OT Cybersecurity- Challenges & Actions in 2022. An interview with Gabriel Marcus.
Expert in Cyber and Information Security, specializes in social engineering and offensive security, both application and infrastructure. CTF specialist, won the world championship in 2022.
Full disclosure: Gabriel has also been our startup advisor since 2020. I met with him for a short chat about industrial cyber security, the challenges we’re facing today and what lies ahead in the next 3 years.
Hi Gabriel, what do you think is the top cyber threat an industrial business face today?
ICS basically integrates hardware, software and their network connectivity for running and supporting critical infrastructure. I think the challenge today is, on the one hand, identifying and defeating malicious activity, and on the other hand, ensuring a swift recovery from any attack that might occur, preferably ASAP before it causes wide-spread harm and stalls production, which in many cases creates cost issues.
It is customary to refer to a business continuity plan as a process of firewall protection, detection and elimination of threats, when actually, a BCP should also refer to an incident scenario. What’s your take on that?
I agree. We have to look at the whole cycle, from the possibility of a threat, to the moment of going back to normal after an attack. With an increasing rate of attacks on critical infrastructures, every organization should be prepared with a recovery plan. It is no longer a question of "if" but a question of "when".
The major vulnerability in Critical infrastructure is downtime. We don’t defend today; we contain and recover. There is no other possibility.
Can you give us a quick review as to what OT organization are using now for recovery?
Up until a couple of years, many OT companies have been using, and some still are, manual or semi-automatic backup solutions (Ghost, Acronis, NetApp). These are good solutions for backup, but it leaves you with two main problems:
Attackers are aware of these systems, and they also target them by diverting ransomware payloads to backup protocols over the network.
Recovery from a ransomware attack, using these solutions can take days, depending on the size of data effected.
The real solution today needs to be a fast offline recovery device, which cannot be attacked and also possess a very fast recovery option.
How essential, do you think it is, for an ICS & OT organization to use OT focused solutions vs IT focused solutions?
In the IT world, where data is the main concern, the efforts revolve around protecting the information, to the extent of restoring a file of a previous minute. In OT, the major concern is operational continuity so efforts revolve around reducing downtime. So, I assume, the answer depends on the organization and its ability or willingness to withstand downtime, and risk ransomware attacks. In addition, you cannot be everywhere all the time, so automatic solutions are a must.
What do you think separated Salvador’s technologies’ solution from others?
Well, that I haven’t been able to hack it, for starters!
I should mention the solution basically consists of a cyber Recovery Unit (CRU), an agent software and a monitoring system. The CRU, which contains 3 NMVe disks for backup, is based on patented air-gapped technology, and it is air-tight proof against any infrastructure and application attacks. Salvador Technologies have the unique ability to recover your system in record time. solution decreases immensely the cost of a ransomware attack in any type of environment. Unique software and hardware, developed only in labs, make it very difficult for reverse-engineering their product and creating vulnerabilities or zero-day attacks.
Finally, how do you see industrial cyber security in 3 years?
It is ever changing; it will progress much faster than it does today. The world advances so fast, we will be traveling into a period in which OT is a key for infrastructure development and production. We will have faster computers and better abilities, a lot more knowledge and understanding as to how cyber warfare is conducted. It started in Europe this year, it is waged all over the Globe, but it will become a much more serious focus in the upcoming years.
Ransomware as a Service (RaaS) has become a vast industry and will keep evolving and becoming more impactful and dangerous. We will need to shift with the threat, faster, and more agile. It's an ever-changing landscape.
Gabriel practices cyber for 25 years and has OSCP certification and can perform PT both application and infrastructure vectors. He currently works as a Cyber Application Architect and DevSecOps specialist.