Podcast: Episode #24 - Pete Mauro: Designing System Security Before ‘Cyber’ Became Part of Everyday Vocabulary.

July 6, 2023

The PrOTect OT Cybersecurity Podcast recently spotlighted Pete Mauro, a seasoned entrepreneur deeply entrenched in the defense sector. Pete, currently steering the startup DTCUBED—which focuses on cybersecurity and digital transformations—has a legacy of aligning technology with federal market needs. A significant part of this legacy is his impactful tenure at Gryphon Technologies.

Pete's entry into the digital safety arena showcased a visionary stance. Even before the term 'cybersecurity' took the world by storm, Pete had been exploring system design, emphasizing both safety and security. When technological advancements brought forth smarter devices and systems, Pete saw opportunities where many saw obstacles.

His rich history in Test and Evaluation, especially in assessing threats to naval vessels, granted Pete a unique lens. The threats, once mostly physical, have transformed into today's cyber threats. Tackling these new-age digital challenges was something Pete was already equipped for, thanks to his hands-on experience.

Deep Dive into US Navy OT Systems

One memorable incident from Pete's career involved an inadvertent trigger of aqueous film-forming foam on a new destroyer ship, all because the IT team ran a system scan on an OT device aboard the ship. Though amusing in retrospect, the event pinpointed critical gaps in understanding. This inspired Pete and his colleagues at the Naval Surface Warfare Center in Philadelphia to devise solutions to avert such missteps.

By the late 2000s, Pete was actively shaping the Navy's machinery control system guidelines, crucial for ship operations. Despite having advanced frameworks, the existing risk management strategy often felt more like a checklist than an all-encompassing risk assessment. Spotting this gap, Pete's team, under Navy directives, developed a vulnerability assessment tool tailored for examining cyber weaknesses in complex weapon systems.

Pete's insights into cybersecurity underscore the importance of adaptation, innovation, and education. His dedication illustrates that the right approach to cybersecurity can bolster protection, enhance efficiency, and achieve significant cost savings.

Debunking OT Cybersecurity Myths

There's a misconception on the operational floor: if a device isn't online, it's safe from cyber threats. Pete challenges this, asking how software or firmware gets updated. The assumption of security can lead to dangerous oversights, especially when devices are hurriedly added without strictly following protocols. Even a benign component, like a printer, can pose a threat. Pete cites a case where a printer vulnerability compromised an essential system on a warship.

To help laypeople grasp the intricacies of OT cybersecurity, Pete draws parallels between digital safeguards and physical security, highlighting the need for multi-layered defense strategies.

Striking a Balance Between Functionality and Protection

Central to OT cybersecurity is a simple principle: know your system thoroughly before protecting it. Pete draws an analogy: securing a misunderstood system is akin to blindfolded darts—occasional hits, but mostly misses. While some might consider a system upgrade as a solution, in settings like Navy ships, such changes can be long-winded and expensive. Alternatives might involve network segmentation or implementing advanced encryption.

Balancing security with functionality can be tricky. For Pete, it means integrating security measures that enhance the overall security fabric, even if they might not be immediately functional. And while technology can ease this balance, a significant part of the challenge lies in culture and acceptance.

Approaching these challenges requires a two-pronged strategy. Pete realized that while the insurance sector can assess IT risks, they grapple with OT system threats. Their methods often miss out on the subtleties of OT risks. Pete's solution is a dual approach: involve both ground-level engineers and top-tier decision-makers. This convergence from both ends, Pete believes, results in more robust cybersecurity strategies.

To get the full insights from Pete Mauro, tune into the episode here.