S1, E8 - To EDR or Not to EDR: A Clash of Views in OT Security

Episode 8 January 17, 2024 00:30:42
S1, E8 - To EDR or Not to EDR: A Clash of Views in OT Security
Off the Wire: A Play by Play on Cybersecurity and Technology Issues
S1, E8 - To EDR or Not to EDR: A Clash of Views in OT Security

Jan 17 2024 | 00:30:42

/

Hosted By

Anthony Kent, CISSP

Show Notes

In the latest episode of our insightful podcast series, we tackled a hot-button issue in the realm of Operational Technology (OT) security: the role of Endpoint Detection and Response (EDR) systems. This episode, "To EDR or Not to EDR: A Clash of Views in OT Security," features our own Jon and Anthony diving deep into the contentious debate, offering enlightening perspectives on whether EDR systems are a boon or a bane in the OT environment.

The Case for EDR: Anthony's View

Anthony, a staunch advocate for the integration of EDR in OT security, laid out compelling reasons why EDR systems are indispensable in today's increasingly interconnected and cyber-threat-prone world. His arguments centered on:

The Case Against EDR: Jon's Perspective

On the flip side, Jon presented a well-articulated case against the use of EDR in OT environments. His main points included:

A Balanced Discussion

What made this episode particularly engaging was the balanced nature of the discussion. Both Jon and Anthony presented well-researched arguments, backed by real-world examples and expert insights. This not only enlightened our listeners but also sparked a thought-provoking dialogue about the future of cybersecurity in OT environments.

Conclusion: An Ongoing Debate

As our podcast wrapped up, it was clear that the debate on EDR in OT security is far from settled. The episode ended on a note that encourages listeners to consider both sides of the argument, weigh the pros and cons, and think critically about the best path forward for their specific OT environments.

