Robert M. Lee
Robert is a recognized authority in the industrial cybersecurity community. He is CEO and co-founder of
Dragos, a global technology leader in cybersecurity for industrial controls systems (ICS)/operational
technology (OT) environments.
In addition, Robert serves on the Department of Energy's Electricity Advisory Committee as the Vice
Chair of the Department of Energy's Grid Resilience for National Security Subcommittee, and is a
member of the World Economic Forum's subcommittees on Cyber Resilience for the Oil & Gas and
Electricity communities.
Robert is routinely sought after for advice and input on cybersecurity for industrial infrastructure and is
regularly asked to brief national leaders. He testified to the U.S. House of Representatives Committee
on Energy and Commerce--Subcommittee on Oversight and Investigations, and to the U.S. Senate
Energy and Natural Resources Committee, to advise on policy issues related to critical infrastructure
cyber threats. He is a member on the Reserve Forces Policy Board, Office of the Secretary of Defense;
and also serves on the board of the National Cryptologic Foundation. He has also presented at the
World Economic Forum Annual Meeting in Davos, and industry leading conferences such as RSA,
SANS, BlackHat, and DefCon on the topic of industrial cybersecurity and threats.
Robert began his pioneering work in ICS/OT cybersecurity as a U.S. Air Force Cyber Warfare
Operations Officer tasked to the National Security Agency, where he built a first-of-its-kind mission
identifying and analyzing national threats to industrial infrastructure. He went on to build the industrial
community's first dedicated monitoring and incident response class at the SANS Institute (ICS515) and
the industry recognized cyber threat intelligence course (FOR578). Today he is a SANS Fellow.
SC Media named Robert the Security Executive of the Year for 2022. A business leader but also
technical practitioner, he helped lead the investigation into the 2015 attack on Ukraine's power grid, the
first time an electric system was taken down due to a cyberattack. With his team at Dragos he has been
involved in the most significant cyberattacks on industrial infrastructure, including the investigation and
analysis of the 2016 attack on Ukraine’s electric system, the 2017 TRISIS attack on a Saudi Arabian
petrochemical facility in the first attempt to try to kill people through malicious software, and the 2021
Colonial Pipeline ransomware attack. In 2022, his team at Dragos uncovered PIPEDREAM, a highly
flexible framework to attack industrial infrastructure globally. Robert’s work has been featured in the
book Sandworm and on 60 Minutes.
@RobertMLee
Preferred Social Media –X/Twitter
Sessions
Live in Track 1, Simulcast in Tracks 2-4
Evolving Cyber Threats to Industrial Systems: Understanding Trends and Applying Controls
Robert M. Lee will share the latest updates to the Dragos OT Cybersecurity Year in Review, the most comprehensive report on cyber threats facing industrial organizations today and trends shaping tomorrow. Robert will share details on the TTPs used by the most active OT threat groups, including VOLTZITE, which overlaps with Volt Typhoon. Robert will also detail FrostyGoop, the 9th ICS-specific malware and first that uses Modbus TCP communications to achieve an impact on OT—as seen in a January 2024 Ukraine cyberattack that left 600 apartment buildings without heat. Audience members will hear success stories of how industry, government and the vendor community collaborated for collective defense to get ahead of some of the most sophisticated, cross-sector OT threats ever seen. These threats include PIPEDREAM, and the Rockwell ControlLogix vulnerability and APT exploit. Also shared will be incident response insights, steps organizations should adopt to protect against these threats, and how to operationalize defensive recommendations and mitigation strategies to reduce the overall risk to ICS/OT environments.
Live in Track 1, Simulcast in Tracks 2-4
Evolving Cyber Threats to Industrial Systems: Understanding Trends and Applying Controls
Robert M. Lee will share the latest updates to the Dragos OT Cybersecurity Year in Review, the most comprehensive report on cyber threats facing industrial organizations today and trends shaping tomorrow. Robert will share details on the TTPs used by the most active OT threat groups, including VOLTZITE, which overlaps with Volt Typhoon. Robert will also detail FrostyGoop, the 9th ICS-specific malware and first that uses Modbus TCP communications to achieve an impact on OT—as seen in a January 2024 Ukraine cyberattack that left 600 apartment buildings without heat. Audience members will hear success stories of how industry, government and the vendor community collaborated for collective defense to get ahead of some of the most sophisticated, cross-sector OT threats ever seen. These threats include PIPEDREAM, and the Rockwell ControlLogix vulnerability and APT exploit. Also shared will be incident response insights, steps organizations should adopt to protect against these threats, and how to operationalize defensive recommendations and mitigation strategies to reduce the overall risk to ICS/OT environments.
Live in Track 1, Simulcast in Tracks 2-4
Evolving Cyber Threats to Industrial Systems: Understanding Trends and Applying Controls
Robert M. Lee will share the latest updates to the Dragos OT Cybersecurity Year in Review, the most comprehensive report on cyber threats facing industrial organizations today and trends shaping tomorrow. Robert will share details on the TTPs used by the most active OT threat groups, including VOLTZITE, which overlaps with Volt Typhoon. Robert will also detail FrostyGoop, the 9th ICS-specific malware and first that uses Modbus TCP communications to achieve an impact on OT—as seen in a January 2024 Ukraine cyberattack that left 600 apartment buildings without heat. Audience members will hear success stories of how industry, government and the vendor community collaborated for collective defense to get ahead of some of the most sophisticated, cross-sector OT threats ever seen. These threats include PIPEDREAM, and the Rockwell ControlLogix vulnerability and APT exploit. Also shared will be incident response insights, steps organizations should adopt to protect against these threats, and how to operationalize defensive recommendations and mitigation strategies to reduce the overall risk to ICS/OT environments.
Live in Track 1, Simulcast in Tracks 2-4
Evolving Cyber Threats to Industrial Systems: Understanding Trends and Applying Controls
Robert M. Lee will share the latest updates to the Dragos OT Cybersecurity Year in Review, the most comprehensive report on cyber threats facing industrial organizations today and trends shaping tomorrow. Robert will share details on the TTPs used by the most active OT threat groups, including VOLTZITE, which overlaps with Volt Typhoon. Robert will also detail FrostyGoop, the 9th ICS-specific malware and first that uses Modbus TCP communications to achieve an impact on OT—as seen in a January 2024 Ukraine cyberattack that left 600 apartment buildings without heat. Audience members will hear success stories of how industry, government and the vendor community collaborated for collective defense to get ahead of some of the most sophisticated, cross-sector OT threats ever seen. These threats include PIPEDREAM, and the Rockwell ControlLogix vulnerability and APT exploit. Also shared will be incident response insights, steps organizations should adopt to protect against these threats, and how to operationalize defensive recommendations and mitigation strategies to reduce the overall risk to ICS/OT environments.