IT and OT, Information Security Architectural and Operational Divides in the Energy Sector
March 13, 2018
Abstract: This talk will explore the Information Technology (IT) versus the Operational Technology (OT) approach to secure the endpoints and network in energy delivery systems (EDS). IT has more general vendor and corporate acceptance of cybersecurity tools like antivirus, intrusion prevention, and log management than do the OT vendors. OT vendors partner with a much more limited number of cybersecurity vendors to provide the same level of protection for supervisory control and data acquisition (SCADA), control systems, operator human machine interface (HMI), applications, data, network, and communication. Those partnerships don’t usually coincide with corporate IT strategy, which are difficult to implement or accepted by the managers and engineers using operational technologies. There are also significant differences between IT and OT testing methodologies, vulnerability management, and level of security controls implemented. As energy sector companies look to reduce costs through IT and OT efficiencies, how do vendors and energy sector companies work together to mitigate the cybersecurity risks and at the same time lower costs to the company stakeholders?
Biography: Mark has 30 years of IT Operations experience focused on telecommunications and networking. 20+ years of Disaster Recovery experience and more than 14 years of Information Security experience. Mark currently manages the PCI, HIPAA, PCI, MTSA, and Privacy compliance programs for Southern Company Gas, a public utility holding company with more than 5 million natural gas utility and retail customers and over 6000 employees. Mark also supports the Data Loss Prevention and E-Discovery platforms for the company. Mark is assisting the AGA Natural Gas Security Committee (NGSC) & Cybersecurity Strategy Task Force with improved Cybersecurity Procurement Language for Control Systems.