.png)
Industry Defence Insights
Our engaging episodes will equip you with essential knowledge about OT/ICS/IT cybersecurity to safeguard your digital presence. Your digital safety starts here!
Industry Defence Insights
Cybersecurity Gaps in Critical Infrastructure
What if a simple cyberattack could bring your entire city to a standstill? Explore the critical cybersecurity skill shortages plaguing industrial control systems and operational technology, and learn why this is a pressing issue we can no longer afford to ignore. This episode uncovers the vulnerabilities in the infrastructure that powers our daily lives—from the electricity that lights our homes to the systems that ensure clean water flows from our taps. Drawing from a recent SANS Institute report, we highlight the looming skills gap that leaves these systems exposed to potential attacks. Discover how Dragos Oatsert, a global cybersecurity hub, is stepping up to provide vital resources like vulnerability assessments and incident response playbooks, empowering organizations to safeguard their operations and minimize risks.
In an interconnected world, protecting critical infrastructure is a collective responsibility. We emphasize the importance of cybersecurity awareness and proactive engagement with local utilities to ensure they have robust security measures in place. Join us as we discuss how each of us can play a part in supporting better security policies and strategies. For those eager to deepen their understanding, resources like Dragos Oatsert offer valuable insights and support to bolster our defenses. This episode is a call to action for everyone to contribute to a safer, more secure future for our communities and the essential services we rely on.
in today podcast, we are going to explore the critical cyber security skill shortages within industrial control systems and operational technology. Okay, so picture this you're just going about your day, right? Yeah making coffee.
Speaker 2:Making coffee, yeah.
Speaker 1:Checking emails, the usual, and then bam.
Speaker 2:Oh no.
Speaker 1:Lights out.
Speaker 2:Uh-oh.
Speaker 1:And not just your house, the whole city.
Speaker 2:Wow.
Speaker 1:No, internet. Traffic lights out.
Speaker 2:That's scary.
Speaker 1:Hospitals struggling to even keep things running.
Speaker 2:Oh gosh.
Speaker 1:Turns out, it's not just a normal outage, though.
Speaker 2:Is it?
Speaker 1:Oh my gosh Turns out it's not just a normal outage though, is it the power grid? It's been hit by a cyber attack.
Speaker 2:That sounds like straight out of a movie.
Speaker 1:I know right, but it's real.
Speaker 2:That is, this stuff is happening it is.
Speaker 1:And the stuff we rely on every day our lights water, our factories. Keeping everything running, all of it, it's becoming more and more vulnerable, our factories Keeping everything running All of it. Yeah, it's becoming more and more vulnerable.
Speaker 2:Yeah, and that's what we're diving into today.
Speaker 1:Absolutely, why we're here.
Speaker 2:This is important stuff. We've got a ton of research. Oh yeah, A whole stack.
Speaker 1:Including this recent SANS Institute report.
Speaker 2:Oh, okay.
Speaker 1:All about this growing cybersecurity threat to these really vital systems. I mean, if those go down, yeah, it's not good. Not good at all not good at all, and one thing that's really concerning, yeah, from all this research, yeah, is that a lot of organizations, especially the smaller ones, okay, they're facing this huge skills gap right when it comes to protecting these industrial systems it's specialized it is for sure. Yeah, it's not just about like having the latest you know.
Speaker 2:Oh yeah.
Speaker 1:Firewall Right, the best antivirus.
Speaker 2:Yeah, it's about the people.
Speaker 1:Exactly.
Speaker 2:Understand.
Speaker 1:It's the people.
Speaker 2:You know understand.
Speaker 1:Understand the unique challenges. Absolutely Of securing these what they call operational technology environments.
Speaker 2:The T yeah, ot yeah. And these are the systems that control the physical the physical processes. Right Like power like power generation broader treatment.
Speaker 1:Exactly. These are different from your typical, oh yeah, completely different IT system.
Speaker 2:Specialized expertise.
Speaker 1:And that SANS report. It really highlights just how widespread this skills gap is.
Speaker 2:Yeah, it's not just a few little isolated cases.
Speaker 1:Yeah, it's everywhere.
Speaker 2:It's a big problem.
Speaker 1:It's a systemic issue.
Speaker 2:Yeah, and it leaves a lot of our Vulnerable circles. Wide open.
Speaker 1:Wide open.
Speaker 2:So, with all this daunting challenge, what can we even do? That's the question. Yeah, this is where.
