Podcast: Episode #43 - Don C. Weber: The Gray Area Between OT and IT

Don C. Weber: The Gray Area Between OT and IT

About Don C. Weber: Don C. Weber is the Principal Consultant and Founder of Cutaway Security, LLC, an information security consulting firm based in Texas. With a master's degree in network security and a Certified Information Systems Security Professional (CISSP) certification, Don has a wealth of expertise gained over two decades. As a seasoned leader, he has spearheaded large-scale incident response efforts, overseen the certification and accreditation of classified federal and military systems, and managed distributed security teams safeguarding mission-critical Navy assets. A prolific contributor to open-source projects in the realm of information security and incident response, Don focuses his current efforts on assisting organizations in fortifying their critical infrastructure and operational technology environments through comprehensive vulnerability evaluations and strategic security solutions.

In this episode, Aaron and Don C. Weber discuss:

• Navigating the convergence of IT and OT in cybersecurity
• Addressing the gray area in OT and IT collaboration
• Enhancing cybersecurity in control systems
• Embracing cloud technology in ICS security

Key Takeaways:

• Understanding the distinct languages, processes, and incident response approaches between IT and OT is crucial for effective cybersecurity in the evolving landscape, requiring a collaborative baseline to ensure efficient communication and decision-making during critical incidents.
• The integration of OT and IT in cybersecurity strategies is crucial, and addressing the often overlooked gray area between these domains requires proactive collaboration, communication, and education to bridge the gap and ensure a comprehensive approach to security measures.
• The integration of cybersecurity measures in control systems requires a holistic approach, involving clear requirements, collaboration between IT and OT experts, and a shift from the traditional "we've always done it this way" mindset to address evolving challenges and ensure the resilience and safety of critical infrastructure.
• As industries rapidly transition to cloud-based solutions, failure to integrate IT and OT teams, train IT professionals about OT, and prepare for potential vulnerabilities in cloud services can lead to increased costs, heightened risks, and a competitive disadvantage in the evolving landscape of ICS security.

‍
"Does the OT side understand anything about cloud? No, that's not their job. Whose job is it? It's the job, right now every company has an IT admin or an IT team, a full team for managing cloud within the corporate environment. If you don't accept, if you don't allow some leadership people from those teams in and start building out your cloud team, you're going to quickly fall behind the times, you're going to be deploying solutions that are vulnerable to remote attacks." — Don C. Weber
 

Additional Resources:

SANS Industrial Control Systems Security: https://www.sans.org/industrial-control-systems-security/

ICS Village: https://www.icsvillage.com/

‍Connect with Don C. Weber:  

• Email: don@cutawaysecurity.com
• Website: https://www.cutawaysecurity.com
• LinkedIn: https://www.linkedin.com/in/cutaway/
• GitHub: https://github.com/cutaway-security

‍
Connect with Aaron:

• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about Industrial Defender:

• Website: https://www.industrialdefender.com/podcast 
• LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/
• Twitter: https://twitter.com/iDefend_ICS
• YouTube: https://www.youtube.com/@industrialdefender7120‍