Endace Packet Forensics Files: Episode #49

Original Entry by : Michael Morris

Michael talks to ICS and SCADA security expert, Lionel Jacobs

By Michael Morris, Director of Global Business Development, Endace

Michael Morris, Director of Global Business Development, Endace

In this episode, Michael talks to Lionel Jacobs, Senior Partner Engineer, ICS and SCADA security expert, at Palo Alto Networks. Lionel draws on his more than 25 years of experience in OT (Operational Technology) and almost a decade at Palo Alto Networks in discussing some of the challenges of securing OT, IoT and critical infrastructure from cyberattack.

Lionel talks about some of the unique challenges that OT systems present for security teams and why being prepared to defend against attacks on critical infrastructure is so crucial.

Nation-state actors obviously see critical infrastructure as a prime target for attacks. But so too do criminal actors who see critical infrastructure operators as potentially more vulnerable to extortion than other targets.

Lionel discusses the role of Zero Trust and limited access zoning in reducing the risk of attackers expanding their ability to move from OT environments into the enterprise network. Carefully mapping the network and assets and understanding the requirements for access between different areas of the infrastructure is key to this. Often legacy OT devices and control systems can’t be easily patched so placing these elements into a security zone with a remediating factor between that zone and other parts of the network is the only feasible way to protect them from attack.

Lionel talks about the challenge of detecting attacks in OT environments, how to spot unusual activity, and the importance of having a reference baseline to compare against. He highlights the importance of packet data in providing insight into what is happening on OT networks.

Lionel also stresses the importance of close collaboration between OT security teams and the operators of OT networks. It’s crucial to ensure that the safe and effective operation of critical infrastructure isn’t adversely impacted by security teams that don’t understand the operational processes and procedures that are designed to ensure the safety of the plant and the people that work there.

Lastly, Lionel reiterates the importance of gathering reliable evidence, and enabling security analysts to quickly get to the evidence that’s pertinent to their investigation. It’s not just about collecting data, but about making sure that data is relevant and easy to access.

Other episodes in the Secure Networks video/audio podcast series are available here. Or listen to the podcast here or on your favorite podcast platform.