2024-11-22 –, Ngaio Marsh Theatre
The most common definition of OT (Operational Technology) includes ICS (Industrial Control Systems). This talk will present an alternative view which better aligns to current practice, both in NZ and globally. The talk will address some of the conflict in terminology and discourse around what good OT cyber security looks like - generally from a defender perspective. The talk will include key insights and takeaways technical and non-technical, regardless of your OT security maturity.
Industrial cyber security is a harder problem than corporate/enterprise cyber security. The requirements are different. Most systems and protocols are insecure-by-design. Many systems are un-patched and/or un-patchable. The part-art and part-science of OT cyber security is far less mature than more well-established IT or conventional cyber security.
Add into the mix, a 'cylinder of excellence' (silo) problem. Most technology in an organisation sits in the IT 'cylinder'. For OT, there is always an interface with operations/engineering/generation/manufacturing because you're working on technology that can have real-world implications (a key feature of OT).
In working in the area of ICS/OT for ~20 years, the last ~10 years in ICS/OT cyber security, Peter will bring some insights in dealing with some of the hard problems in ICS/OT cyber security. One area of development is the clarification of roles and responsibilities. More organisations are changing their strategies in who is responsible for 'OT'... and even how we define 'OT'.
His experience is informed not only though work in the sector (NZ and internationally) but supported by several years as an intentionally-recognised award-winning OT cyber security expert and international conference presenter. His work supporting the ICS/OT cyber security community extends to ~dozens of presentations across NZ, running the NZ ICS/OT Cyber Technical Network (established 2019), facilitating NZ ICS/OT seminars/conferences (since 2017), and supporting the 62443 series as a member of ISA-99.
Peter is an expert ICS/OT cyber security practitioner. He leads the SGS ECL team of industrial cyber specialists (OT security engineers/consultants). His background includes control/safety systems experience, as a TÜV-certified Functional Safety Engineer. When he’s not leading the SGS ECL OT Cyber team, Peter is an instructor for SANS ICS515 (ICS Visibility, Detection, and Response) and runs the NZ ICS Cyber Technical Network.
His experience is informed not only though work in the sector (NZ and internationally) but supported by several years as an intentionally recognised award-winning OT cyber security expert and international conference presenter. His work supporting the ICS/OT cyber security community extends to ~dozens of presentations across NZ, running the NZ ICS/OT Cyber Technical Network (established 2019), facilitating NZ ICS/OT seminars/conferences (since 2017), and supporting the 62443 series as a member of ISA-99.