OT Security, Control System operation and system administration management often focuses on the technology, overlooking the people, process and politics side of the equations. Through this presentation explore the soft underbelly of the cyber challenges in the ICS Domain. As the former CIO of a System Integrator and Workforce Development Co-Chair for the ICSJWG Mike offers a wide angled view of why securing critical infrastructure is so difficult, and doesn’t need to be. Creating a comparison of the contrasting view of the need from the inside of several different organizations within Critical Infrastructure Mike breaks down the difficult to talk topics about and takes an honest approach to understanding the issues.
This discussion will shed light on how internal politics drive top down policies and ultimately fail in accomplishing anything but contradiction and conjecture. This sets up the event horizon for loss of intellectual property through well intentioned trusted insiders, applying “best practices” that actually hurt your organization and loss production due to fear and a lack of establishing ownership to the problem.
Security does not solve problems, it does not make money and the security paradox is that it rarely provides a more secure environment. Lack of true situational awareness is the most dangerous part of our Nation’s infrastructure. The problem is most people do not understand that we are missing a key data point to provide a well-rounded awareness…
Let’s explore though questioning the assumptions and talk about the tough topics.