Shifting concerns with industrial cybersecurity

March 30, 2020
"The security state is highly varied, but generally wanting."

What keeps you up at night?

Enterprise data breaches? Perhaps. But cyberattacks to critical infrastructure are increasingly weighing on the minds of IT security pros and the business owners who employ them, according to a recent report by industrial-cybersecurity company Claroty.

Claroty's Dave Weinstein

We wanted to learn more, so we connected with Claroty CSO Dave Weinstein, who shared his perspective on legacy systems, remote accessing assets, and the strengths and vulnerabilities in the manufacturing space.

Take a look…

Smart Industry: What is the security state of domestic infrastructure?

Dave: In short, the security state of domestic infrastructure is highly varied, but generally wanting. Legacy operational technologies (OT) and industrial-control systems weren't necessarily designed with security in mind. Therefore, the convergence of industrial networks with enterprise networks is exposing a fragile infrastructure to both collateral damage and targeted attacks. At the same time, newer OT systems are orders-of-magnitude more secure than they have been in the past; owners and operators of these systems are implementing security controls and integrating IT and OT security operations more than ever before. The state of industrial security isn't going to change overnight, but it's trending in the right direction.

Smart Industry: Where does the manufacturing sector come into play here? 

Dave: Manufacturers are some of the more aggressive embracers of IT/OT convergence. They're connecting their factories at high rates and relying on remote access in lieu of boots on the ground for maintenance and other operational needs. At the same time they are laser focused on uptime, so they can't afford a cyber-incident that risks bringing production to a costly halt.

Smart Industry: What industries are particularly vulnerable?

Dave: Generally speaking, those industries that embraced IT/OT convergence the most aggressively are experiencing more heightened levels of cyber-risk. Manufacturing and all of the sub-sectors that comprise it—food and beverage, automotive, pharmaceuticals, etc.—fall into this category. At the same time, they're also among the most serious when it comes to maturing their OT security posture. The energy sector, namely oil and gas and electric utilities, are also extremely proactive about addressing these emerging cyber-risks, many of which relate to their growing dependence on remote access and a rising threat profile.