To help provide a flavor of the insights and experience that Tripwire makes available, we’re conducting one-on-one interviews with several Tripwire in-house experts. You may have seen some of their bylines in Belden’s industrial blog over the past couple of years, but in this new series we want to provide a more direct glimpse into each expert’s individual industry purview. Each of them will discuss their own personal views on the current state of cyber security in the industrial environment. You’ll learn more about how they have been working with Belden industrial customers to help bolster their network security and optimize their uptime in today’s challenging environment. We will present a new interview, each featuring a different expert, every other month.
In today’s interview, we feature Tripwire cyber security expert Steven Sletten. Please feel free to ask Steven any questions or start a conversation by emailing him at email@example.com. He and all his Tripwire and Belden colleagues are always at your service.
Steven, you’ve worked in technology fields for more than 25 years, in aspects including software development, marketing and technical sales. What’s your current role with Tripwire and Belden?
I’ve been a pre-sales Systems Engineer with Tripwire for about 12 years, helping clients create a more secure and compliant cyber environment. I work to understand the customer’s issues and business challenges and craft solutions to best fit within that. My role has evolved over the years as far as the types of companies who most frequently use our services. Originally we worked primarily with organizations on the IT/enterprise side like banks and office environments. Then, as electric utilities were identified as critical infrastructure and the NERC-CIP regulations required them to bolster their cyber security stance, we started working with many power plants to help them do so. That continues to be a major need and focus. In the last few years, we’ve been working with more and more diverse industrial organizations and, like Belden, are focusing on the needs of key verticals, such as discrete manufacturing, oil and gas, chemical processing and transportation. These are all industries that have been well served by Belden for many years. Now, these industries are in need of enhanced cyber security, so the synergies between Belden and Tripwire are very good for the industrial customer.
What are some of the cyber security challenges you are currently seeing in the field?
When I was in software development 20 years ago, programmers weren’t trained to code securely; it just wasn’t built into the courses or degree programs. And surprisingly, even today it’s still not as big a priority as it should be. Coders as always are under time pressures to “just get it working,” and that means leaving out easy protections that can lead to problems for users down the road. Take input checking for example. If your software doesn’t check what a user is inputting and just lets it be passed through to the back-end database, you could be passing through strings of SQL queries. This is a very commonly used hacking technique that is easy to guard against with just a couple of simple lines of code in the development process. But it’s not commonly done. It’s a real conflict in priorities, and when you get to the operations side, you see the unfortunate results of putting things out there that aren’t well tested and secure and how they can bring a network to a halt.
Similarly, OT culture wasn’t built on connectivity, so cyber security isn’t a natural built-in priority. OT professionals are working toward maximum reliability and maximum availability of their systems, and suddenly they have increasing pressures of connecting to the corporate network that they didn’t have before. Executives are demanding more and more visibility, more upward reporting and security against outside threats. So it’s a real balancing act. Of course, the perspective differs a great deal depending on who is leading the OT effort. We see a trend where the Chief Information Security Officer who may have his IT department humming along is suddenly tasked with the cyber security on the manufacturing side too. So he finds himself back at square one and it’s a whole new challenge where he has to worry about OT priorities for the first time.
Are the threats to IT and OT the same?
Attacks on the IT side are very large and impact huge numbers of consumers directly so they tend to be well publicized, with millions of health records or credit card or social security numbers compromised all at once. OT events tend to be more localized but they can be very, very costly for the individual company and its stakeholders. It may not be front page public news if XYZ Company’s line goes down and they lose $100,000 per minute in revenues -- and they probably wouldn’t want it to be. But you can bet it’s front page news internally for the company and in their C suite!
There are so many threats: ransomware and power plant shut downs and chemical plant explosions and malware shutting down lines and compromising industrial safety. Potential threats can be pretty specific to the plant operations. We know of an auto manufacturer that had a safety system hacked so the cars kept moving through the line rather than stopping at each station. These runaway cars collided with people and objects. I was speaking recently to a manager of a bakery operation at a trade show. He is concerned about someone messing with his process and causing downtime and waste, but he is even more concerned with someone tampering with his “recipe” and adding a disproportionate amount of preservatives or other chemicals and making a product that is unsafe to eat. It’s wise to consider these kind of scenarios. You want to concentrate on getting product out the door but at the same time you can’t bury your head in the sand. Events are increasing and more and more the perpetrators are enemy nation states and organized crime syndicates. Theirs are not casual efforts; these are professionals who know how to inflict specific and costly damage. Operators need to be proactive.
How can Tripwire technology help in scenarios like this?
We have a very complete solution—asset discovery, change monitoring, regulatory auditing preparation tools, system integrity monitoring, vulnerability assessments and a lot more. I think we’ve long had a leadership role in cyber security and now with Belden’s support we are rapidly developing new and expanded capabilities through increased investment in in-house R&D and more third party OEM partnerships.
For example, we recently announced an enhancement to our popular Tripwire Enterprise security configuration management (SCM) solution. The Tripwire Data Collector capability allows for an agentless discovery of assets right within the Enterprise workflow, and it operates with native industrial protocols like EtherNet/IP. It really raises the bar. And there are several more product announcements in the pipeline. If you’re concerned about cyber security in your OT environment, stay tuned.
Related LinksThe Human Attack Surface: The Weakest Link in Your ICS Security
IT/OT Convergence Means Better Resources for Both
70 Percent of Energy Security Pros Fear Digital Attacks Could Produce a “Catastrophic Failure”
How Plant Operators Can Overcome the Language Barrier to Securing OT Environments
Steven's twenty-five years of technology experience encompass software development to marketing to technical sales. As the technical arm of the Texas/Oklahoma and South Industrial Control Systems sales teams, he works with clients to create a better Cyber Security environment. Rounding out his technical abilities he achieved a Bachelor of Science in Business from Letourneau University and he has received more than seven awards for client work. Sletten recently earned the GIAC Computer Incident Handler (GCIH) certification and is now a certified penetration tester.