Exploring the Evolving Landscape of ICS/OT Cybersecurity at RSAC 2024
By Patrick Miller
The RSA Conference 2024 spotlighted the critical importance of ICS/OT cybersecurity, reflecting a significant increase in attention compared to previous years. Ampyx Cyber CEO, Patrick Miller noted the strong presence of AI-driven security tools on the vendor floor and highlighted the conference's rich agenda featuring discussions on the convergence of IT and OT. Recent high-profile cyberattacks have heightened awareness and urgency around securing these systems. As digital transformation continues, the industry's commitment to enhancing ICS/OT cybersecurity is more evident than ever.
Have you been seeing things that are relevant to ICS? Here at RSA this year?
Yes,more than in years past. So that's a good sign that we're seeing an increase, or at least I'm seeing an increase in OT ICS security content here at RSA, not just in the presentation content, but also on the floor. And the villages in the sandbox area are, they'd been a fantastic addition. And of course, they're knocking it out of the park for the OT /CS space. But in general, I would say the trend is moving in the right direction to get awareness and visibility for OT/ICS cybersecurity.
What kinds of things are you seeing, for example, vendor floor?
On the vendor floor, everything is AI. Which is understandable because it is so revolutionary in so many ways. So, we are seeing a lot of the introduction of AI in various ways for example into security tools or additional assistance for you security practitioners. I'm waiting to see what this looks like as it matures over time and becomes less of a buzzword and becomes more woven into the fabric of what we do and in our tool sets. But it's just it's good to see that it is being considered. But it has stolen the RSAC show without question. Other than that, all the detection platforms are here. And of course, they're definitely adding AI, they're getting more mature. In general, that's the bulk of what I’m seeing. There are some interesting new hardware technologies that are out there as well. I do like seeing that there's presence of OT-focused r tap makers and other things that are unique to our space. It's good to see this getting a bigger presence.
Do you get the sense that AI is moving into the ICS space fairly quickly?
Yes. And I think what is not commonly known as we've been using AI for a very long time already. We have always used analytics and algorithms heavily, and all of our control systems already to do predictive elements and responsive behaviors based on logic, which is essentially what AI is. We've been doing this for a long time. So, we're just adding more and more of it in now to do I guess, larger sets of evaluation, and in some cases more refined; so wider and deeper.
Have you seen more talks that are related to OT this year?
Definitely more talks related to OT, and some of them are in that space where it's not OT, it's not IT - It's just kind of T. There is IT technology used in an OT style way, and even in some cases, OT technology used in an IT style. We see less of that, but there are cases. There's good content on the agenda as well for the pure OT space as well, and even the space in the Venn diagram that merges OT and IT.
You mentioned the OT software or OT security that can be used for IT. Is that something new? Or is that something you've seen before?
It's not something necessarily new. It's been out there for a while, I think it's just getting recognized as used in that area or used in that way. I the OT space, for example, we've got hardened environments that are purpose built. We're starting to see that concept creep more into IT. We’ve seen it already in the IoT or IIoT space, but it's starting to make its way deeper into IT. We don't need 50 million features. We only need these features because we know we need those and anything else becomes something that's intentionally added in. So more of a kind of secure by design or safe by design mindset into the IT side is cross pollenating from OT.
Why do you think that we're seeing more industrial more ICS content here at RSAC?
Because it's really, really important. I mean, don't get me wrong, IT is important, IT security is very important. People can lose entire companies and it can be catastrophic loss in many ways. But on the OT side, it can literally mean dead people. The level of risk, the level of impact, the sense of purpose, and sense of mission - they're different. It's getting more presence because of the level of impact. This is in addition everything used to be analog, and you just can't buy analog industrial technology anymore. It's all digital. Just by the nature of that digital growth, you're seeing more and more of ICS and OT here at RSAC as well.
Do you think part of it might be more attacks on ICS, or more higher profile attacks on ICS?
There's definitely some of that. The water industry was just recently attacked, and it's gotten a lot of press, Colonial Pipeline got a lot of press. The horrifying and frightening attacks on Ukraine, taking out their power grid. These are definitely on everyone's mind, Volt Typhoon has been the topic of almost every presentation here. So yeah, I think that level of visibility is driving a lot of the attention. And it's not necessarily a bad thing. Some of it needs to be tempered a little bit in terms of understanding what the real impacts are. So there is there is some element of hype, but if it gets attention to the situation, and we actually get funding and resources and technology and humans to do some work, fantastic. It needs to be done.
Overall, do you welcome the new focus or partial focus on OT here at RSA?
I'm welcoming the increased attention. It's not necessarily a bad thing. As far as RSA goes for the OT people it' a solid event. It's not just an IT security world anymore. It's a lot more hybrid, and it does bleed into our space in a real and meaningful way.
