Secolve Update: March 2024

It's been a whirlwind month welcoming Bruce Large to the team (more on that down below), who brings additional strength and expertise to the team around AESCSF and OT security architecture as well as being our chief evangelist!?

Our second Adelaide meetup was a great success. The team really enjoyed connecting with all the OT talent in South Australia and connecting with old and new faces.

We have been busy with online events as well, hosting our first livestream event featuring Chris Bihary, CEO of Garland Technology , and planning more to come.?We held a?webinar with Garland Technology and Nozomi Networks discussing how to optimise OT security for Australian critical infrastructure. If you missed out on either of these sessions, you can rewatch our livestream here and our webinar here.?

We have some exciting announcements coming soon for upcoming meetups and some overseas conferences in the next month where we will be taking OT-SAT to other global regions, so watch this space!?

- Belinda?

We sat down with Bruce Large, Principal OT Security Architect and Chief Evangelist, to find out more about his OT journey, OT cyber security concerns, and what he is excited to achieve in his new Secolve role. You can read the full interview in our blog, but here are some snippets from our conversation.

How long have you been working in/with OT? ?

I have over 15 years' experience in IT and operational technology (OT).

Why do you like operational technology (OT)??

OT is awesome because they are systems that interact with the physical world. I remember back at uni working on micro controllers and being fascinated with being able to turn physical relays off and on, and making lights pulse with software code. Working in OT is a lot of fun because you get to play in the real world too. I enjoyed being able to take four-wheel drives out to remote sites to do the “normal” IT work that most people do from an office.?

What are you most excited to achieve now that you’ve joined the Secolve team??

What I'm most excited about is being able to take the lessons learned that I've had in different industries, different fields, and help consult with our clients, especially around things like making pragmatic architectures that actually make defence durable. It's quite exciting and I think also being able to be that bridge between IT and OT, to help OT security functions speak better to their IT teams. Lesley Carhart from Dragos, calls herself an “OT marriage counsellor”, and I’m a big fan of that term. I think it's an important role for us to do as consultants - to help be that bridge and help the OT teams better articulate their risks and get the resources to manage it all.

Often clients will have a lot of the ideas already in their heads, but they can't really get it on paper, and I feel like that's where we can assist – helping them articulate their thoughts and align them with what's happening in industry and general trends. ?

I think there is also a lot of work to be done to align with the Security of Critical Infrastructure (SOCI) Act and their Critical Infrastructure Risk Management Program (CIRMP). So how do we, as Secolve, help our critical national infrastructure best manage risks? That’s something I’m very excited to about. Aligning organisations to mandated government uplift, getting out there as Chief Evangelist to talk with industry, connect industry with the government, with policymakers, and helping people get OT security front of mind so that we're managing risk properly. ?

18 April?

The OT Security Summit 2024 in Fredericia, Denmark. SecuriOT is hosting this focused OT security event to bring together a wide range of speakers and participants, all with the shared interest in securing OT from cyber threats.

19 April?

AISA BrisSEC Conference. This in-person event brings together all business groups and all cyber and information security practitioners to learn about current threats and how to best protect company operations and information.

23-25 April??

GISEC GLOBAL is taking place in Dubai, bringing global cyber security enterprises, CISOs from major corporations across the Middle East, Africa & Asia, government dignitaries and cyber leaders, regional and international innovators, and global experts, to decisively lead cyber security transformations across sectors and nations.?

There’s a lot that's happened in the OT security space, this month. Here is a summary of some of the latest news articles and industry news.

CISC released their refreshed Organisational Resilience HealthCheck Tool (HCT) and Good Practice Guide to complement the use of the refreshed HCT, which provides real-world examples.

In case you missed out on attending the 2023-2030 Australian Cyber Security Strategy: Cyber Security Legislative Reforms Consultation Paper Town Hall Information Sessions live, you can read through the transcripts here.

CISA has released a fact sheet with guidance for critical infrastructure executive leaders on the urgent risk posed by state-sponsored cyber actors known as “Volt Typhoon.

The US EPA and NSA sent a letter to all US Governors inviting state environmental, health and homeland security Secretaries to a convening by their deputies to discuss the urgent need to safeguard water sector critical infrastructure against cyber threats – highlighting two recent and ongoing threats to the nation’s water systems.?