View Full Transcript

Episode Transcript

[00:00:00] Speaker A: One, two, three. [00:00:01] Speaker B: Come on. [00:00:02] Speaker C: In the grand stadium of the digital landscape, where teams of innovators and hackers face off daily, there stands a commentary box like no other picture. The buz of a pregame show, the strategy analysis of the halftime break, and the deep dives of a postgame discussion all rolled into one. Welcome to off the Wire, a play by play on cyber issues, your sports desk for the big league of cybersecurity. Just like in sports, in the cyber world, understanding the play is key to staying ahead of the game. And that's exactly what we offer. A podcast that brings the strategy room to you, helping you to understand the moves, the players, and the landscape like a true analyst. Off the Wire, a play by play on cyber issues. [00:00:54] Speaker B: Happy new year, everybody, and welcome back to off the Wire, a play by play on cyber issues. I am one of your hosts, John Watkins, and I have, of course, with me, Anthony Kent. Absolutely. Mr. Kent, how was your holiday season? [00:01:10] Speaker A: It was fantastic. Had an awesome Christmas with the family, didn't have to travel, so that's always a plus. [00:01:17] Speaker B: That's a plus. [00:01:17] Speaker A: And then moved on to New Year's, and that was great, too. I was hoping my kid from the air force would get to visit, but he didn't make it down. But the rest of us, we had a good time. What about you, John? [00:01:29] Speaker B: Yeah, it was excellent. I got to spend some time, went down to my brother's, which was great. Had a fantastic time down there. He'd just done some stuff to the house, so it was kind of cool to be able to go down there and check all that out. And then on my wife's side, we got to hang out at her sisters and got to spend some time with my kids. And so just a fantastic holiday season. New Year's, we had a big bash at our church. That was fun. I got to play some music in front of people, so that was always something I love to do. So that was fun. [00:01:57] Speaker A: John, I did want to mention one thing. So, I mean, we had a great holiday, but my wife's grandfather, who was 100 years old, a World War II veteran, and he was actually in the battle of the bulge, he recently passed away. I didn't hear that, but he was a great man, and he was just happy I got to be in his life for the time I did. [00:02:20] Speaker B: That generation is. That's a totally different. That's the greatest generation, right? Those guys. My grandfather, my mom's dad, he was in the battle of the bulge as well, over in Germany, and that's amazing. And I hate to see that, obviously, that we lost him, but thank goodness for those kind of. I mean, would we even be free today if it weren't for some of their. [00:02:44] Speaker A: I mean, with the war and everything that and just everyday living he would talk about, know, like as a, uh, they would get on a cape fear river and basically take a raft down to Wilmington. From then, you know, they'd get all their stuff that they were getting in Wilmington and then they'd walk back. I can't imagine doing that today. [00:03:04] Speaker B: Yeah, we're a bunch of wimps. That's what it is. Compared to those guys. Those guys were beasts, man. [00:03:09] Speaker A: For sure. [00:03:09] Speaker B: Well, fantastic. And it's good to be recording another episode of off the Wire and first one of 2024. So we've had a pretty good success. This is episode eight. And what's the title of today's episode, anthony? [00:03:21] Speaker A: This one is to EDR or not to EDR. A clash of views in OT security. [00:03:27] Speaker B: And with that, let's take a quick listen to our sponsor, which is John Watkins Consulting. [00:03:32] Speaker C: Today's episode is sponsored by John Watkins Consulting, the Cybersecurity Expert Electric Cooperatives Trust. Are you an electric coop struggling with limited resources and the daunting task of safeguarding critical infrastructure? John Watkins consulting specializes in easing that struggle. With over 14 years of experience, John offers tailored solutions to fight your unique cybersecurity challenges. Don't let the difficulty of board engagement and cultural challenges hold you back. John Watkins Consulting will guide you through these challenges, turning your pain into progress. Yes. Ready to fortify your co op's digital defenses? Call 937622 eightyn or visit johnwatkinsconsultants.com. John Watkins consulting, turning your cybersecurity struggles into strengths. [00:04:31] Speaker A: All right, everyone, we're glad to be back. It feels like it's been a year since me and John last spoke. [00:04:39] Speaker B: I tell you what, this is already the best podcast we've recorded all year. [00:04:44] Speaker A: That is for sure. [00:04:46] Speaker B: It may be the worst, but so far it's the best. [00:04:49] Speaker A: Yeah, maybe we're a little rusty, but we'll pick it back up. [00:04:53] Speaker B: Absolutely. [00:04:53] Speaker A: So I figured this was a good topic to first segue into OT security. We really haven't spoken a whole lot on OT security, but just whether there's a lot of folks, tons of co ops have Scada, almost all of them. But how many of them have an EDR in their OT environment? [00:05:13] Speaker B: Yeah, and that's a fantastic question and a great way to kind of introduce this topic. For those of you who don't know what EDR is and OT and all these things that we're throwing out there. We're talking about endpoint detection and response. And on the OT side, what we mean is operational technology. So we're talking about the IT side, the business side of the house, the corporate side, if you will. We're talking