WEBVTT 1 00:00:00.900 --> 00:00:03.210 Tom Field: Hi there, I'm Tom Field. I'm senior vice president 2 00:00:03.210 --> 00:00:06.060 of Editorial with Information Security Media Group. Topic of 3 00:00:06.060 --> 00:00:09.870 conversation, well, we're mythbusting - you can secure OT. 4 00:00:10.080 --> 00:00:12.930 Here to tell you how is Mark Cristiano. He is commercial 5 00:00:12.930 --> 00:00:17.310 director - global, cybersecurity services business with Rockwell 6 00:00:17.310 --> 00:00:19.710 Automation. Mark, it's a pleasure to have you here in the 7 00:00:19.740 --> 00:00:21.390 RSA Conference studio again. 8 00:00:21.450 --> 00:00:22.620 Mark Cristiano: Thank you for having me, Tom. 9 00:00:22.680 --> 00:00:26.100 Tom Field: So it's a return to RSA conference for you. How has 10 00:00:26.100 --> 00:00:30.720 the OT security conversation changed since the last time you 11 00:00:30.720 --> 00:00:31.590 were here talking about it? 12 00:00:31.000 --> 00:00:33.760 Mark Cristiano: Well, first of all, we are really excited to be 13 00:00:33.760 --> 00:00:37.270 here this year. We sent a relatively small team last year 14 00:00:37.270 --> 00:00:40.030 to recon the show to see if there was an opportunity for 15 00:00:40.030 --> 00:00:43.450 Rockwell to really help customers on their OT journey. 16 00:00:43.810 --> 00:00:46.390 And I was amazed that even though that we had a smaller 17 00:00:46.390 --> 00:00:49.720 presence, the just the engagement of the conversations 18 00:00:49.720 --> 00:00:51.670 and the quality of the conversations that we had with 19 00:00:51.670 --> 00:00:54.910 customers last year, made me go back to leadership and say we 20 00:00:54.910 --> 00:00:57.910 need to go big. So this year, Rockwell is gonna go really big. 21 00:00:57.910 --> 00:01:01.510 We've got a booth, we've got a demo. I think the what we're 22 00:01:01.510 --> 00:01:05.530 seeing is an increase again in OT attacks. They've almost 23 00:01:05.530 --> 00:01:08.830 doubled year over year from last year. And the complexity 24 00:01:08.830 --> 00:01:13.120 associated with protecting the OT, infrastructure is something 25 00:01:13.120 --> 00:01:15.670 that our customers are really struggling with. That's where we 26 00:01:15.670 --> 00:01:18.400 come in to help. And I am really looking forward to having 27 00:01:18.490 --> 00:01:20.530 discussions with customers to help them on their cyber 28 00:01:20.530 --> 00:01:20.950 journey. 29 00:01:21.090 --> 00:01:23.430 Tom Field: Well talk more about this. What is the RSA Conference 30 00:01:23.430 --> 00:01:26.010 mission? If you were to sum it up, why is Rockwell Automation 31 00:01:26.000 --> 00:01:28.580 Mark Cristiano: I think we have an opportunity, when you look at 32 00:01:26.010 --> 00:01:26.250 here? 33 00:01:28.580 --> 00:01:32.990 the demographic, if you will, of the attendees of RSA, typically, 34 00:01:32.990 --> 00:01:36.590 they typically are focused on IT for you know, for just reason. 35 00:01:37.070 --> 00:01:39.590 We think that we've got an opportunity to differentiate 36 00:01:39.590 --> 00:01:41.990 ourselves and to really help our customer base with that 37 00:01:41.990 --> 00:01:44.630 complexity of the OT environment, the remediation 38 00:01:44.630 --> 00:01:48.530 that's required, which is very different from IT. That's all we 39 00:01:48.530 --> 00:01:51.470 do is we help customers with their OT remediation. We don't 40 00:01:51.470 --> 00:01:54.950 go up into the IT space, we've been in plants for 120 years, we 41 00:01:54.950 --> 00:01:57.890 know criticality of availability. And that's really 42 00:01:57.890 --> 00:01:59.660 what we're going to try to help our customers with. 43 00:01:59.700 --> 00:02:01.830 Tom Field: Now I know that you've got a huge presence on 44 00:02:01.830 --> 00:02:04.890 the show floor. And already there's a lot of buzz about 45 00:02:04.890 --> 00:02:07.170 Rockwell Automation, your presence here, you're talking 46 00:02:07.170 --> 00:02:10.830 with people. What are the things that people are eager to discuss 47 00:02:10.830 --> 00:02:11.130 with you? 48 00:02:11.760 --> 00:02:14.280 Mark Cristiano: I think the most common question that I still get 49 00:02:14.340 --> 00:02:18.360 is, where do I start? I think there's the complexity that I 50 00:02:18.360 --> 00:02:21.750 alluded to in terms of OT remediation is somewhat foreign 51 00:02:21.750 --> 00:02:25.410 to CISOs and to IT providers. And unfortunately, there's no 52 00:02:25.410 --> 00:02:29.130 right answer. It all depends on three