Home OPINION This is why securing critical infrastructure is so important

This is why securing critical infrastructure is so important

August 29, 2022

Galina Antova is the co-founder and Chief Business Development Officer at Claroty. Prior to co-founding the company, she was the Global Head of Industrial Security Services at Siemens overseeing the development of its portfolio of services that protect industrial customers against cyber-attacks. She holds a BS in Computer Science from York University in Toronto, and an MBA from IMD in Lausanne, Switzerland.

Cyber attacks on critical infrastructure have become increasingly sophisticated. This poses a tremendous concern, as these attacks have the potential to disrupt daily life. In this interview, Galina Antova shares the Claroty story and describes how security leaders can protect critical infrastructure.

Tell us about the Claroty story

Claroty empowers industrial, healthcare, and commercial organizations to secure all cyber-physical systems in their environments: the Extended Internet of Things (XIoT). The company’s unified platform integrates with customers’ existing infrastructure to provide a full range of controls for visibility, risk and vulnerability management, threat detection, and secure remote access. Backed by the world’s largest investment firms and industrial automation vendors, Claroty is deployed by hundreds of organizations at thousands of sites globally. The company is headquartered in New York City and has a presence in Europe, Asia-Pacific, and Latin America.

What are the biggest problems when it comes to securing critical infrastructure?

Several challenges impact critical infrastructure cyber security. In the US, it’s reported that more than 80% of CI is privately owned. This dynamic can impede information sharing among competitive entities — for example, about targeted attacks that may impact others within a sector. The US government’s efforts to improve intelligence sharing between public and private sector CI entities should be accelerated.

Critical infrastructure owners and operators are also facing technology challenges because of legacy equipment and less reliance on air-gaps. Gear that was never meant to be connected to the internet is being exposed to the network. While this creates efficiencies, it also increases risk to organizations. Attackers – state-sponsored groups especially – are constantly scanning for vulnerable systems that can be exploited to cause disruption to critical services, or even physical damage in some extreme cases.

Tell us about the innovation behind the product?

Claroty’s acquisition of healthcare security leader Medigate in January brought the company into a new era beyond our core competency of operational technology security. Claroty recognized the rapid emergence of cyber-physical systems that have a direct impact on human lives. These systems that are within not only OT and healthcare, but also commercial applications such as building automation systems, must be secured because of their direct connection to our way of life. Securing these systems not only reduces risk, but also helps sustain our lives.

Are there any myths about IoT security that you’d like to clarify for security leaders?

The biggest myth is that conventional IT security systems are enough to secure connected systems. However, that’s not always the case. While IT security systems such as VPNs and access control are crucial, they cannot fully succeed without a full inventory of IT, OT, and IoT assets. Visibility into connected devices is a mandatory first step in any risk management strategy.

Other actionable insights for security leaders?

Security leaders should understand that while their cyber security focus has largely been on IT for two decades, every company on the planet manages some OT and IoT devices. For example, hospitals rely on elevators to move patients from floor to floor, as well as refrigeration to maintain the viability of medicines and blood supplies. The cyber-physical systems managing these core processes are as vital to operations as is access to patient records, billing, and more.

Where is IoT security headed in the next 5 years?

The lines between IT, OT and IoT will disappear. We believe cyber-physical systems security will become the de-facto security approach, especially as we continue to connect more systems to the internet, analyze more data, and improve process and business efficiency.

Lastly, to receive more timely cyber security news, top-tier reports and cutting-edge analyses, please sign up for the cybertalk.org newsletter.