about the operational side. We're talking about all those connected devices out in the field. Like Anthony was mentioning, the ScaDA stuff, the AMI stuff, the automated metering know, how are we looking at those? And EDR, what it does as endpoint detection and response is it looks at all that stuff and it makes sure, especially on the it side of the house that it does well, just like you would think it does detection and response for intrusions. So this is kind of like something that's evolved over time, right, because it was what, IDR and then XDR and MDR and EDR. It's all these DRS, right? [00:06:05] Speaker A: Yeah. It's got a new acronym every month. [00:06:08] Speaker B: Yeah, exactly that one. It really has been a moving target. But with that, before we get into that, let's go ahead and do our introductions. Mr. Anthony. Go for it. [00:06:17] Speaker A: All right. Anthony Kent. I'm the vice president of it over at four county EMC. I've been off and on at co ops for about a decade. And also I did a cybersecurity for about ten years as well between Eds and Hewlett Packard, supporting the Navy who are. [00:06:33] Speaker B: Thanks for your service. Also a CIssp, right, aren't you? [00:06:36] Speaker A: That is correct, yeah. [00:06:37] Speaker B: So we don't forget that I'm myself, I'm John Watkins. I've been doing cybersecurity for the last 15 years now. And it's kind of funny, I've got a lot of different passions. One of them I actually just opened another business where I own a sign shop. So I create signage. But when I'm not creating signage, I'm helping protect systems. And I worked at a co op for about eleven years as the manager of information services. And now I have a consulting company and I help cooperatives who are struggling with incident response. And I do a lot of practicing with tabletop exercises and those kind of things. Also, a CIssp holder not, wasn't in the Navy, so don't diss on me too hard, Anthony. I was in the army, but also a veteran as well, just to straighten that out. [00:07:20] Speaker A: I was in the marines. I supported the Navy as a civilian. [00:07:24] Speaker B: Oh, well, yeah, thank you for that. We'll straighten that up. Okay. So let's get into this topic. So let's talk a little bit about EDR and OT. So first of all we got to do the old infamous coin flip. And are you wanting to, I mean the new year, everything like that? Can I call this one? You want to call it? What do you want to do? [00:07:44] Speaker A: I mean, if you must, that's fine. [00:07:47] Speaker B: All right, I'll call it in there. Let's see. Let me do the flip. I'm going to say heads. Ooh, I win the toss. So it is heads. [00:07:57] Speaker A: So what are you going to select? [00:08:00] Speaker B: I have a feeling that you're for this topic. So just because you're for it and because you're a jar head marine, what I'm going to do is actually going to go against you on this topic. [00:08:11] Speaker A: Well actually I am for EDR on the OT environment. So that does work out well. [00:08:17] Speaker B: Let's talk about that. Let's talk about that. Let's just get it right into it and let's just talk about a little bit because here's my thing with it. I get it. EDR is a good thing. It's detection, it's response, it's endpoint. You can't protect what you can't see. I get all that, but come on, really we're talking about super complex on this OT side. I mean, you know what I mean? Like you got this kind of device, you got that kind of device and some of this stuff, it's like serial to Ethernet, right? And it's not going to integrate super well. I mean how are you even going to feed that into your, well, I. [00:08:49] Speaker A: Guess, let me tell you what kind of gave me the idea on it. We are working, a lot of the co ops are working with North Carolina statewide and we were looking at all these OT security tools and there were a couple of them that basically, and I might be oversimplifying them, but what they appeared to be was basically just the itedr that they were installing on the OT environment. But I got the thinking about it. Why just use a simple antivirus? Why not get the full power of what you're using in your it environment? And some of the things with ours, it tells us if we've missed patching. We really have no idea if we're missing patching some entities where it's logically or physically separated. I understand that the only thing they really care about is Windows updates. But what about all those other pieces of software on there? Are they being updated? And how do you know that? [00:09:44] Speaker B: Well, let me take the OT side here, let me stand up for the OT folks here for a little bit. You don't really want to update some of this stuff though. I know you got a patch. You got to patch, but come on. I mean if I patch some of this stuff it's going to fall over. Plus I know some equipment, for example, I know you're going to hate me for this one, but if it doesn't have Windows XP, I can't even get in to manage it. [00:10:07] Speaker A: If you're running Windows XP and I don't care if it is physically separated, that is a huge no no. [00:10:13] Speaker B: It might be. I'm not saying it's not. But there's always exceptions to every rule, right? [00:10:18] Speaker A: Well we don't have any of those exceptions. I can tell you that. [00:10:21] Speaker B: That's a good thing and I get that. But I know for a fact that there are situations like I had this one situation for a meter software, for example. Nothing was ever connected to the Internet, but literally I had to be able to configure these specific meters while they were still. Now of course they've been phased out since. But at that time and before the new meters