Megan Samford
π€ SpeakerVoice Profile Active
This person's voice can be automatically recognized across podcast episodes using AI voice matching.
Appearances Over Time
Podcast Appearances
But where we really need to start is actually looking at the data and what have been proven to be effective controls in OT environments versus ones that were kind of porting over from the IT side of the house and saying, yeah, you absolutely need to do this because if you don't, it's security heresy or something.
So on the topic of patching, most attacks that happen in OT environments have nothing to do with a vulnerability in a product whatsoever.
They deal more with the porous nature of the networks.
And so if we walk back from the place of, yes, patching is important.
Megan Sanford is not on this show today telling you not to patch.
That's not what I'm saying at all.
But if the data tells us that there are other things that should be addressed first in security and hardening of the networks and network segmentation and visibility in OT and use of all these different technologies that are proven and are very effective or quite simply just getting devices that are directly exposed on the Internet today.
If you go to Shodan or Census or any of these websites, you will see very apparent attack surface that is existing in global critical infrastructures every single day.
But when it comes to patching, again, back to the point of the attacks aren't coming from lack of patching, folks.
We're not seeing that.
But within patching and we back into the conversation of downtime that you need to take factory floors and assembly lines down for patching.
There are ways to do this.
You can prioritize the patches and really understand what's going to give you the most bang for your buck.
I would definitely prioritize patching HMIs and engineering workstations and things.
But for other products, I think that OEMs are considering partnerships with cybersecurity vendors where
If we know that the customer can apply the patch immediately, or we know that it could come in the next quarter, or we know that they have limited patch windows, we should be directly deploying patch signatures to firewall companies so that the customer is protected, even if they're not able to patch yet.
So I think we can achieve the same outcome and result.
It just may not look the same in OT as it traditionally does in IT, if that makes sense.
Yeah.
And the last point I'd add there, and it's a good quip, is, you know, in many cases, the OT products, the relays, the sensors, things that are operating down at like level one, level two, budding into level three of the traditional OT model, they're not the murder weapon folks.