How to Get Ahead of Critical OT VulnerabilitiesAlexander Antukh of AboitizPower Shares How to Manage Vulnerabilities and Patching
Vulnerability management and patching are the major challenges most security practitioners face with OT security, says Alexander Antukh, CISO at AboitizPower, a leading provider of renewable energy in the Philippines.
"In IT security, this problem is more or less solved with existing frameworks. In OT security, the problem is that general updates happen much less frequently, and they are more disruptive. And even if updates happen, plants cannot be shut down often," Antukh says. "So we had to come up with an approach of filtering out among those thousands of vulnerabilities and applying patches to those which are important to us. And those vulnerabilities are not immediately obvious."
"What we had to do is to create our own version of ICT vulnerability. We made an inventory of our assets, and we marked those we thought were critical based on different criteria. This is done by applying a high-risk vulnerability to those assets. Then we make a call whether to patch or accept the risk," he says.
In this video interview with Information Security Media Group, Antukh discusses:
- How he manages OT security in his organization;
- A useful road map for OT security;
- Why vulnerability management is a challenge for OT security.
Antukh is an award-winning cybersecurity leader with 15 years of experience at various companies, from small tech startups and consultancies to some of the largest financial organizations in the world.