OT and IT: love & marriage

One of my favourite topics that i had the pleasure to discuss various times and encounter in different organisation over the years: the differences between these 2 organizational entities, and almost species, well eh let’s call it cultures, within the same organization. Mostly the responsibilities are separated by a firewall separating the Enterprise network from the industrial network with. The DMZ is mostly the creation of a one-time set-up by the IT team and then assumed to be supported by the OT team.

Kris Krewson and Lesley Carhart describe it very clearly and vividly in this article called 5 Tips for a Happy Marriage Between IT Cybersecurity and Operational Technology Teams.
The article itself is a product of an OT and IT fling:
OT (Lesley Carhart from Dragos – OT Security)
IT (Kris Krewson from Crowdstrike – IT Security)

Dragos is from Bobby M. Lee and Crowdstrike is known for their DNC forensics and from Trumps free publicity.

Some quotes from the article that I recognize:

We’ve delivered tabletop incident response exercises at manufacturing plants where the OT personnel did not know they had a corporate IT cybersecurity team, much less that they could or should call them for support during an incident.

If process owners’ primary concerns are bodily harm, environmental contamination or loss of production, they may determine that a compromised computer or controller could not realistically lead to these outcomes. 

Build individual relationships across both teams. At many sites, we find operators and engineers who have worked at the facility for decades and know the process and people inside and out. These are people to seek out, respect and learn from. “

The picture is from Cisco’s blog entry called A Bromance for the Ages: When IT met OT

OTCSA

A new cybersecurity alliance focused on the security of operational technology: Operational Technology Cyber Security Alliance (OTCSA) Designed to mitigate risk and assess business impact from cyberattacks on utilities, manufacturing and oil and gas industries and physical control devices.

The group is launching as operational technology operators are increasingly targeted by nation-state actors as well as cybercriminals.

Initial members of the Operational Technology Cyber Security Alliance include ABB, Check Point Software, BlackBerry Cylance, Forescout, Fortinet, Microsoft, Mocana, NCC Group, Qualys, SCADAFence, Splunk and Wärtsilä.

My 2 cents: these are not the typical OT security vendors. Is it then a new initiative to shine some OT security light on the traditional IT security players?

Mr. Robot – Season 4

“We staged the biggest coup in the history of civilization and everyone volunteered to join”

Love this show since this one has the tech right and the story is right as well. Love it when seeing him using Protonmail, Linux Mint, Kali, wireshard, PCAP password dumps and python script to dig through them.

I am not going to say anything more about it since a spoiler might fire back at me.

“And that’s why I took the initiative in creating the internet” – Al Gore.

Small trip back to memory lane. AltaVista anyone?
Deus group