Speaker 1:Dragos Oatsert comes in.
Speaker 2:So Oatsert that stands for Operational Technology, Cyber Emergency Readiness Team.
Speaker 1:Okay, a mouthful.
Speaker 2:It is a mouthful.
Speaker 1:But basically.
Speaker 2:It's a global cybersecurity hub.
Speaker 1:Yeah, specifically.
Speaker 2:Specifically. For these industrial environments, for these industrial environments and they offer all this stuff. Oh, specifically, specifically For these industrial environments, for these industrial environments.
Speaker 1:And they offer all this stuff.
Speaker 2:Oh yeah.
Speaker 1:Like free resources Nice, including things like vulnerability assessments, threat intelligence reports. So they're helping you Incident response playbooks.
Speaker 2:Wow, that's great.
Speaker 1:Okay, so wait.
Speaker 2:Yeah.
Speaker 1:Vulnerability assessments, incident response. It sounds pretty Technical, technical.
Speaker 2:Vulnerability assessments incident response. It sounds pretty Technical, Technical. Can you break it down for someone who maybe isn't a cybersecurity expert? Yeah, but is responsible for you know?
Speaker 1:Keeping the lights on.
Speaker 2:Keeping the water flowing.
Speaker 1:Yeah, keeping the water flowing.
Speaker 2:In their town.
Speaker 1:Absolutely.
Speaker 2:Yeah.
Speaker 1:So let's say you're in charge of, like Okay, a water treatment plant Of like a water treatment plant.
Speaker 2:Small town Small town Water treatment plant.
Speaker 1:Dragos Ota SERT.
Speaker 2:Okay.
Speaker 1:They've got tools.
Speaker 2:Okay, they can help you find potential weaknesses in your systems. So, like a security audit.
Speaker 1:Security audit yeah for your, For your system.
Speaker 2:Industrial control network.
Speaker 1:Okay, so you can find the weak spots.
Speaker 2:Yeah, you find them Before someone, before the attackers.
Speaker 1:Before they can exploit them Exactly. Okay, that makes sense, that makes sense. What about those?
Speaker 2:incident response playbooks. Yeah, is that like a step-by-step guide?
Speaker 1:for if you actually, oh, if you get attacked, yeah, exactly, okay, it's like having a strategy, a plan, ready to go Exactly. It's like having a strategy A plan Ready to go. Yeah, pre-planned.
Speaker 2:Pre-planned.
Speaker 1:For if something happens, if something bad happens.
Speaker 2:It helps you understand what to do.
Speaker 1:Who to call? Who to call? How to minimize, minimize the impact, the impact. Minimize the damage.
Speaker 2:Okay, so it's like a.
Speaker 1:Like a fire drill, like a fire drill. But for, but for, but for cybersecurity.
Speaker 2:Yeah, exactly.
Speaker 1:OK, I like that, so it's not just about not just about preventing the attacks prevention, but also being prepared.
Speaker 2:Respond If it happens, if it happens.
Speaker 1:That's huge.
Speaker 2:Yeah, it's crucial.
Speaker 1:But Dragosu Cert.
Speaker 2:Yeah. It offers more than just this. Oh yeah, yeah.
Speaker 1:Absolutely.
Speaker 2:Okay.
Speaker 1:One of the best things about Dragosu Cert is their network, their network of members.
Speaker 2:Global network.
Speaker 1:Global.
Speaker 2:Okay.
Speaker 1:Over 900 organizations.
Speaker 2:Wow.
Speaker 1:From 50 different countries.
Speaker 2:That's a lot of people.
Speaker 1:It is 900 members.
Speaker 2:Yeah, and so is that people need this.
Speaker 1:Yeah, they're all sharing information.
Speaker 2:Yeah.
Speaker 1:Best practices.
Speaker 2:What kind of organizations are we talking about?
Speaker 1:So all kinds. You've got energy companies, okay, manufacturers.
Speaker 2:Okay.
Speaker 1:Water utilities.
Speaker 2:Okay.
Speaker 1:Transportation. Wow yeah, okay, water utilities.
Speaker 2:Okay, transportation, wow yeah, so they all, they all see how important this is. It's like a giant cybersecurity think tank.
Speaker 1:But specifically focused on.
Speaker 2:Real world, real world challenges yeah, protecting these, these essential services.
Speaker 1:Essential services. Okay, that makes sense.
