David Hechler from Tag Cyber hosted a roundtable discussion with Mark Weatherford, who has held a variety of executive-level positions in the public and private sectors, and me on operational technology (OT) cyber security. The roundtable discussions were published in the form of an edited transcript at TAG Cyber Law Journal https://www.cyberinsecuritynews.com/ot-videos. The discussion was called “Enough About Data Breaches. Let’s Talk About OT Security.”
Almost immediately after our roundtable, the Colonial Pipeline was hit with a ransomware attack. Then on May 12, President Biden released Executive Order 14028 - Improving the Nation's Cybersecurity.
David asked us what we thought of the Executive Order in light of our talk. The roundtable provides an insight into how there are different views on OT cyber security. I told him I was not impressed as the Executive Order failed to address the unique issues associated with control systems. It was clear that either no control system cyber security experts contributed to the EO, or that their input was ignored. On the other hand, Mark called the document “the federal government’s most ambitious and comprehensive attempt ever to address a long list of cyber security issues.” He was happy with the overall tone even though it doesn't provide any great detail about operational technology.
If you’re wondering what makes OT important, even though it’s barely mentioned in the Executive Order, click on the short (most three minutes) video highlights of David’s conversation with us. Or, if you have time, watch the longer (36 minutes) video that puts the pieces together. A link to the edited transcript, which is the most comprehensive version of the event, is also provided.
