“Understanding the environment that you're dealing with is a really important part of incident response. It's something that we don't talk about enough … You need to understand what operating systems are going to be in play. How are you going to access systems to get forensic data? Is there network connectivity? Can the incident responders access the log servers and the historians? Can they do that remotely? Do they need to be on site? … It's very helpful to understand what vulnerability landscape looks like, too, because it can help you pinpoint things in your timeline.” - Lesley Carhart Lesley Carhart, of industrial cybersecurity company Dragos, Inc. joins this episode of Hack the Plan[e]t. Lesley is the Director of Incident Response for North America. Today, we dive into what’s involved in assessing vulnerability in industrial environments, and the painstaking process of securing operational technology (OT). What are emerging challenges for critical infrastructure asset owners? What kind of threats are out there - and what does a robust incident response look like? Join us to learn more.
For today’s episode, I’m joined by Lesley Carhart. Lesley is the Director of Incident Response for North America at the industrial cybersecurity company Dragos, Inc. She leads incident response and proactively hunts for threats in customers’ ICS environments. Lesley was the incident response team lead at Motorola Solutions, and retired from the United States Air Force.
Today, we dive into the kinds of active threats out there that incident response deals with:
“We see insider cases, both intentional and unintentional insider cases. We see a lot of crime ware. So crime actors are getting smarter about where they're doing things like ransomware attacks. They're less haphazard. There's probably less overall attacks now, but they're more smartly performed. So they're targeting more critical industries. They are targeting people who they think will have to pay…And then there's still adversary groups who are more state style, who are building their capabilities to launch attacks in the future. And conducting espionage, preparing to do sabotage. And that's still happening and they're getting better at it.” - Lesley Carhart
We explore the challenges of securing operational technology (OT) for asset owners, different kinds of threats, and the process of doing vulnerability discovery for these physical assets.
What do asset owners in critical infrastructure need to secure in the first place - and why is this so challenging to stay on top of? What kind of incident response plan is needed for OT in an industrial environment?
Join us to learn more.