To help provide a flavor of the insights and experience that Tripwire makes available, we’re conducting one-on-one interviews with several Tripwire in-house experts. You may have seen some of their bylines in Belden’s industrial blog over the past couple of years, but in this new series we want to provide a more direct glimpse into each expert’s individual industry purview. Each of them will discuss their own personal views on the current state of cyber security in the industrial environment. You’ll learn more about how they have been working with Belden industrial customers to help bolster their network security and optimize their uptime in today’s challenging environment.
Last time we sat down with Robert Landavazo. In today’s interview, we feature Tripwire cyber security expert Gary DiFazio. Please feel free to ask Gary any questions or start a conversation by emailing him at firstname.lastname@example.org. He and all his Tripwire and Belden colleagues are always at your service.
Gary, you bring some 25 years of technology experience to your work, about a decade of it with Tripwire. What is your current role, and how do you interact with Belden customers?
My current title is Director of Marketing for Industrial Cyber Security at Tripwire. One of my main day-to-day roles is to serve as a conduit between Tripwire and Belden so we can better work together to serve the OT customer. For example, I work with Belden representatives and Belden channel partners to identify potential industrial cyber security solutions and present them to customers from a technical point of view.
How do you see the current state of the OT environment?
The OT environment is evolving and coming to terms with the fact that it needs to gain a greater understanding of cyber security threats and how to mitigate them. And, as IT professionals know from years ago, there is a learning curve to be faced. Currently I find that a lot of industrial organizations that have moved forward still have a “set and forget” mentality. They’ve been proactive to set things up, but then don’t monitor or think about it too much. For example, they have a firewall but they’re not looking at the logs—so the firewall could be constantly bombarded with malware and they don’t know about it. Or they might deploy a switch that has valuable security features such as enabling encryption or authentication, but they haven’t moved forward to put those tools to use to protect their environment better. It’s easy to see where that mindset is coming from. For years and years, industrial environments never had outside connectivity. It just wasn’t something that they had to concern themselves with. Now they have connectivity that can deliver huge benefits to OT but it also adds risks that need to be managed. And as more and more things are being connected to a network, that means more and more things are at risk for potentially bad things happening. So as cyber capabilities evolve, cyber security needs to evolve in lockstep. It’s not difficult but the mindset to take action to do so has to be developed.
How do you think the acquisition of Tripwire benefits the traditional Belden customer?
Belden is very trusted in the industrial environment and has a lot of long term customers who are facing these cyber security issues right now. I think many OT people might know that they need to move more decisively on cyber security but might not know what steps to take. This can be overwhelming and lead to inaction. Often, they don’t know the technology and they don’t know how to position the situation accurately to executives to get the funding they need to move ahead at all. So I think that having Belden, who they’ve worked with successfully for so long, in their corner and able to offer expertise through Tripwire seems like a very helpful, complementary and much needed service.
How do you get OT customers started, or accelerated, as the case may be?
Once they have a trusted cyber security resource to tap into, things can usually move a bit smoother. We try to educate the customer to help them move beyond their current level of cyber security knowledge and sophistication, whether they are complete beginners or have things underway a bit. Tripwire has a proven ability to assess the customer’s configuration and build on it, effectively working toward a secure state. There are several areas that can loom large and have low hanging fruit where dramatic improvements can be made relatively easily. They’re where IT started in the late 1990s and are pretty much a given in the enterprise environment although still immature or even unknown in the industrial environment. For example, are the OT networks properly segmented and individually protected? The lack of segmentation not only between IT and OT networks but between different OT roles and processes is what allows malware like WannaCry to spread from the IT side and quickly take over OT process after process just flowing through and wreaking havoc unimpeded. Another thing to look at right up front is secure remote access. OT environments often have all sorts of people logging in remotely—employees, contractors, vendors, integrators and more - and many times it’s not done securely. That’s asking for trouble. And of course asset inventory. If you don’t know what you have you’re probably not keeping it up to date and properly configured, much less keeping it secure. And that’s very common too.
Based on your experience, what insights can you offer OT organizations as they work to improve their cyber security?
I congratulate them for taking the proactive steps to protect their operations and not just rolling the dice and hoping nothing bad happens because, odds are, eventually it will. It’s like if you have high cholesterol—ignoring it isn’t going to make it go away, it’s only going to allow it to get worse and keep you from taking positive steps to fix it. Sometimes our most motivated customers are those that have found this out the hard way—they call Tripwire right after they’ve had a cyber incident that cost them hundreds of thousands of dollars. Certainly, we’re the guys who can help them make sure that it doesn’t happen again, but how much better would it be if it had never happened in the first place? Fortunately customers can also be highly motivated by the positive. For example, North American utilities are being required by the North American Electric Reliability Corporation Critical Infrastructure Protection plan (NERC-CIP) regulation to implement certain protections in their operation. And many make that investment and soon they want to voluntarily implement the same level of security in areas that are not under the regulation because they’ve seen how effective it can be. Really, I think the most valuable insight people discover on their own is that stronger cyber security environments are often stronger operational environments because the visibility into your operation gives you the ability to perform better in every way. You can catch a device failing or a process error faster and recover quickly because you are that much more aware of your environment. So people realize that cyber security is not necessarily a separate issue, but is an integral part of a high performing, continuously improving operation.
- Industrial Cyber Security Experts At Your Service: A Conversation with Tripwire’s Brian Jackson
- The Human Attack Surface: The Weakest Link in Your ICS Security
- IT/OT Convergence Means Better Resources for Both
- 70 Percent of Energy Security Pros Fear Digital Attacks Could Produce a “Catastrophic Failure”
- How Plant Operators Can Overcome the Language Barrier to Securing OT Environments