Lane Thames, PhD and principal security researcher at Tripwire explains the challenges you might not have considered in IT/OT convergence.

Spotify: https://open.spotify.com/show/5UDKiGLlzxhiGnd6FtvEnm
Stitcher: https://www.stitcher.com/podcast/the-tripwire-cybersecurity-podcast
RSS: https://tripwire.libsyn.com/rss
YouTube: https://www.youtube.com/playlist?list=PLgTfY3TXF9YKE9pUKp57pGSTaapTLpvC3

Tim Erlin: Welcome to the Tripwire Cybersecurity Podcast. I’m Tim Erlin, vice president of product management and strategy at Tripwire. I am joined by Lane Thames, principal security researcher at Tripwire. Today, we’re going to talk about industrial cybersecurity and the IT-OT divide that we see in the industry. Lane will come at from a security researcher standpoint. I will come at it from a market standpoint. We’ll see where we end up. Welcome, Lane.

Lane Thames: Hi, Tim. Good to be here.

Background on the IT-OT Convergence

TE: Awesome. I wanted to start out with the term “IT-OT convergence.” How did that term surface in the security research space that you’re in, Lane?

LT: Let’s go back the late 90s, early 2000s. When we dealt with manufacturing, we were living in what was called the “third industrial revolution” where we had machines that had computers and controllers. We also had digital technology where we could process signals and such. What happened is folks wanted to start connecting their operational technology (OT) devices—things like sensors, actuators, robots, programmable logic controllers, etc.—to their IT or internet protocol-based networks.

TE: I want to point out what I think you’re saying and make sure I understand it. There was a time where the manufacturing and industrial technology was built, developed and placed in market parallel but separate from what we would traditionally call IT. Is that right?

LT: That is correct. There’s a whole plethora of industrial-based protocols that would speak their own language. Sometimes, (Read more...)