How to make critical infrastructure safer—there’s a long way to go
Making critical infrastructure safer at Ars Frontiers. Click here for transcript. (video link)
In the run-up to Ars Frontiers, I had the opportunity to talk with Lesley Carhart, director of Incident Response at Dragos. Known on Twitter as @hacks4pancakes, Carhart is a veteran responder to cyber incidents affecting critical infrastructure and has been dealing with the challenges of securing industrial control systems and operational technology (OT) for years. So it seemed appropriate to get her take on what needs to be done to improve the security of critical infrastructure both in industry and government, particularly in the context of what’s going on in Ukraine.
Much of it is not new territory. “Something that we’ve noticed for years in the industrial cybersecurity space is that people from all different organizations, both military and terrorists around the world, have been pre-positioning to do things like sabotage and espionage via computers for years,” Carhart explained. But these sorts of things rarely get attention because they’re not flashy—and as a result, they don’t get attention from those holding the purse strings for investments that might correct them.