Aperture Podcast: OT-ISAC on Threat Intel Sharing, ICS Resilience
By Michael Mimoso | Feb. 2. 2022
Participants in information-sharing groups, regardless of industry, share an innate hesitancy to deliver relevant information about incidents to others. The reasons are plentiful: victims don’t want to share they’ve been breached with competitors, legal counsel may be denying their efforts to share, or they just don’t want to fuel future attacks with any appearance of vulnerability.
Bill Nelson, director and officer of the Operational Technology Information Sharing and Analysis Center (OT-ISAC) knows the ropes and the struggle. As former president of the Financial Services ISAC (FS-ISAC), Nelson saw information-sharing opportunities go to waste while attackers widened their intelligence gap over defenders.
In this episode of Claroty’s Aperture podcast, Nelson joins to discuss the information-sharing dynamic within OT-ISAC, and the need to share indicators of compromise and other incident information within an industry tasked with keeping public safety and national security as top priorities.
Download This Episode of Aperture Here
“The big thing to understand is that the sharing of information is not a competitive issue,” Nelson said, recalling how members of the FS-ISAC carried the belief that since security was a competitive advantage, they would not share incident information.
“There were two large institutions in New York that made the decision that they would start sharing everything,” Nelson recalled. “That was a big change. When they started doing that, the other financial institutions saw it and they were able to stop attacks. They realized the benefit, and they started sharing themselves.”
Nelson hopes to ramp up similar sharing within OT-ISAC and its member organizations. “I thnk it’s a learning process; they start to see what the benefits are,” Nelson said. “It’s not all about member-to-member sharing too. We’re getting information from government partners which is valuable. We’re getting it from other sectors, intelligence vendors, and companies within the OT space.”
Listen to the rest of this conversation, and learn:
- More success stories and challenges from other industry ISACs that the OT-ISAC is considering
- A new operational resilience framework from the Business Resilience Council working group that focuses on recovery solutions beyond backups
- Work being done to help OT asset owners and operators recover data, applications, devices, OT systems, architecture, and more within the industrial domain