came in, the only way we can configure some of these meters was with this meter software that would only run on XP. And one of the things that you run into is it's not necessarily that the equipment is so bad or anything like that, but the software doesn't get updated. If the vendor doesn't update the software and that's all you got, what are you going to do? [00:10:57] Speaker A: Yeah, no, I understand that. I guess I'm really looking at it more for if you have something that's connected all the time, and I'm not saying to the Internet, I mean obviously you shouldn't be connecting OT stuff directly to the Internet, but if you've got a ScADA workstation and a ScADA server that's running all the time, that's the type of device I'm going at. If you've got a device that's not tethered to any connection, I can understand leaving that. I would recommend hardening that. I mean even if it's XP you could still somewhat harden that operating system. I don't know how, but I'm sure you could harden it somewhat. [00:11:31] Speaker B: XP cracks me up because it's been around for so long that it's so well documented like every single vulnerability and since they haven't updated it for years. But what is it? I think literally it outlasted like pretty much every other OS right. They should have stuck with XP. I mean just upgraded XP. Right. [00:11:46] Speaker A: I do remember the sound that it made when it would boot. And then that lovely pasture that they had, it was a great screen saver. [00:11:58] Speaker B: Somewhere in Sweden somebody told me, I think, or something like that, I don't remember. So it brings up another point though really. And this is where, again, where I'm kind again, I'm not against visibility, right. I'm for visibility as far as that, as a concept. Right. But just in practical terms, to put this in an OT environment, doesn't this an EDR, introducing an EDR into my OT environment, doesn't that just introduce a bunch of potential for disruption to my environment? [00:12:26] Speaker A: I mean it possibly could. And I will say this, every organization really needs to decide whether this is the way for them to go or not. Right. But I know when we rolled out our most recent EDR we were worried about it breaking stuff and really we didn't have any issues with it. I mean we've had much more issues like upgrading our external firewall than rowing out a whole new EDR into 180 devices. So I think people kind of remember back in the day like 15 years ago, a lot of the stuff would, and I'm not saying stuff can't break it. 100% can break, sure. But I think things have gotten much better as far as it was in the past. [00:13:10] Speaker B: Well what about the computing resources or other resources too? What about just like if I put this stuff in now, I almost have to have another body, you know what I'm saying? Just watching that because I mean this thing, especially in the beginning, you really got to tune these systems with all the alerts coming in and all that kind of stuff and the whole sock piece. Do you really want all that information going to a third party sock? I mean maybe you do, maybe you don't. [00:13:34] Speaker A: I mean I would just treat it like you treat your it environment. If you've got an EDR, I would highly consider just using the same piece of software. That way it's not that much overhead. Instead of just buying another piece of software that's dedicated for OT. I'm not saying not to do other OT security stuff, but if it's really just kind of in a nutshell, an EDR solution, just go ahead and use what you already have so it's not that much more overhead. [00:13:59] Speaker B: Yeah, because I think some of these, I hate to give you a point, just goes against my principles. But to your point, I think you do have a point here, because if you've got something that already exists in house and it's got plugins. Like, I think skate offense works with a lot of different vendors. Right? [00:14:15] Speaker A: Yeah. [00:14:15] Speaker B: Okay. So you get one point so far. [00:14:18] Speaker A: And I do think that in some situations, your point is correct. So I'll even back you since you just gave me one. And this would only be this situation, which I think is everyone's kind of moving away from. If you go back in the day, you didn't have all these reports, you weren't collecting all this data from your OT network or your ScADA environment. But I think as time progresses, we all want more data. We want more reports. We want to do stuff with that information which requires us to basically interconnect it with our OT network to be able to do that. But anyways, if you're not really digesting that data, I think it really doesn't make sense. But if you're highly connecting or doing a lot with it, I think you should definitely consider it an EDR. [00:15:09] Speaker B: What about this? I don't even know that some of the OT specific threats would really be picked up by your commercial off the shelf EDR systems. Right. I mean, they're typically designed specifically for it stuff. [00:15:25] Speaker A: Correct. And the way I would look at it though is if you've got a windows vulner, say, for some reason, I don't know why, you'd have Adobe on a Scada machine, but say you had Adobe or chrome and there was a chrome's got vulnerability every other day. But if you have that on there and it could be exploited. But yeah, with the ScaDA specific, I'm going to slaughter this term. A Schweicer equipment. Yeah, an Sel. And there's a specific vulnerability. I think that's where, I mean, at least you'll know the analytics and the reporting from your, you know. Yeah, I don't think it would specifically look for that. And that's know, certain types of OT