Summary: The video discusses the nuances of digital forensics and incident response (DFIR) in operational technology (OT) environments, emphasizing the differences and challenges compared to information technology (IT) systems. Kai Thompson, an expert from DRAOS, shares insights about his extensive experience in incident response, the impact of ransomware on OT systems, the complexity of managing legacy assets, and the importance of preparation and communication in incident response scenarios.
Kai Thompson leads the global incident response practice at DRAOS and has over 25 years of experience in DFIR.
The main difference between OT and IT is that OT controls physical processes and equipment, requiring knowledge of these processes.
Preparation for incident response in OT is more complex due to safety regulations, background checks, and the need for personal protective equipment.
Ransomware incidents in OT environments are often due to inadequate segmentation between IT and OT systems, leading to vulnerabilities.
Legacy assets are frequently targeted by attackers, complicating incident response due to outdated infrastructure and security practices.
Tabletop exercises are crucial for organizations to prepare for incident responses; having “what if” discussions can help teams understand their protocols.
The authority on shutting down or reconnecting systems must be clearly defined within an organization to prevent delays during incidents.
Hands-on experience in OT environments is vital for anyone looking to enter the field of OT cybersecurity, as it involves understanding specific processes and equipment.
Managing incident response on-site requires knowledge of safety protocols, especially in potentially hazardous environments.
Key Points:
Youtube Video: https://www.youtube.com/watch?v=qWsNbcqJX8M
Youtube Channel: Simply Cyber – Gerald Auger, PhD
Video Published: Wed, 16 Apr 2025 13:30:06 +0000