TRENDING:

Governance & Risk Management , Operational Technology (OT)

How to Get Ahead of Critical OT Vulnerabilities

Alexander Antukh of AboitizPower Shares How to Manage Vulnerabilities and Patching Suparna Goswami (gsuparna) • February 22, 2023    
Alexander Antukh, CISO, AboitizPower

Vulnerability management and patching are the major challenges most security practitioners face with OT security, says Alexander Antukh, CISO at AboitizPower, a leading provider of renewable energy in the Philippines.

See Also: Live Webinar Tomorrow | Get Your Head in the Cloud: Modern Security Challenges & Solutions

"In IT security, this problem is more or less solved with existing frameworks. In OT security, the problem is that general updates happen much less frequently, and they are more disruptive. And even if updates happen, plants cannot be shut down often," Antukh says. "So we had to come up with an approach of filtering out among those thousands of vulnerabilities and applying patches to those which are important to us. And those vulnerabilities are not immediately obvious."

"What we had to do is to create our own version of ICT vulnerability. We made an inventory of our assets, and we marked those we thought were critical based on different criteria. This is done by applying a high-risk vulnerability to those assets. Then we make a call whether to patch or accept the risk," he says.

In this video interview with Information Security Media Group, Antukh discusses:

  • How he manages OT security in his organization;
  • A useful road map for OT security;
  • Why vulnerability management is a challenge for OT security.

Antukh is an award-winning cybersecurity leader with 15 years of experience at various companies, from small tech startups and consultancies to some of the largest financial organizations in the world.

Previous
Ireland Set to Notify 20,000 More Health Data Breach Victims
Next
Crypto Exchange Coinbase Details SMS Phishing Attacks

About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.



Around the Network

Addressing Security Gaps and Risks Post-M&A in Healthcare
Addressing Security Gaps and Risks Post-M&A in Healthcare
Inside Look: FDA's Cyber Review Process for Medical Devices
Inside Look: FDA's Cyber Review Process for Medical Devices
Why OT Security Keeps Some Healthcare Leaders Up at Night
Why OT Security Keeps Some Healthcare Leaders Up at Night
Why Connected Devices Are Such a Risk to Outpatient Care
Why Connected Devices Are Such a Risk to Outpatient Care
Zero Trust, Auditability and Identity Governance
Zero Trust, Auditability and Identity Governance
Generative AI: Embrace It, But Put Up Guardrails
Generative AI: Embrace It, But Put Up Guardrails
Threat Modeling Essentials for Generative AI in Healthcare
Threat Modeling Essentials for Generative AI in Healthcare
The State of Security Leadership
The State of Security Leadership
Critical Considerations for Generative AI Use in Healthcare
Critical Considerations for Generative AI Use in Healthcare
Why Entities Should Review Their Online Tracker Use ASAP
Why Entities Should Review Their Online Tracker Use ASAP

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.