Speaker 2:And for people who want to yeah Like really get into it yeah, dragos also has this thing called Dragos Academy. Okay, it's like their training program. Oh yeah, Specialized training.
Speaker 1:Okay.
Speaker 2:Everything from A boot camp. Kind of. They have like introductory courses On industrial control systems. Okay, all the way to, like you know, advanced training.
Speaker 1:Okay, threat hunting Okay, instant response.
Speaker 2:Okay, so like the really.
Speaker 1:The real the in-depth stuff. Yeah, if you want to make a career out of this.
Speaker 2:So that sounds really promising, yeah, but is that enough?
Speaker 1:You think it's enough.
Speaker 2:To actually like.
Speaker 1:To tackle.
Speaker 2:Tackle this global skill shortage? That's a good question. What about these smaller organizations?
Speaker 1:that maybe they don't have the resources for, yeah, for these big fancy training programs, right? Is there a way for? Individuals to get involved, to learn more.
Speaker 2:Absolutely.
Speaker 1:Okay.
Speaker 2:So, drago's Oatsert, they put a lot of their stuff online for free, really yeah.
Speaker 1:Okay.
Speaker 2:Anyone can access it, wow. Vulnerability assessments.
Speaker 1:Okay.
Speaker 2:Best practice guides. So Vulnerability assessments Okay, best practice guides so. Threat intelligence reports.
Speaker 1:Even if you're just starting out.
Speaker 2:Yeah, if you're just starting out. You could learn about Learn about how to the challenges of protecting these industrial environments. Industrial environments, yeah, I like that.
Speaker 1:It's a great resource.
Speaker 2:Okay. So to recap yeah, We've got this pressing issue.
Speaker 1:Yeah.
Speaker 2:A lack of skilled professionals To protect, to protect our critical infrastructure.
Speaker 1:Yeah, all the important stuff.
Speaker 2:From these cyber attacks. Cyber attacks but We've got solutions.
Speaker 1:We have potential solutions.
Speaker 2:Yeah, like Dragos, otsert.
Speaker 1:Dragos Otsert.
Speaker 2:With their free resources.
Speaker 1:Free resources Global network.
Speaker 2:Global network.
Speaker 1:Global network.
Speaker 2:And training opportunities.
Speaker 1:Training opportunities.
Speaker 2:Don't forget. Yeah, this is not just like a.
Speaker 1:Theoretical. A theoretical problem it affects us, all of us. Your daily life.
Speaker 2:Our daily lives.
Speaker 1:The reliability.
Speaker 2:Look at what electricity.
Speaker 1:If the power went out?
Speaker 2:Your water For real, even the products you buy yeah, went out. Your water For real, even the products you buy yeah, all of it depends on secure systems. Secure industrial systems. Think about it.
Speaker 1:What would happen?
Speaker 2:What would happen?
Speaker 1:if a major power grid went down?
Speaker 2:Or a water treatment plant.
Speaker 1:Or a water treatment plant because of a cyber attack.
Speaker 2:Chaos. Economic disruption Even like public safety would be at risk. Yeah, scary thought.
Speaker 1:Scary thought.
Speaker 2:Yeah.
Speaker 1:And that's why it's so important.
Speaker 2:For everyone.
Speaker 1:For everybody to be aware of this.
Speaker 2:This is not just the government's problem.
Speaker 1:Not just the government. That's just corporations. It's everyone's problem.
Speaker 2:We all play a part in this. Okay, problem, we all we all gotta we all play a part in this.
Speaker 1:Okay, so to leave you with something, even if you aren't a cybersecurity expert. Staying informed, being proactive, that can make a difference. Absolutely, you can support policies that prioritize critical infrastructure security. That's huge. You can even ask your local utility about their cybersecurity measures.
Speaker 2:What are they doing? What are they doing To keep you safe?
Speaker 1:And if this is something you're interested in, go check out resources like the ones from Dragos Ocert. Dragos Ocert, because in this crazy interconnected world-.
Speaker 2:It's all connected.
Speaker 1:All connected, so we got to Everyone's responsibility. All connected, so we got it everyone's responsibility it is it's everyone's responsibility yeah, yeah keep these systems safe for sure, okay, that's a good takeaway.
Speaker 2:That's a good takeaway, all right. Thanks for joining us today. Thanks for having me for this deep dive it was fun it was fun all right we'll see you next time see ya. This podcast is supported by otTSET EU cohort.