Dragos has participated in the Global Cybersecurity Forum, held in Riyadh recently that attracted cybersecurity experts and leaders from all over the world.
Ben Miller, who represented Dragos as its Vice President of Services, spoke on the concluding day of the forum, about the threat of supply chain and third-party attacks. In his session, titled, “Pervasive and Insecure,” he discussed supply chain risk in critical infrastructure, examining the complex reality of third-party and supply chain attacks and sharing perspectives on the unseen vulnerabilities and how to address them.
Miller highlighted the complex nature of supply chain attacks, which potentially contain widespread vulnerabilities in the OT and industrial control systems (ICS).
He outlined Dragos’ specific focus on the Kingdom’s supply chain risk in critical infrastructure including refineries and water treatment plants, as “Energy and water are specific focuses of ours in the region as they are critical not just to the economy but also to every person who lives here,” he said.
Giving an outline of the Dragos plan to help organizations detect and respond to the threat challenges posed to critical infrastructure in Saudi Arabia, he said: “We need to focus on educating the workforce, building a new understanding of how OT is different from IT, and gaining visibility and insights into what is happening in our critical infrastructure.” OT cybersecurity is in many ways a new field, he said.
For Dragos, OT cybersecurity is the priority. “We need to communicate the needs of OT security as right now the concern exists but the specific needs aren’t well understood by asset owners. They do understand that digital transformation is happening and they need to secure it. I would focus on this business case and speak to the need for OT-specific monitoring, defensible architectures, and OT-specific incident response plans,” the Dragos official said.
Miller said supply chain attacks in critical infrastructure are complex with many suppliers, vendors, integrators, and long lifecycles that measure in decades.
Commenting on the need to build industrial cyber resilience to keep such threats in check, he said: “The first challenge in the OT space is gaining visibility into what assets one has. You can’t defend something if you don’t know it exists.”
When it comes to safeguarding cyberspace, he had a few words of advice for Saudi Arabia: The Kingdom should realize the potential challenges as early as possible. Commending the country’s efforts in cybersecurity, he said: “Over the last few years, Saudi Arabia has focused heavily on cybersecurity through investing in key programs and events such as the Global Cybersecurity Forum.
“The Kingdom of Saudi Arabia has impressed many by taking one of the world’s leading positions in developing and maintaining a cyber ecosystem. Therefore, the Kingdom now has a vantage point to bridge global cyber divides and ensure that cybersecurity benefits all societies in the region,” Miller concluded.
A global expert in industrial cybersecurity himself, Miller joined other renowned thought leaders in the field, including: Dr. Albert Antwi-Boasiako, Directory-General of the Cyber Security Authority, Ghana; Mary O’Brien, General Manager, IBM Security; Lothar Renner from Cisco Security; and Dr. Victoria Coates, Former Senior Advisor to the US Secretary of Energy.