Trends in the OT/ICS security space and what’s to come
In July 2021, Armis appointed Sachin Shah, an Intel veteran of over 21 years, as its new CTO for Operational Technology (OT) and Industrial Control Systems (ICS).
In this interview, he talks about his plans for the company, shares insight gleaned from spending many years in the ICS security space, and offers some predictions.
Tell me a bit about yourself and your career trajectory. What things have you learned since you started working?
In my previous role, I was an ICS security strategist and managed numerous business functions from Intel ranging from global semiconductor factories for OT, sub-factories for ICS, global BMS, and smart buildings/facilities.
I helped transform Intel’s ICS ecosystems into the next frontier of digital 4.0 industrial evolution and helped govern the organization’s strategic risk and controls deployment to enable reference architecture and meet all local, state, and federal regulatory compliances. Finally, I assisted in forming security policies and guidance throughout the organization.
My belief has always been that “visionaries build what dreamers imagine,” and this was validated when I met Yevgeny Dibrov (co-founder and CEO) and Nadir Izrael (co-founder and CTO) or Armis. At Armis Security, I truly see this motto lived out every single day across all business functions and am so excited to be joining this team.
As a technical leader, it was imperative for me to meet as many members of my new team in person as possible and I have been very fortunate to be able to visit Tel Aviv — especially in these current COVID times — and meet our rockstar employees face to face across product, research, and data teams.
This has been critical to helping me quickly onboard and get up-to-speed on all of Armis’ technical concepts so that I am in the best position possible to simplify them where needed and then communicate these new goals to our broader team. I am excited to be creating a technological vision and roadmap and help bring Armis into its next phase of OT innovation.
What are your professional strengths, and how do you intend to use them in your new job?
As Chief Technology Officer for OT, I plan to further expand Armis’ technological capabilities from AI to smart factories to industrial IoT or our zero-trust technology. Most importantly, I plan to align our business output with our customer demands to defend, protect, and enhance their security posture across ICS.
Finally, I am excited to evaluated all strategic partnerships to map out a new business strategy for the next few years that will bring together security requirements, external threats, and market trends to ensure that we are staying ahead of our customer needs and are continually providing them the best service possible.
What evolution in the OT/ICS threat landscape do you see happening?
Evolution in OT is inevitable and we saw this in 2020 where, despite being in the midst of a global pandemic, breaches were on the rise and were more deceptive and difficult to stop than ever before. I predict that there will be even more ICS-focused ransomware and malware attacks over the next year, including more IT/OT convergence, which will rapidly blur the lines to protect those facilities from IT or OT.
I expect to see the trends converge where ICS purpose-built “modular” malware can also vigorously enhance attacks tailored to attack OT systems and edge components, thus hitting both attack surfaces at once. We will also see enhanced exploitation tactics and techniques that start by targeting the supply chain and then make their way down to the OT devices and then even further into edge devices and beyond.
Escalating global cyber warfare and nation-state actors continue to evolve and become bolder, which are raising the stakes to an untenable level as critical infrastructure is now being seen as the main target to any military power.
How would you describe the difference between how vendors approach the security of IT vs OT and ICS products/solutions?
ICS OEMs are the crown jewels that need the most protection as they make or integrate the most basic components that are assembled to form an entire ICS system with the help of varying foundational technologies such as asset visibility, access control, and IT tools, to solve a particular problem. The combination of all IT/OT convergence further enhances the area of the attack surface for those components which are misunderstood and mislabeled as “firmware” or “vulnerabilities,” leading to mismanaged security configurations.
Combining the traditional IT architectural review and OT control review groups with purview over risk management in both IT and OT is where ICS products and solutions provide the best services into their product offerings such as automated asset inventory, threat detection and response, and vulnerability and risk management.
What current trends in the OT/ICS security space give hope for improvement of the security posture of organizations that use it?
The evolution of Industry 4.0 and disruptive technologies, like the Internet of Things (IoT) and Industrial IoT (IIoT), have been transforming ICS/OT networks into more converged networks that are giving birth to new initiatives from different governing bodies across the world, including CISA and the DHS, giving all security leaders a renewed focus on protecting critical infrastructure.
In a converged ICS/OT and IT infrastructure, communication is no longer based on proprietary network communication protocols. Instead, the converged ICS/OT and IT network relies on a combination of complex proprietary and open standard communication protocols that are inherently vulnerable to various attacks, which is driving the need for a new focus on developing a standards-based, open, secure, interoperable process control architecture, which will drive the next frontier of ICS/OT technologies.
Future automation systems meet standards of true diversity and provide intrinsic security, multi-vendor interoperability, and an easy pathway for systems migration. End users will reap significant new value and profitability from the operations they control.