factors, you know. What's 53 00:02:29.130 --> 00:02:32.820 your risk profile? What's your cyber maturity? Meaning, you 54 00:02:32.820 --> 00:02:35.910 know, have you created procedures? Where are you? And 55 00:02:35.910 --> 00:02:40.020 then what's your organization's available ability to absorb 56 00:02:40.020 --> 00:02:43.680 change? Because these programs take a top-down approach? And I 57 00:02:43.680 --> 00:02:46.890 think those three things are the most common advice that I give 58 00:02:46.890 --> 00:02:49.590 to customers, but where to start is definitely the No. 1. And I 59 00:02:49.590 --> 00:02:54.210 think No. 2 is, how do I get my arms around the protect surface? 60 00:02:54.240 --> 00:02:57.540 The assets that are on the OT side of the infrastructure are 61 00:02:57.540 --> 00:03:02.100 dispersed. They're 20 years old, in some cases, very different 62 00:03:02.100 --> 00:03:04.500 from the IT side. So I think those are the two most common 63 00:03:04.500 --> 00:03:08.220 things that I hear are: where to start, and how to identify and 64 00:03:08.220 --> 00:03:10.680 quantify the risk associated with my protect service. 65 00:03:10.740 --> 00:03:12.810 Tom Field: And often, you get cultural silos to deal with too. 66 00:03:12.840 --> 00:03:13.350 What I hear. 67 00:03:13.680 --> 00:03:16.830 Mark Cristiano: We do. IT and OT that's the classic, right. And I 68 00:03:16.830 --> 00:03:20.670 think that my most successful customers are ones where IT and 69 00:03:20.670 --> 00:03:25.380 OT have teamed up early on, and identified the fact that OT 70 00:03:25.380 --> 00:03:28.020 needs IT. And IT needs to understand the complexities 71 00:03:28.020 --> 00:03:31.710 associated with OT. And we have workshops that we run from a 72 00:03:31.710 --> 00:03:34.260 Rockwell perspective, not really selling anything, just educating 73 00:03:34.260 --> 00:03:37.140 both sides to make sure that they're, you know, they are 74 00:03:37.140 --> 00:03:40.320 organized as effectively as they can. That's a big challenge. 75 00:03:40.350 --> 00:03:42.150 Tom Field: And timely enough, we have a theme here at RSA 76 00:03:42.150 --> 00:03:44.400 Conference, "Stronger Together." Who would be stronger together 77 00:03:44.400 --> 00:03:45.180 than IT and OT. 78 00:03:45.180 --> 00:03:46.290 Mark Cristiano: Exactly, yes. 79 00:03:46.320 --> 00:03:48.210 Tom Field: Rockwell has got a speaking session. Now, it's 80 00:03:48.210 --> 00:03:51.330 interesting, because one of the sort of myths that is out there 81 00:03:51.330 --> 00:03:54.330 in the market was, oh, you can't secure OT. You hear that far too 82 00:03:54.330 --> 00:03:58.620 frequently. But your session is called: You Can Secure OT. And 83 00:03:58.620 --> 00:04:01.590 you're going to explore how traditional IT security people 84 00:04:01.590 --> 00:04:05.640 can get started securing their OT systems. Now we keep hearing 85 00:04:05.850 --> 00:04:09.900 ICS is insecure by default, by design. What are some steps that 86 00:04:09.900 --> 00:04:12.510 can be taken to secure industrial control systems? 87 00:04:12.540 --> 00:04:16.050 Mark Cristiano: Well, I go back to the that first step of really 88 00:04:16.050 --> 00:04:20.460 getting your arms around what assets are out on that shop 89 00:04:20.460 --> 00:04:23.730 floor. And that's kind of like Cyber 101 is what I call it, and 90 00:04:23.730 --> 00:04:27.420 IT professionals can help OT with that. It's identifying 91 00:04:27.420 --> 00:04:30.660 those assets, first and foremost. It's quantifying the 92 00:04:30.660 --> 00:04:33.690 risk associated with those assets, and then it's 93 00:04:33.690 --> 00:04:37.170 prioritizing them. Not every asset needs to be protected the 94 00:04:37.170 --> 00:04:40.050 same way. So that's kind of that's the advice. I think that 95 00:04:40.470 --> 00:04:43.710 Ahmik in that session will be providing. You know, it also 96 00:04:43.740 --> 00:04:46.500 there's basics, just policies and procedures. There's things 97 00:04:46.500 --> 00:04:49.350 that IT is very well versed in that they've done in the past 98 00:04:49.620 --> 00:04:52.890 that are really applicable to OT with some subtle differences. 99 00:04:53.160 --> 00:04:55.410 And I think IT has an opportunity to really help OT 100 00:04:55.410 --> 00:04:58.770 organizations as they start to mature in their cyber journey. 101 00:04:59.070 --> 00:05:01.320 Tom Field: Now you hinted a bit about your booth presence, which 102 00:05:01.320 --> 00:05:04.080 is phenomenal. What are you going to be showing there? 