security could help you out, but I think it's going to give you a much bigger picture than just having McAfee or Symantec or not having anything on it. [00:16:13] Speaker B: Well, I think one point that's coming to my mind that as we sit here and talk about this, if you've seen one co op, you've seen one know, and there's so many co ops that have so many different situations that I think from a cost perspective, some, it's going to be no brainer, right. They're just going to put it in. They're going to do it. I mean, they're already highly deployed and they've got staff to run it. If you get a smaller co op or somebody that's wearing a lot of hats, I think there'll probably be some cost concerns. People are probably going to be a little bit hesitant to put something like this in just because, like I said before, the resources that it would take, because EDR is not cheap by any means. Right. And then you get the fun thing of like, for example, I'm not going to mention any vendors names, but one particular vendor that I'm thinking of right now. I'm not going to mention who it is, but I will tell you that I know for a fact that they've been bought, then they've been sold and been sold, and then they've been bought. They just keep changing hands. In that kind of a situation, you don't have a lot of vendor stability. Makes it tough to commit to something, especially if you don't feel like, are they even going to be here in three years or five years or ten years? Because everything that we do in the cooperative world, we're talking 50 year plant life, right? So if it's not going to last 5710 years, it's kind of like, I'll. [00:17:31] Speaker A: Say this, I guess I really like the EDR solution that we use, and I'm very comfortable and it's vetted and I feel like it'll be around for a long time. In that scenario, I feel comfortable. If you got an EDR solution you're a little iffy on, I would highly suggest you looking at it on your Ot side first and maybe considering other vendors. But if you've got a solution that's tried and true and you got confidence on your it side, I think that's when you should consider looking at it. Put it on an OT side. [00:18:02] Speaker B: I will always be in favor of more visibility. I'm never going to argue against visibility because you can't protect what you can't see. So I totally get that. But I think to your point, too, I think cooperation among cooperatives is huge because if you don't get with other cooperatives and say, hey, what are you guys using? What works for you? Or if it's a smaller co op, maybe there's some ways to strategize like a purchase where everybody gets to kind of benefit, right. I think if you don't do some of those kind of, if you don't figure it out one way or another and don't have the visibility and something happens, I guarantee you'd be wishing you had that visibility. [00:18:40] Speaker A: Yeah. And that's what I mean. You're definitely right. The co ops, just recently we sent some folks over to Central and I was talking to someone at Jones Anzlo, and we're going to probably visit there here in a couple of weeks. But I think, like you said, just dealing with all the other cooperatives, if there's a bad solution out there, I think you're going to find out pretty quick. [00:19:00] Speaker B: Yeah. And you should. And you should hit the lift serve up. And I think this, what it boils down to, I mean, every place is different, right? And so I think you've got to have enough. You just kind of got to go through this and see what makes sense for your specific cooperative. Because here's the other big thing I didn't even mention yet is the whole training and expertise requirements. I said this, kind of alluded to this earlier with saying, having a body in place to kind of watch this stuff, but how qualified is that body when, if you're really restricted on manpower and you've only got so many ftes in those slots and everybody's wearing ten hats, which totally happens at co ops. You know what I mean? How? Well, I mean, it's one thing to have an EDR for your OT. It's a whole nother thing to do it and do it in a very good. [00:19:43] Speaker A: Yeah. And you know, actually just recently I saw some stats for the co ops in North Carolina. And you're right. And this is where I'm telling folks to let. [00:19:55] Speaker B: I like it when you say you're right. I like that. You can say that again if you want. [00:19:59] Speaker A: You had a point. Let's not get over John. [00:20:03] Speaker B: Oh, okay. Sorry. [00:20:05] Speaker A: But I saw the stats for how big co ops were and how many it folks and how many dedicated cybersecurity folks. And I am a very fortunate person. There's eight folks in my department, and the co ops that have about the same size are much bigger than us. I'm very blessed that our CEO really has, he knows the importance of it and really supports us and we got the folks in place to do this. But with seeing that though, I saw these co ops that weren't much smaller than us, that had one or two people. [00:20:42] Speaker B: Right. [00:20:42] Speaker A: And everything has to be a struggle, even just patching our it environment. I'm sure it's a struggle. Anyways, I'll get on my soapbox a little bit. If you're a board member or a c level or a CEO, you need to make sure your IT department is properly staffed. I mean, absolutely. All the cybersecurity stuff, you can identify everything all day, but you're not going to be able to fix it if you don't have the it people in place to fix it 100%. [00:21:10] Speaker B: And, I mean, I think you touched on it very succinctly when you talked about your management, right. Being on board with the thing. Because without your management being on board with this thing, nobody's going to be on board with it. And I'm like, you, I'll get on my soapbox a little bit and say, hey, manager. Yeah. If you don't really understand the threats of this being a business risk, forget all the technical thing, just throw the technical thing out the window. The fact of the matter is, this is a business risk. Last episode, we talked a little bit about that local manufacturing facility. They have a worldwide operation. Right? They got hit with a $20 million ransom. Their operations were down for close to five weeks. Okay? They were able to still do production, but all of their billing, all of that stuff was all messed up. Their payroll was separate because it was on a different system. So they're still able to pay their people, but they had people not working that whole time and yet getting paid because they had no choice. They couldn't work, they couldn't come in, they couldn't do all your accounting and office folks. And this is a worldwide. And also another episode we'll talk about. We talked about the DMEA incident, and if you talk to Bob Farmer and you talk about that six weeks of disruption, think about how you would operate without billing, being able to bill your customers, your members for six weeks. Right. That's a window. [00:22:32] Speaker A: Yeah. I don't know that a lot of co ops got the cash flow to support that. [00:22:37] Speaker B: And Bob will tell know they came this close to just really having a bad day, really having a bad year. Right. Just from that one incident. Not to mention, there's a huge loss in trust from your member base and Bob. They've overcame a lot of it and they've had to work very hard to do it. But there's also a big loss and a big hit to your employee base. All of the senior leadership at DMEA since November of 2021 are new. They also lost 25 years of data in that incident. So now you've got all new senior staff with zero data to work from. [00:23:12] Speaker A: I didn't realize that they had all new staff. [00:23:15] Speaker B: Yeah. And that keeps happening. You've got it. Staff that say, we have one more incident around here. I'm gone tell you that. So I think there's a lot to think about to the cost of this. That really has zero to do with quote unquote, technology. The people aspect of this is something that we really need to consider because this is the disruption. Right. So put some visibility in. By all means, get some people to man it. You know what I mean? I'm not against EDR in your ot environment. Don't get me wrong. It needs to be nuanced. It needs to be done the right way. But I'm definitely in favor of having more visibility. All in all, I will concede this one to you. I will allow you to win. [00:23:54] Speaker A: It's awful gracious of you, John. [00:23:56] Speaker B: Well, I take pity on you. From time to time, I feel bad for you. You know what I'm saying? I'm trying to help you out. [00:24:00] Speaker A: There's a lot of people who have pity for me. [00:24:03] Speaker B: No, you've got some excellent points. There does need to be EDR and the ot side of the house, period. Got to do it the right way. The other thing is you're going to have to have, if you're an it person, you're going to have to have a healthy dose of respect for that ot side of the house. And you're also going to have to have a good relationship with them. And if you don't, that's one of the managers jobs too, right? To come in and say, okay, OT folks. Okay, it folks. You guys get together. I know one co op down south, they have a blended itot department, right? So their it manager has responsibility for OT staff that are doing ScADA, that are doing Ami. That right there is ideal, in my opinion, and I applaud them for doing that. [00:24:47] Speaker A: Yeah, that's what. And actually, there's some training for operation or engineering folks that are doing ScaDA to kind of learn about cybersecurity. But what that co op is doing, basically kind of owning the OT like that fixes that. But if you're separate, and some folks thinks it needs to be separate, you need to get your engineering folks trained. They need to know about cybersecurity because they're iping, they're putting in passwords and stuff like that. Do they even know that they shouldn't be using default credits? Has anyone told them that? [00:25:20] Speaker B: And it's not that they're not capable. That's not the point. They're very capable people, but what they're doing is they're just going about their business, doing their job, and they do a very good job. At doing it. But the problem is they get the blinders on, they get tunnel vision. And what you really need to have is being able to facilitate a conversation, or have a conversation that happens where they are able to broaden their vision a little bit and see what they're doing and how it impacts other parts of the business. Isn't that a manager's job? [00:25:52] Speaker A: Yeah, for sure. [00:25:53] Speaker B: Right. So to me, the onus is on the managers and the board, probably the manager more than the board, because the manager is in the everyday, day to day operations. The manager needs to take that ownership and say, okay, this is another business risk like any other business risk out there. If this was a storm, they would not act the way they act towards cybersecurity. They're very proactive about it, and they would figure out, okay, we need to have people that take care of hotels and all these Ancillary things. They do need the same thing. They need to do the same exact thing for cybersecurity. Unfortunately, I hate to say this, but I think the only way this will ever, ever happen is more cyber incidents happening to co ops. And God forbid, I hate