Insights from Cybersecurity Expert Gary Difazio
We’re conducting one-on-one interviews with several Tripwire in-house experts to showcase their insights and experience. You may have seen some of their bylines in past Industrial Cybersecurity blog posts. In this series, we provide a glimpse into each expert’s perspective on the current state of industrial cybersecurity. You’ll learn more about how they have been working with Belden industrial customers to help bolster their network security and optimize their uptime in today’s challenging environment.
Gary, what is your current role and how do you interact with Belden customers?
I'm currently Director of Marketing for Industrial Cybersecurity at Tripwire. One of my key roles is to serve as a conduit between Tripwire and Belden so we can better work together to serve our OT customers. For example, I work with Belden representatives and channel partners to identify potential industrial cybersecurity solutions and present them to customers from a technical point of view.
How do you see the current state of the OT environment?
The OT environment is evolving and coming to terms with the fact that a greater understanding of cybersecurity threats and how to mitigate them is needed. As IT professionals know from years ago, there's a learning curve that comes with this. I find a lot of industrial organizations that have moved forward still have a “set and forget” mentality. They’ve been proactive to set things up, but then don’t monitor or think about it too much. For example, they have a firewall but they’re not looking at the logs—so the firewall could be constantly bombarded with malware and they don’t know about it. Or, they might deploy a switch that has valuable security features such as enabling encryption or authentication, but they haven’t put those tools to use to protect their environment. We understand why that is.
For decades, industrial environments never had outside connectivity. It wasn’t something they needed to consider. Now they have it, they can deliver huge benefits to OT but it also adds risk, and that needs to be managed. And as more and more devices/equipment are connected to a network, and equal amount of potentially potentially bad things can happen. As far as cyber-capabilities evolve, cybersecurity must evolve in lockstep. It’s not difficult however, the mindset to take action must be there.
How do you think the acquisition of Tripwire benefits the traditional Belden customer?
Belden is very trusted in the industrial environment and has a lot of long term customers who are facing these cyber security issues right now. I think many OT people might know that they need to move more decisively on cyber security but might not know what steps to take. This can be overwhelming and lead to inaction. Often, they don’t know the technology and they don’t know how to position the situation accurately to executives to get the funding they need to move ahead at all. So I think that having Belden, who they’ve worked with successfully for so long, in their corner and able to offer expertise through Tripwire seems like a very helpful, complementary and much needed service.
How do you get OT customers started, or accelerated, as the case may be?
Once they have a trusted cyber security resource to tap into, things can usually move a bit smoother. We try to educate the customer to help them move beyond their current level of cyber security knowledge and sophistication, whether they are complete beginners or have things underway a bit. Tripwire has a proven ability to assess the customer’s configuration and build on it, effectively working toward a secure state. There are several areas that can loom large and have low hanging fruit where dramatic improvements can be made relatively easily. They’re where IT started in the late 1990s and are pretty much a given in the enterprise environment although still immature or even unknown in the industrial environment. For example, are the OT networks properly segmented and individually protected?
The lack of segmentation not only between IT and OT networks but between different OT roles and processes is what allows malware like WannaCry to spread from the IT side and quickly take over OT process after process just flowing through and wreaking havoc unimpeded. Another thing to look at right up front is secure remote access. OT environments often have all sorts of people logging in remotely—employees, contractors, vendors, integrators and more - and many times it’s not done securely. That’s asking for trouble. And of course asset inventory. If you don’t know what you have you’re probably not keeping it up to date and properly configured, much less keeping it secure. And that’s very common too.
Based on your experience, what insights can you offer OT organizations as they work to improve their cyber security?
I congratulate them for taking the proactive steps to protect their operations and not just rolling the dice and hoping nothing bad happens because, odds are, eventually it will. It’s like if you have high cholesterol—ignoring it isn’t going to make it go away, it’s only going to allow it to get worse and keep you from taking positive steps to fix it. Sometimes our most motivated customers are those that have found this out the hard way—they call Tripwire right after they’ve had a cyber incident that cost them hundreds of thousands of dollars. Certainly, we’re the guys who can help them make sure that it doesn’t happen again, but how much better would it be if it had never happened in the first place?
Fortunately customers can also be highly motivated by the positive. For example, North American utilities are being required by the North American Electric Reliability Corporation Critical Infrastructure Protection plan (NERC-CIP) regulation to implement certain protections in their operation. And many make that investment and soon they want to voluntarily implement the same level of security in areas that are not under the regulation because they’ve seen how effective it can be. Really, I think the most valuable insight people discover on their own is that stronger cyber security environments are often stronger operational environments because the visibility into your operation gives you the ability to perform better in every way. You can catch a device failing or a process error faster and recover quickly because you are that much more aware of your environment. So people realize that cyber security is not necessarily a separate issue, but is an integral part of a high performing, continuously improving operation.