Cybersecurity Challenges Facing Remote Operators of OT and other Critical Infrastructure Systems

U.S. critical infrastructure must guard against malicious cyberattacks by implementing encryption and authentication at all access points for connected OT assets or continue to face an increased level of cyber risk.

Russian hackers are attempting to broadly penetrate Ukrainian infrastructure to disrupt critical services such as electricity, transportation, finance, and telecommunications.

Watch this video and learn simple methodologies for building a zero-trust architecture to protect against such cyberattacks, including:

  • Ensure all communication from IT/Internet to OT network is encrypted
  • Ensure there is no data-in-transit for any user sessions not associated with a multi-factor authenticated session
  • Isolate all data communication protocols to OT network
  • Ensure all user access session data to critical OT systems are logged and recorded
  • Ensure plant-level controls for allowing remote access through “software lockbox” and “virtual wait lobby,” including visual and audible alarms
  • Monitor all non-read-only user access sessions
  • Verify acceptable risk level for access to critical assets through asset monitoring, threat (IOC) feeds, and vulnerability detection tools.

 

Speakers:

Mark Weatherford

Mark Weatherford is the (virtual) Chief Information Security Officer at AlertEnterprise, the Chief Strategy Officer (and a Board member) at the National Cybersecurity Center, and the Founding Partner of Aspen Chartered Consulting, where he provides cybersecurity consulting and advisory services to public and private sector organizations around the world.

Mark has held a variety of executive level cybersecurity roles including Global Information Security Strategist at Booking Holdings, Chief Cybersecurity Strategist at vArmour, a Principal at The Chertoff Group, Chief Security Officer at the North American Electric Reliability Corporation, and Chief Information Security Officer for the state of Colorado. In 2008 he was appointed by Governor Arnold Schwarzenegger to serve as California’s first Chief Information Security Officer and in 2011 he was appointed by the Obama Administration as the Deputy Under Secretary for Cybersecurity at the U.S. Department of Homeland Security.

 

Bill Moore

Bill Moore is the CEO and Founder of XONA, providers of a unique zero-trust user access control and analytics platform for critical infrastructure. Currently focused on helping global power, oil and gas, and manufacturing customers reduce their remote operations costs and cyber risks, Bill has 20+ years of experience in security and the high-tech industries, including positions in sales, marketing, engineering and operations.

Protecting Industrial Control Systems (ICS) from Modern Threats – Dark Reading Webinar

A 2021 attack on an industrial control system (ICS) at a water treatment plant in a small town in Florida raised eyebrows and surfaced new fears about the risks these kind of systems face. Unfortunately, many ICS systems are working on legacy technology and are unprepared for modern cyber attacks. In this Dark Reading webinar, experts discuss the current threat posed to ICS systems, the tools and practices needed to defend them, and the skill sets required to operate those defenses.

Watch this video to learn:

  • Better understand the differences between ICS and IT security, as well as what they have in common.
  • Be able to more accurately identify potential risks with ICS infrastructure.
  • Gain new insight into the unique threats posed by industrial controls, and how you can bolster your defenses.
  • Learn new techniques for protecting your organization’s most valuable industrial assets.

Speakers:

Jason Clark, Independent Security Researcher

Dr. Jason Clark is a subject matter expert in cyber security with nearly 20 years of real-world experience within the intelligence community, academia, and industry. He has extensive knowledge and experience on a variety of technology related topics. Currently, his main area of interest is researching and analyzing better methods to detect, deter, and mitigate insider threats.

 

Bill Moore, CEO & Founder, XONA

Bill Moore is the CEO and Founder of XONA, providers of a unique zero-trust user access control and analytics platform for critical infrastructure. Currently focused on helping global power, oil and gas, and manufacturing customers reduce their remote operations costs and cyber risks, Bill has 20+ years of experience in security and the high-tech industries, including positions in sales, marketing, engineering and operations.

Demystifying Zero Trust to Protect Connected Assets in OT – Webinar

What Zero Trust Really Means in Complex OT Environments and How it Ensures Reliable Protection from Intrusion

Over the past few years, “zero trust” has become a commonly used phrase for security professionals. While we may understand that a zero-trust framework or architecture should be implemented as part of network or cybersecurity measures, what does this practically mean for operational technology? What does zero trust actually entail, and how does it keep critical assets safe?

In this webinar, Peter Gregel, Chief Architect for XONA and a veteran in IT security operations with extensive experience deploying mission-critical systems for the U.S. government and critical infrastructure, will answer these questions while discussing:

  • A clear and simple analogy that makes zero trust easy to understand
  • Features like multi-factor authentication and their role in zero trust
  • How and why to keep a close eye on your attack surface
  • Why complexity does not make you more secure and, in fact, introduces more risk
  • Tips to validate your network scanning and protection efforts
  • The role certifications like NERC CIP play in zero trust

 

Speaker:

Peter Gregel
Chief Architect, XONA 

Originally from Cleveland, Ohio, and currently living in Frederick, Maryland, Peter is a veteran IT security operations and architecture expert with more than 20 years of experience. Peter has led projects at some of the largest security and hardware vendors, specializing in U.S. government intelligence operations. He has served in the United States Navy and at the National Security Agency and has extensive experience deploying mission critical systems for the U.S. government and critical infrastructure.