103 00:05:04.410 --> 00:05:08.430 Mark Cristiano: So we have a demo that will be simulating a 104 00:05:08.430 --> 00:05:12.360 water system attack. We're going to have red team people who are 105 00:05:12.360 --> 00:05:14.400 trying to get in; we're going to have blue team people who are 106 00:05:14.400 --> 00:05:18.060 trying to stop it. I think it's really impactful because it's 107 00:05:18.060 --> 00:05:22.350 going to show the entire paradigm of the NIST standard, 108 00:05:22.350 --> 00:05:29.520 which is identify, detect, and then respond and recover. So 109 00:05:29.550 --> 00:05:32.370 we'll see how they try to get in. We'll see how we'll detect 110 00:05:32.370 --> 00:05:34.800 it. And then we'll show how we've remediated and recover 111 00:05:34.800 --> 00:05:37.800 from that breach. We'll be running that every hour on the 112 00:05:37.800 --> 00:05:41.550 hour. And we'll be at booth 2233. And I encourage everyone 113 00:05:41.550 --> 00:05:44.730 to come by have a conversation and see the demo. 114 00:05:44.850 --> 00:05:46.890 Tom Field: And unfortunately, this is not fiction. This is 115 00:05:46.980 --> 00:05:48.030 based on a true story. 116 00:05:48.030 --> 00:05:49.110 Mark Cristiano: This is reality. 117 00:05:49.140 --> 00:05:49.830 Tom Field: Yeah, exactly. 118 00:05:49.830 --> 00:05:51.390 Mark Cristiano: It's increasing exponentially, too. 119 00:05:51.450 --> 00:05:53.370 Tom Field: Now, you mentioned you'd be back here for a second 120 00:05:53.370 --> 00:05:56.490 year in a row. OT security has a bigger presence than ever. And a 121 00:05:56.490 --> 00:06:01.530 lot of vendors are addressing OT security explicitly now. How 122 00:06:01.560 --> 00:06:05.160 does Rockwell Automation stand up and differentiate itself in 123 00:06:05.160 --> 00:06:05.610 that crowd? 124 00:06:05.940 --> 00:06:09.870 Mark Cristiano: We are a pure-play OT provider, meaning a 125 00:06:09.870 --> 00:06:13.080 lot of, you know, other organizations started in IT. And 126 00:06:13.080 --> 00:06:16.530 they've seen the requirement and they've started to go down into 127 00:06:16.530 --> 00:06:21.180 OT. We've never done that. As I said, we're 120-year old OT 128 00:06:21.180 --> 00:06:24.450 company. And we've got specialized skill sets of our 129 00:06:24.450 --> 00:06:28.020 cybersecurity engineers and our SOC analysts. That's a huge 130 00:06:28.020 --> 00:06:32.010 differentiator. Second is we're global. We're in well over five 131 00:06:32.010 --> 00:06:35.250 to 700 facilities globally, that we've deployed cybersecurity 132 00:06:35.250 --> 00:06:38.970 countermeasures. And our big customers that's what they want. 133 00:06:39.000 --> 00:06:41.880 They want. When we deploy a countermeasure in North America, 134 00:06:41.880 --> 00:06:44.550 they want it to look exactly like it does in Romania. So that 135 00:06:44.550 --> 00:06:47.370 standardization and that globalization that in the 136 00:06:47.370 --> 00:06:49.920 scalability that we provide is really important. And then 137 00:06:49.920 --> 00:06:53.460 lastly, and I'm trying to dispel this notion in the market, we 138 00:06:53.460 --> 00:06:56.910 are technology-agnostic. Well, I'm in plants where there's no 139 00:06:56.910 --> 00:06:58.470 Rockwell controllers whatsoever. 140 00:06:58.500 --> 00:06:58.830 Tom Field: Sure. 141 00:06:58.890 --> 00:07:01.620 Mark Cristiano: As long as it speaks Ethernet, we are prepared 142 00:07:01.620 --> 00:07:04.590 to put, you know, put down countermeasures and provide 143 00:07:04.590 --> 00:07:07.500 managed services associated with those. So those are, you know, 144 00:07:08.070 --> 00:07:10.290 those are some of the key differentiators that we're 145 00:07:10.290 --> 00:07:12.270 bringing to the market. We're going to be talking to customers 146 00:07:12.270 --> 00:07:13.020 about this week. 147 00:07:13.080 --> 00:07:14.610 Tom Field: Excellent! Mark, appreciate the time, appreciate 148 00:07:14.610 --> 00:07:17.040 your insight. Good luck with your experience at RSA 149 00:07:17.040 --> 00:07:17.490 Conference. 150 00:07:17.520 --> 00:07:18.810 Mark Cristiano: Thank you, Tom. Thanks for having me. 151 00:07:19.170 --> 00:07:21.180 Tom Field: Again, we've had Mark Cristiano, with Rockwell 152 00:07:21.180 --> 00:07:24.210 Automation, here talking with us today about OT security. For 153 00:07:24.210 --> 00:07:27.120 Information Security Media Group, I'm Tom Field. Thank you 154 00:07:27.120 --> 00:07:29.040 very much for giving us your time and your attention today.