Transcript
You know, I remember a time when you could actually say air gap to like, uh, there was a lot more of that out there. Uh, nowadays I think if anyone's talking air gaps, like you really got a question, it's, there are some environments like that, but if you're going through a firewall, it's not air gap, right? So someone could connect back to it. So nowadays I think a lot of stuff is out there, right? There's a lot of connectivity, especially as systems, as not only we're utilizing other stuff for data historians, you know, we're sending more stuff out for engineering data. We're sending out more stuff for optimization. Maybe you bought a fancy new vibration monitoring system and it goes out to the cloud or something, right? There's a lot more of that stuff out there. And then the other case, they've made this stuff a lot easier, right? If you go to the vendors, it's very easy to get a, uh, you know, a point PLC, that's going to do something out in the field that can connect straight out to the internet, right? So as far as identifying it, the first is to recognize that it's, it's out there. And if you don't know where it's at, you should probably be questioning where it's happening because it's, it is something that happens a lot in these environments. If you're not aware of anywhere that it is happening, you should question like how our engineers getting to this stuff, right? If you have people remoting into that, that means you have a path. That means that there's somewhere that they're getting into it. So identifying that sort of stuff is really important. Then there's other things, right? There's network monitoring tools you can put in place that can start identifying this, looking for the actual, uh, calls out to the internet. And I think this is something that's really important, right? If you have unsecure stuff going out to the internet, especially if you're not aware of it, those are the, like, if we look at the attacks that we see nowadays, most of the time it's leveraging that sort of stuff, right? It's coming in through remote access path. It's coming in through something that's facing directly to the internet and you can just get to, right, it's a lot simpler to get to these things. And so these are, are generally our most, uh, like our most highly exposed devices. Uh, so if we're talking about controlling it, I think that this is like the A number one thing we should be going after, right? If, if you're trying to decide where to put my time, where to put my effort, if I'm going to put in a compensating control or change something, usually these are the, are really, really good starting point. You're never going to be upset that you went and fixed an internet facing vulnerability, right? It's, it's always going to be, uh, those sorts of things always pay dividends. So that's what I'd suggest, right? Go out there, you can get, uh, tools like Clarity or others to go look for those sorts of things. And then where you identify those really targeting those types of things first, I think is a, is a strong starting point.