Hackers of India

CISO Strategy for OT and IoT risk and Threat Management

By  Gaurav Shukla   Gomeet Pant   Rakesh Viswanathan   Sudarshan Rajagopal  on 02 Mar 2019 @ Nullcon


Presentation Material

AI Generated Summarymay contain errors

Here is a summarized version of the content:

The conversation revolves around building management automation systems (BMA) and their security protocols. The industry is slowly changing, but the pace needs to be faster, especially in sectors like oil refineries, where outdated systems can lead to shutdowns.

The speaker references the telecom industry, which has made significant progress since 2011 when the Department of Telecom introduced licensing conditions with security requirements. Today, most equipment is IP-enabled, allowing for faster threat identification and resolution.

However, the fundamental issue remains: identifying risks and applying strategies from design to implementation. Regulatory bodies like RBI (Reserve Bank of India) and DOT (Department of Telecom) play a crucial role in enforcing security standards, with penalties for non-compliance.

The discussion also touches on the importance of “security by design,” building a culture of sensitivity, and establishing common criteria and language for risk identification across industries. The speaker emphasizes the need for setting the right tone at the top to drive change.

In conclusion, the key takeaways are:

  1. Security by design: Implement security measures from the beginning.
  2. Building a culture of sensitivity: Foster an environment where security is prioritized.
  3. Common criteria and language: Establish standardized risk identification methods across industries.
  4. Setting the tone at the top: Leaders must drive change and prioritize security.

The session concludes with an invitation to engage further with the panelists and explore these topics in more depth.