Cybersecurity Experts: A Conversation with Tripwire's Steven Sletten
You may have seen some of their bylines in Belden’s industrial Cybersecurity blog over the past couple of years however, in this series we're providing readers with a glimpse into each expert’s industry perspectives. Our cybersecurity experts will share their view on the state of industrial cybersecurity. Readers will also learn more about how these cyber experts work with Belden customer to help bolster their network security and optimize uptime in today’s challenging environment.
In this post, we speak with Tripwire's Steven Sletten.
Steven, you’ve worked in technology fields for more than 25 years, in aspects including software development, marketing and technical sales. What’s your current role with Tripwire and Belden?
I’ve been a pre-sales systems engineer with Tripwire for about 12 years, helping clients create a more secure and compliant cyber environment. I work to understand the customer’s issues and business challenges and craft solutions to best fit within that. My role has evolved over the years as far as the types of companies who most frequently use our services. Originally we worked primarily with organizations on the IT/enterprise side like banks and office environments. Then, as electric utilities were identified as critical infrastructure and the NERC-CIP regulations required them to bolster their cyber security stance, we started working with many power plants to help them do so. That continues to be a major need and focus. In the last few years, we’ve been working with more and more diverse industrial organizations and, like Belden, are focusing on the needs of key verticals, such as discrete manufacturing, oil and gas, chemical processing and transportation. These are all industries that have been well served by Belden for many years. Now, these industries are in need of enhanced cyber security, so the synergies between Belden and Tripwire are very good for the industrial customer.
What are some of the cyber security challenges you are currently seeing in the field?
When I was in software development 20 years ago, programmers weren’t trained to code securely; it just wasn’t built into the courses or degree programs. And surprisingly, even today it’s still not as big a priority as it should be. Coders as always are under time pressures to “just get it working,” and that means leaving out easy protections that can lead to problems for users down the road. Take input checking for example. If your software doesn’t check what a user is inputting and just lets it be passed through to the back-end database, you could be passing through strings of SQL queries. This is a very commonly used hacking technique that is easy to guard against with just a couple of simple lines of code in the development process. But it’s not commonly done. It’s a real conflict in priorities, and when you get to the operations side, you see the unfortunate results of putting things out there that aren’t well tested and secure and how they can bring a network to a halt.
Similarly, OT culture wasn’t built on connectivity, so cyber security isn’t a natural built-in priority. OT professionals are working toward maximum reliability and maximum availability of their systems, and suddenly they have increasing pressures of connecting to the corporate network that they didn’t have before. Executives are demanding more and more visibility, more upward reporting and security against outside threats. So it’s a real balancing act. Of course, the perspective differs a great deal depending on who is leading the OT effort. We see a trend where the Chief Information Security Officer who may have his IT department humming along is suddenly tasked with the cyber security on the manufacturing side too. So he finds himself back at square one and it’s a whole new challenge where he has to worry about OT priorities for the first time.
Are the threats to IT and OT the same?
Attacks on the IT side are very large and impact huge numbers of consumers directly so they tend to be well publicized, with millions of health records or credit card or social security numbers compromised all at once. OT events tend to be more localized but they can be very, very costly for the individual company and its stakeholders. It may not be front page public news if XYZ Company’s line goes down and they lose $100,000 per minute in revenues... and they probably wouldn’t want it to be. But you can bet it’s front page news internally for the company and in their C suite!
There are so many threats: ransomware and power plant shut downs and chemical plant explosions and malware shutting down lines and compromising industrial safety. Potential threats can be pretty specific to the plant operations. We know of an auto manufacturer that had a safety system hacked so the cars kept moving through the line rather than stopping at each station. These runaway cars collided with people and objects. I was speaking recently to a manager of a bakery operation at a trade show. He is concerned about someone messing with his process and causing downtime and waste, but he is even more concerned with someone tampering with his “recipe” and adding a disproportionate amount of preservatives or other chemicals and making a product that is unsafe to eat. It’s wise to consider these kind of scenarios. You want to concentrate on getting product out the door but at the same time you can’t bury your head in the sand. Events are increasing and more and more the perpetrators are enemy nation states and organized crime syndicates. Theirs are not casual efforts; these are professionals who know how to inflict specific and costly damage. Operators need to be proactive.
How can Tripwire technology help in scenarios like this?
We have a very complete solution—asset discovery, change monitoring, regulatory auditing preparation tools, system integrity monitoring, vulnerability assessments and a lot more. I think we’ve long had a leadership role in cyber security and now with Belden’s support we are rapidly developing new and expanded capabilities through increased investment in in-house R&D and more third party OEM partnerships.
For example, we recently announced an enhancement to our popular Tripwire Enterprise security configuration management (SCM) solution. The Tripwire Data Collector capability allows for an agent-less discovery of assets right within the Enterprise workflow, and it operates with native industrial protocols like EtherNet/IP. It really raises the bar. And there are several more product announcements in the pipeline. If you’re concerned about cyber security in your OT environment, stay tuned.