Ron Brash: Understanding the Small Details to Define Risk
About Ron Brash: Ron Brash, a renowned figure in ICS/OT cybersecurity and embedded vulnerability research, garnered acclaim as the recipient of the Top 40 under 40 award for Engineering Leaders 2020 from Plant Engineering. Serving as the VP of Technical Research & Integrations at aDolus Technology Inc., Ron aligns his passion for ICS/OT security by leveraging his extensive experience in advising major asset owners across industries such as oil & gas, manufacturing, energy, and aviation. His notable achievements include playing a pivotal role in creating datasets for the S4 ICS Detection Challenges, reflecting his commitment to advancing industry standards and fostering innovation in cybersecurity.
In this episode, Aaron and Ron Brash discuss:
- Understanding and managing vulnerabilities in OT systems
- Balancing risk, detection, and recovery
- Exploring the intersection of cybersecurity, business risk, and vendor collaboration
- Navigating challenges in industrial networks
Key Takeaways:
- In the complex world of industrial cybersecurity, understanding and managing vulnerabilities is like conducting a home inspection or maintaining a car—focus on what matters most, prioritize based on critical assets, and approach it with a measured, pragmatic strategy rather than panicking in the face of a long list of issues.
- Achieving zero incidents is an unrealistic goal, and the focus should shift towards proactive detection, deflection, and defense, along with a robust recovery plan, emphasizing the importance of people, processes, and technology, particularly in the context of evolving technologies and complex vendor landscapes.
- The key to cybersecurity success lies in translating technical intricacies into tangible business value, effectively correlating cyber and architectural considerations to business risk, as demonstrated by a strategic approach involving transparency, attestation, and collaboration with vendors, ultimately leading to improved security measures and operational efficiency.
- Navigating the challenges of aging industrial systems, transparency issues in software development, and evolving threat landscapes underscores the crucial importance of a collaborative community effort to ensure the resilience and security of critical infrastructure in the face of emerging threats.
"Some are very forward-leaning and some believe in the democratization of data, and some are more old school and don't want to share a thing. Within the realm of business, and to be truly fair, no business is homogenous. So, there are different business units that might be more modern and more open facing, and others that are like, don't touch this because you don't know what other industries we're working in." — Ron Brash
Connect with Ron Brash:
Connect with Aaron:
Learn more about Industrial Defender:
