Robert M. Lee’s Post

Founder and CEO, Dragos, Inc.

With the news that Industroyer2 was found (great work by Ukraine CERT and ESET) targeting the electric system in Ukraine this marks the sixth ICS specific malware. It’s a busy time for ICS defenders. However the good news is none of what we’re seeing changes the guidance folks have been giving for years. You need a robust security program but tailored for ICS. - ICS specific incident response plan - Defensible architecture - ICS network monitoring/visibility - MFA for remote access - Key vuln mgmt program Those five controls put people into an amazing place. The focus on tactics, techniques, and procedures like those mapped out in MITRE ATT&CK for ICS also enable folks to move from reactionary to proactive. These are heightened times but with preparation don’t need to be fire drills. Good luck out there folks

15 Comments

Aric K. Perminter

Cybersecurity & Risk Management Executive Leader | Board Member | Empowering Marginalized Communities

I’ll be sure to tune in Robert! The APT actors have mastered the development of custom malware for targeting ICS/SCADA devices. The threat actors will be able to easily scan, compromise, and control the targeted devices upon successfully establishing initial access to the operational technology (OT) network. In addition to it, threat actors can exploit Windows-based engineering workstations present in information technology (IT) or OT environments by leveraging an exploit compromising an ASRock motherboard driver. Those actors could elevate privilege and move laterally, disrupting critical devices or functions by maintaining full system access to ICS/SCADA devices. Isolating the ICS/SCADA systems and networks from corporate and internet networks, regularly updating the passwords of the control systems, regularly keeping backup of the data, limiting network connection of the ICS/SCADA systems, employing robust log monitoring systems, regularly updating the existing software with latest security patches are some additional measures organizations can adopt to prevent the malicious activities. Andrew Stravitz Mario Memmo Nicole Darden Ford Daniel Conroy Kirsten Davies Devon Bryan Tomás Maldonado Aaron Hughes

2 Reactions

Linda Rust

Strategic advisor | Translating cybersecurity to business | Engaging Fortune 100 C-suite and Board, private equity (PE), and company owners | vCISO | Step Zero™ rapid cybersecurity estimates for M&A and compliance gaps

"With preparation there don't need to be fire drills" From your mouth to God's ears!

3 Reactions

M. Yousuf Faisal

I help organizations secure their digital transformation journey | IT & OT/ICS/4.0 Cyber security Advisory, Consulting, Training, Services & Solutions (EMBA, B.E-E, ISA/IEC 62443, GICSP, ISO27001LA, CISSP, CISM, CISA)

Thanks for Sharing. Looking forward for more insights on Industroyer2 from Dragos. Glad to have these points covered in "The OT Security Dozen" series. https://www.linkedin.com/pulse/ot-security-dozen-12-part-series-building-ics-cyber-program-faisal/ OR https://gca.isa.org/blog/ot-security-dozen-series-on-building-an-ot/ics-cybersecurity-program

John Mueller

Director, NAVFAC Red Team and CYBERSAFE Program Director

All good points. And expect to see more attacks and attention toward ICS/OT/Critical Infrastructure in the future. Shields up!

3 Reactions

Mirel Sehic

Cybersecurity | Operations | Digital Transformation

Good list Robert M. Lee, Defensible architecture can include; hardening (CIS etc.) + solid architecture design (zones, network conduits, perimeter protection) 🔒

2 Reactions

Don Druckenmiller, CISSP

Global Manufacturing Sector Risk Manager, US at ASML

"In addition to Industroyer2 <sic> a variant of CaddyWiper was used" "moved from the IT network to the Industrial Control System (ICS) network"- ESET

MUHAMMAD KALEEM

Cyber Security Consultant-Engineer-Analyst

Absolutely these 5 points make robust security program for any ICS/SCADA related industry.

Constantine C.

Linda Restrepo Nicolas M. Chaillan

1 Reaction

Zakeer A Hussain

Sales "Automation & Scale" | Strategic Initiatives | Alliances |

Your content is really helpful Robert

Constantine C.

James Cabe

2 Reactions

See more comments

To view or add a comment, sign in

More Relevant Posts

Robert M. Lee

Founder and CEO, Dragos, Inc.
1w Edited
Report this post
South By Southwest (SXSW) has a voting system for the presentations. I'd like to present on OT Cybersecurity to this wider audience and if you're interested in it (recording or live) give it a vote. (This requires signing in but thanks in advance, I think it'd be good for more people to understand the topic and the impact to our local communities).
Dragos, Inc.

