Aperture Podcast: Exploring and Navigating OT for CISOs
By Michael Mimoso | Nov. 11, 2021
Many chief information security officers (CISOs) must today consider operational technology and industrial cybersecurity in their risk models because of digital transformation and IT/OT convergence. And while the business enjoys new efficiencies around centralized management and better performance analytics, CISOs have to contend with a whole new world of operators, asset owners, and security vendors.
Security and risk managers must find a way to communicate and collaborate with asset owners and keep the business secure to an ever-mobile variety of threats. OT, meanwhile, must learn to speak the language of business and learn how to best hurdle long-standing barriers between IT and those responsible for process safety and reliability.
In this episode of Claroty’s Aperture podcast, Splunk OT security strategist Chris Duffey and Global Advisory CISO Doug Brush join to discuss this journey and describe from their respective experiences how CISOs navigate and meet these new challenges.
One place to start, they said, is for CISOs to establish themselves as trusted partners and advisors.
“You need to leverage each other’s experience and knowledge, but it’s got to be done in a collaborative way,” Duffey explained. “It can’t be one side dictating to the other.
“Frankly for a lot of OT teams, because they’re tied directly to the revenue of the company, it’s easy for them to say ‘This will affect operations; we’re going to lose money.’ Or, ‘there’s a safety implication,’” Duffey said. “You definitely want to have that trusted relationship and leverage domain expertise. If you leverage those people, they’re going to realize this is a different approach and they really care about what I’m doing.”
Throughout this podcast, you’ll learn more about:
The knowledge, technology, and staffing gaps that pose a challenge for CISOs as they embrace OT
How successful CISOs operationalize visibility and other processes to foster success
The best ways to focus on safety and reliability and not solely on the CIA Triad prevalent in IT circles