Security Breach: DMZs, Alarm Floods and Prepping for 'What If?'

The new factors impacting a growing attack surface, and how to evolve your cyber risk strategies.

The origins of what we talk about here on Security Breach can go back to any number of transformational events, but the reality is that all of them contributed an individual component to the unique mosaic that is the legacy of industrial cybersecurity. What is most interesting is that the first hacks of industrial control systems occurred at water treatment facilities, oil and gas pipelines and energy plants.

These targets were chosen because they simultaneously provided great visibility, heightened social impact, and, most notably, easily exploitable vulnerabilities. In most cases, these attacks allowed the hackers to accomplish all of their early financial and self-promotional goals, along with longer-term benefits that we’re all dealing with now – how to successfully probe the ICS.

John Cusimano, VP of OT Security at Armexa is our guest for this episode. He's seen hackers apply these lessons learned about the industrial control system first-hand, and has some interesting thoughts on the current threat landscape, as well as solutions for keeping your systems secure. Watch/listen as we discuss:

  • How he transitioned from a safety and automation engineer to a career in OT cybersecurity.
  • The benefits of failing in a safe manner.
  • The new dangers of remote monitoring.
  • Ways to implement application safe listing.
  • Always being prepared to answer the 'what if?' question.
  • Micro-segmentation and DMZ strategies.
  • Best practices for patching and avoiding alarm floods.
  • Why his biggest concern lies in a large-scale, coordinate attack on the ICS.

To catch up on past episodes, you can go to Manufacturing.netIEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at [email protected]

To download our latest report on industrial cybersecurity,  The Industrial Sector’s New Battlefield, click here.

More in Video