Events , Governance & Risk Management , GovWare
Quick Wins vs. Long-Term: A New Approach to OT Security Risk
Siemens Energy's Mex Martinot on Phasing Security Controls for Industrial SystemsIndustrial control system security leaders face mounting pressure to strengthen their cybersecurity posture amid risks that go far beyond operational disruption. While system downtime remains a primary concern, organizations must also consider liability issues, compliance penalties, reputational damage and human safety risks when prioritizing security initiatives, according to Mex Martinot, vice president and global head of industrial cybersecurity at Siemens Energy.
See Also: Make Zero Trust Happen
The traditional approach of categorizing threats based solely on their severity often leads to analysis paralysis, in which critical but complex issues remain unaddressed while achievable improvements are overlooked. This challenge is compounded by the need to balance security controls with operational efficiency, creating demand for more practical, implementation-focused strategies.
"I came up with this concept called 'road map to resilience,' and it changes the definition if this is a high-priority issue versus it's a big investment … There is a ton of things you can do quickly at no cost," Martinot said. "You need to think of mitigating controls ... it's easy, quick fix versus must be done because of impact."
In this video interview with Information Security Media Group at the GovWare Conference and Exhibition 2024, Martinot also discussed:
- How to quantify the full impact of security incidents beyond operational disruption;
- The challenges of aligning IT and OT security cultures and policies;
- The role of AI and machine learning in improving OT risk assessment.
Martinot leads global growth strategy for industrial cybersecurity at Siemens Energy, focusing on energy sector supply chain security, strategic partnerships and OT security team development. With more than 20 years of experience, he has worked for companies including Hewlett Packard, Dell and EY.