Danielle Jablanski

But I mean, that single point of failure is not just a monopoly problem that we're talking about where more companies own things, but it's also this kind of over adoption of technology and over reliance.

And I mean, when AI did start years and years and years and years ago, this machine bias question of even if I lean into the technology, how much can I trust it?

What is the integrity of that data?

And that's really where OT security comes into my mind is like, okay,

This is what I borrowed from nuclear, and I've done this for years too, and it's not really an aha moment, but when I talk to people about their OT, it's not the loss of control that I'm worried about.

It's the question of integrity that you've never thought through.

So years ago, when I wrote a methodology for the mainland and council fellowship, I did it on a prison case study.

specifically because they use PLCs for their doors and it's a hub and spoke model.

And a lot of the operators in that facility don't actually think about the network connectivity of PLCs, right?

But then they have all this other connectivity, including food, right?

So they have their commissary, they have apps, they have the library, they've got vehicles with video recording and footage being sent back.

There's tons of connectivity that's already been exploited.

There's a bunch of prison examples out there.

And I brought all these...

OT cybersecurity experts to the table to discuss these scenarios in a prison setting that they never thought of, of like, what are all these third party risks with people bringing the food in and having all these apps and connectivity to the spending and education and all these things.

And the reason I bring this up is that they looked through the NIST 800-82 scenarios.

There's like six in that document that could apply to all the different scenarios.

sectors and we did a bunch of we worked through this methodology and we did some ranking essentially for these scenarios and they were actually prepared for a loss of control they knew what it looked like to create you know some kind of order out of chaos if the doors weren't functioning properly or what the biggest risk scenario would be to health and human safety in their facilities if there was a loss of control but there's one in there that basically is like information or data is sent to an operator that would then cause them to take the next step in the operation so the

actual critical flaw would be the next function of an operator.

And then the exploit was just manipulating the integrity of the data they received to then alter something in the operation.