Beyond Digital by DMI #03: Ransomware Against the World--The Battle for Control System Security
In today’s episode we’re joined by DMI's Senior Cybersecurity Consultant and SME,Raul Rodriguez and Human API and Client Relationship Specialist at SecureNation, Rachel Arnold.
We discuss the ongoing risk posed by cyber-attacks on our world’s most critical infrastructure. They address the operational technology and internal control systems (ICS) in use today as well as the security issues many industries face.
Raul Rodriguez, Senior Cybersecurity SME & Consultant, DMI Rachel Arnold, Human API and Client Relationship Specialist, SecureNation
27:26 "what you don't do today is going to destroy your business nexT week"
EPISODE 3 SHOW NOTES
In this episode of Beyond Digital, we're joined by DMI's Raul Rodriguez and SecureNation'sHuman API and Client Relationship Specialist Rachel Arnold.
Raul is the Senior Cybersecurity Consultant and SME at DMI. As both a technology AND military veteran, his 30-year career spans information technology (IT), operational technology (OT) and instrumentation automation and control systems (IACS).
Over the last 18 years, he has focused on industrial control systems security. Raul actively serves on various global and national cybersecurity leadership roundtables and holds an MBA in Business Management.
Rachel is the Human API and client relationships specialist at SecureNation, a client focused cybersecurity platform and services reseller. Rachel is also the Marketing Director for the ISACA Baton Rouge chapter.
Rachel hosts a weekly live stream titled “The Coffee Table Talks”, which aims to humanize cybersecurity across the industry and highlight positive influences to the global community. In a short amount of time, Rachel has solidified herself as a true connector of people and technology.
IT vs. OT (Operational Technology) - 4:50
From Raul’s experience working years in power plants and industrial technology, he emphasizes the difference between IT and OT, or operational technology. When OT systems go down, all the processes stop. He explains that many attacks recently come in from the business side, IT, and spread over to the OT, creating the potential for massive shutdowns as these systems become more and more interwoven in industries such as energy and maritime transport.
The Vulnerability of Our Supply Chain - 9:46
Rachel points out that a powerful strategy to attack another nation throughout history has been shutting down supply chains, and Raul believes our supply chain is currently in jeopardy. Many of our infrastructure components like transmitters for pressure controls and transformers are imported from overseas, so if an adversary shuts down these supply chains it can impact electricity in homes, hospitals, financial services, and more. US adversaries like Russia have begun to test their cyberattack capabilities on more vulnerable countries like Ukraine with the end goal of being used on the US. Raul and Rachel emphasize the need for cybersecurity vigilance all the way up and down an organization.
The Evolution of Hackers - 13:45
The modern-day hacker is not your traditional hacker stereotype, in a basement, clad in gloves and a hoodie. They wear suits. They have organization. And most importantly, just as cybersecurity experts work to keep up with attacks, the hackers work just as hard to find new ways to infiltrate systems. We, on the cybersecurity defense, Raul explains, have to be vigilant all the time, while an attacker only has to succeed once to cause massive damage.
Ransomware is Iterative - 17:13
Ransomware creators build off of each other and collaborate to eventually launch a successful attack. Rachel doesn’t see that same kind of collaboration on the cybersecurity side of things. She calls the need for more collaboration and sharing of methods between people building cyber defense vital. Raul points out that many cyberattacks go on unannounced, because the victims worry about their stock price or reputation, but this lack of communication comes with a price – we must come together to protect our critical infrastructure.
Build a More Secure Digital Environment - 20:25
It’s paramount that we educate people in organizations from the CEO down to the new hire about what a cyber-attack can look like, what effects it can have, and what can be done on an individual level to mitigate it.
The Human Impact of Cyber Attacks - 25:16
"I know what that panic looks like". Rachel describes her experience living through floods in Louisiana when her entire local infrastructure was down – not even communication with people around her was possible. She’s seen firsthand the pain and chaos that an infrastructure meltdown looks like, and it helps keep her vigilant and up to date on the latest cybersecurity trends.
“What you don’t do today is going to destroy your business next WEEK” - 27:26
With the speed the digital age moves at, catastrophe is right around the corner. The entire power grid of the United States can be taken down in a matter of hours, Raul says. We can’t take our resources for granted, and we certainly can’t take the state of our cybersecurity for granted either.