Assuring OT Ransomware Protection
With the recent Colonial Pipeline ransomware event, there is more scrutiny on critical infrastructure systems involving IACS/SCADA and using Operational Technology. Keys lessons learned are the separation and independence between IT and OT networks to prevent the propagation of ransomware and sabotage of critical operational functions including safety. This has challenges for Information Security practitioners as well as those responsible for operational reliability and safety. In this presentation, thoughts are shared on these challenges and assessments with Technology Convergence, Standards, Frameworks, Security Architecture, safety risk, and coordinating response to cybersecurity incidents, including ransomware.
Bruce Hunter is the ISACA nominated member of the Standards Australia committee on Industrial Process Measurement, Control, and Automation (IT-006). Bruce has more than 40 years covering the design, development, and management of operational technology systems, including their safety and security assurance.
In the last 20 years, Bruce has been the Standards Australia IT006 representative on IEC TC65 committees which have developed and published edition 1 and 2 of IEC 61508, “Functional safety of electrical/ electronic/ programmable electronic safety-related systems”; IEC TR 63069-2019, “Industrial-process measurement, control, and automation – Framework for functional safety and security” and the IEC 62443 series.
Bruce has presented previous papers on safety systems and cybersecurity including ASCS Keynote in November 2018, ASSC Conference in August 2006, ISSEC conference in August 2009, ISACA Cybersecurity Summit in October 2014, Oceania CACS 2015.