Industrial control systems (ICS) are no strangers to digital attacks. In its Threat Landscape for Industrial Automation Systems in H1 2017 report (PDF), Kaspersky Lab blocked attack attempts against 37.6 percent of ICS computers that use the Russian security firm’s products. It also detected 18,000 variants of 2,500 different malware families that infected 20.4 percent of ICS computers via web downloads or phishing attacks.

To better understand these and other digital threats confronting ICS devices, I decided to speak with Robert Landavazo. He’s an ICS engineer at Tripwire who specializes in NERC CIP compliance. Below is a portion of our conversation.

Maribeth Pusieski: How did you first get involved in the industrial security space? What was your career path?

Robert Landavazo: I was always interested in security when I was younger, and I was fortunate to be supported by family. So I went to school for Information Technology and Security. I don’t think it’s typical to follow through with childhood career aspirations, but it somehow played out exactly that way for me, and I wouldn’t change a thing.

Once out of university, I got into software development working on an application that automated design documentation of complex systems in the video production industry. From there, I went into IT for public safety (i.e. 911) and was then hired by a NM electric utility. There, having access to appropriate funding and resources helped me and the team I was on create from the ground up a more mature security program, of which Tripwire was a significant component. In fact, this whole experience helped open my eyes to what can occur when a corporation makes implementing a mature security and compliance program a priority.

Not only that, but the move to Tripwire was exciting, as I can now evangelize, educate, and (Read more...)