to see that happen. All right, so fantastic discussion today. This is a shorter episode maybe, but we talked a lot of things on the EDR ot security using EDR over there. We talked about an enhanced detection or endpoint detection and response, improved visibility. I mean, that's what it comes down to. Advanced threat intelligence. These are all good reasons to put that stuff in. Of course, you can integrate that with your it security. You've got some automated response capabilities. You can shut some things off through your EDR that you're just able to take care of that, especially if you've got a 24/7 manned sock behind that against it. It's very complex to put some of this stuff in. It's expensive. They can maybe disrupt things really badly and kind of make it bad for operations, which clearly, reliability for the electric system is a big deal. There's a resource constraints, maybe there's some limited effectiveness. We talked about that against OT threats. And of course, the cost, I mean, the cost is always a big deal. And then the training. Does the people sitting in those seats have the right training to be able to respond to those threats or to be able to know how to actually man that equipment? Right? [00:27:37] Speaker A: Yeah, I think just folks that don't have anything in their OT environment, just consider it. If you're just using McAfee or Symantec, consider moving your existing EDR over to the it environment and then it'll give you more visibility on the weaknesses you have. And if you have an incident, maybe you can isolate it to the single host. And yes, it does cost money for EDR, but when you talk about your OT environment, how many devices are you really talking about? You got a couple of servers. Unless you're really a huge organization, you probably don't have too many ScADA workstations. Typically there's not going to be a whole lot of windows and Linux boxes in that environment, right? [00:28:14] Speaker B: And it's not going to be able to monitor all the other stuff anyway. You're not probably going to be able to hook this up to an SEl whatever. I don't even know anything. I don't know what those switches are. So don't roast me on that one, but in the comments or wherever, but that's just the way it is. All right, well, good show. Any final thoughts to conclude with before we talk a little bit about the sponsor and our closing remarks? [00:28:34] Speaker A: I just appreciate everyone's support and appreciate the feedback. And please like and subscribe to podcast. It means a lot to us. [00:28:41] Speaker B: Does absolutely, does like subscribe, share. I think that's a big one too. Everybody seems to be listening in on Apple more than Spotify. But hey, we're both available on both of those platforms. Also on my website. John watkinsconsultant.com I want to thank myself for being a sponsor. We had some other sponsors lined up. We may have some yet before this season is out. By the way, speaking of seasons, we have four episodes left in this season. Anthony, can you believe it? Only four. [00:29:08] Speaker A: It's winding down. It's been a quick year. [00:29:13] Speaker B: Yeah, it's been awesome and it's been a fantastic experience just kind of getting into this podcast thing and the response has been fantastic. I've been really been impressed with everybody and how they're listening. And I just got a text the other day. This was a really good one, John, and that's really cool. It's good to hear that from you guys. We really appreciate everybody listening. We do have a way to donate. If you want to donate, you can go to, there'll be a show notes with a link there for we, we appreciate that. If you want to donate and just keep listening. If you have any topics you'd like to hear from us, and we'd like to know that too. We're going to try to get some more guests on the show and we've got a couple of things left and we have four episodes left in the season. Before we go into season two. If there's going to be a season two, I don't know yet, but I think that's all I've got. Do you have anything else? No. [00:29:57] Speaker A: Just thank everyone for listening. And thank you, John, for conceding. [00:30:04] Speaker B: Nice. See you, everybody. [00:30:06] Speaker A: Bye everyone. [00:30:06] Speaker C: One, two, three. [00:30:08] Speaker B: Come on. [00:30:08] Speaker C: Thanks for listening to off the Wire, a play by play on cyber issues featuring Anthony Kent and John Watkins. Make sure to, like, subscribe, follow, and hey, share this podcast if you liked it. We appreciate it. Appreciate your time. See you next time. The views and opinions expressed in this podcast do not necessarily reflect those of John Watkins consulting or its affiliates. Always consult with a qualified cybersecurity professional for tailored advice.

Other Episodes

Episode 6

December 12, 2023 00:57:19
Episode Cover

S1, E6 – Navigating the Cyber Storm: Lessons Learned from DMEA

In November 2021, Delta-Montrose Electric Association faced a cyber-attack that tested their limits. Now, hear the gripping behind-the-scenes story in our latest interview with...

Listen

Episode 3

October 31, 2023 00:27:14
Episode Cover

S1, E3 – Geoblocking: Is It the Iron Mike Tyson or Justin Bieber of Data Protection?

Episode Highlights: Defining Geoblocking: Learn about the mechanisms that allow for regional blocking and how it can be applied in real-world settings. The Good,...

Listen

Episode 7

December 27, 2023 00:41:20
Episode Cover

S1, E7 - Introducing KIKrr and the HACKERverse (Sponsored)

Discover the inspiring journey of KIKrr's co-founders, Mariana Padilla and Craig Ellrod, in Episode 7 of the Off the Wire podcast, "Introducing KIKrr and...

Listen