66,867 followers
1w

📣 Cast your vote today to see Dragos CEO and Co-Founder Robert M. Lee present on the impact of geopolitical threats to our critical infrastructure at SXSW 2025! Vote now at: https://hubs.la/Q02KqvbR0 ☑️ Show your support by giving an "upvote" and sharing why it's crucial to learn more about protecting our critical infrastructure from cyber attacks. #ApplicantatSXSW #SXSW #cybersecurity #industrialcybersecurity #icscybersecurity #otcybersecurity
3 Comments
Like Comment
To view or add a comment, sign in
Robert M. Lee

Founder and CEO, Dragos, Inc.
2w
Report this post
To all of those of you who don’t have major social media followings, or feel you’re not yet an “infuencer”, or whatever. The reality is no one cares. Social media is a bubble. I feel I’ve risen to the level of “influencer” in my small pond over the years. And the reality is the people doing the mission don’t care. Most have never heard of even the most “popular voices.” They want to partner with people who care about them, their mission, and can achieve outcomes. Forget the pundits, forget the LinkedIn opinions, just go do good and be damn proud of it.

128 Comments
Like Comment
To view or add a comment, sign in
Robert M. Lee

Founder and CEO, Dragos, Inc.
3w
Report this post
I appreciate being nominated for the Industry Leader category - the votes are open but truly lots of people to choose from, good cohort of folks
CyberScoop

7,602 followers
3w Edited

🏢 Meet the nominees for the 2024 #CyberScoop50 Industry Leadership Award! These leaders have pioneered innovative strategies that enhance cyber defenses and bolster community security. Their efforts are transforming our approach to cyber threats and setting the stage for future breakthroughs. Will Ash | Marianne Bailey | Chris Betz | Paul Butterfoss | Charles Carmakal | Kynan Carver | Christopher Cleary, PMP, CISSP | Sean Connelly🦉 | Poornima DeBolle | Chris DeRusha | Ed Devinney | John Dwyer | Candice Frost | Oz Golan | Vasu Jakkal | Sandra Joyce | Ryan Kazanciyan | Alison King | David Knox | Matt Kunkel | Paul Kurtz | Rob Lalumondier | Robert M. Lee | Katy Mann | Paul Michaels, NACD.DC, QTE, CISSP | Amanda Satterwhite | Dean Scontras | Thomas Stamos | Toni Townes-Whitley | Eric Trexler | Michael J. Wallace | Tomer Weingarten | John Wood | Bobby New, CISSP, ITIL | Alex Chapin | Jennifer Axt 🌟 Celebrate their achievements and influence the outcome by voting for the industry leader whose innovations have truly reshaped our cybersecurity landscape. 🔗 Vote now: https://lnkd.in/dGV3HvSi
10 Comments
Like Comment
To view or add a comment, sign in
Robert M. Lee

Founder and CEO, Dragos, Inc.
3w
Report this post
What do you call cyber threats that target civilian infrastructure such as targeting a city's energy municipality in the middle of winter to deny heating to families? Assholes. I'm excited the Dragos team is focused on finding and countering assholes. https://lnkd.in/epSRg9qk

Simple ‘FrostyGoop’ malware responsible for turning off Ukrainians’ heat in January attack

https://cyberscoop.com

34 Comments
Like Comment
To view or add a comment, sign in
Robert M. Lee

Founder and CEO, Dragos, Inc.
3w
Report this post
Proud of the team for finding and sharing insights on the 9th ever ICS specific malware - FrostyGoop. The malware was used in an attack in Ukraine targeting civilians earlier this year.
Dragos, Inc.

66,867 followers
3w

📣 Just released! Download the FrostyGoop ICS Malware Intelligence Brief covering the recent cybersecurity incident affecting the energy sector. In our report, we cover the OT cybersecurity weaknesses exploited by cyber adversaries and offer actionable insights on how to protect against the threat. Get the intel brief today! https://hubs.la/Q02HBYNT0 Don’t miss our upcoming webinar for a deeper dive – register now! https://hubs.la/Q02HBWV80 #icscybersecurity #otcybersecurity #industrialcybersecurity #DragosIntel #DragosPlatform
9 Comments
Like Comment
To view or add a comment, sign in
Robert M. Lee

Founder and CEO, Dragos, Inc.
1mo
Report this post
It kills me (with pride) that every now and then I have an amazing idea and then find out Mike Assante had it 10 years ago.

26 Comments
Like Comment
To view or add a comment, sign in

39,750 followers

View Profile Follow

Robert M. Lee’s Post

More from this author

What a Record Setting Investment into the ICS/OT Cybersecurity Market Means to Me

Explore topics