning the need for a security program at every organization with an OTC.
- Huxley will be at the ICS village conference, showcasing runZero’s solutions for detecting protocols and devices in a mock network environment.
Cybersecurity and industry connections. (39:45) #
- Huxley shares his expertise on cybersecurity and asset protection in the industrial sector.