Episode 32
Interview
In this episode, Aaron is joined by Paul Shaver, an experienced OT security consultant from Mandiant, part of Google Cloud. Together, they navigate the nuanced landscape of operational technology (OT) cybersecurity.
The episode begins with Aaron recalling a critical incident at a power plant that underscores the potential pitfalls in OT environments. This sets the stage for a rich discussion on the evolution of OT technology, with Aaron and Paul reminiscing about primary domain controllers and early NT workstations.
The conversation shifts to the future of OT in the cloud, where Paul highlights the benefits of cloud solutions, including enhanced resiliency, security, and data optimization through AI. A compelling customer case study illustrates modern technology adoption with web-based HMIs and Chromeboxes.
Paul offers a detailed analysis of the current OT cybersecurity landscape, addressing the persistent legacy system challenges and the need for a cohesive IT-OT security strategy. He discusses the evolving threat landscape influenced by global geopolitical tensions and the rise of zero-day vulnerabilities.
Listeners will gain practical insights into foundational cybersecurity measures, such as network segmentation, asset inventory management, and robust access control..
Key Moments:
04:14 Connecting IT and OT optimizes processes securely.
09:54 Lost production severely impacts manufacturing revenue recovery.
14:06 Ensure network notifications; control access, separate credentials.
17:10 Engineers need secure access to adjust parameters.
21:55 Endpoint detection on older systems is critical.
28:47 Resilience is crucial in CrowdStrike incident response effectiveness.
32:11 Limited resources for global incident response efforts.=
39:22 Rebuilt domain controller caused authentication issues.
42:37 Focus on resiliency and cloud opportunities, leveraging multi-cloud.
44:59 Improve grid operations using cloud and hyper-converged technology.
48:38 Local cloud provides redundancy for remote sites.
51:15 Critical for acquisition process and problem-solving.
About the guest :
Paul Shaver has dedicated more than two decades to various roles in Operational Technology (OT), primarily within the oil and gas industry. His expertise spans OT architecture, design, and build, along with run and maintaining responsibilities as an asset owner.
Before transitioning into cybersecurity, Paul served as a Technology Director for an oil and gas company in California. Driven by a burgeoning interest in security, he joined Mandiant nearly five years ago. At Mandiant, now part of Google, Paul relishes the mission of enhancing security postures in OT and critical infrastructure, contributing to significant advancements in the field.
How to connect Paul: https://www.linkedin.com/in/pbshaver/
Connect With Aaron Crow:
Learn more about PrOTect IT All:
To be a guest or suggest a guest/episode, please email us at [email protected]
Subscribe to PrOTect IT All and stay ahead of the threats targeting critical infrastructure.