part 1 | Segmentation Fundamentals
Part 1: Segmentation Fundamentals for Protecting Operational Technology
Industries that use industrial control systems are looking to add new capabilities and improve operational efficiencies through the latest digital innovations. But as operational technology (OT) environments incorporate IT-based devices and applications, it creates new pathways for cyber criminals to exploit critical production systems. Despite consensus on attack surface expansion and shared management challenges responding to attacks, there remains a high degree of variation in security practices and capabilities, including practices for securing legacy and modern equipment. To protect the critical infrastructure in OT, industrial organizations need to harness the power of segmentation to secure their resources, systems, and users, as well as minimize the risk of attackers gaining access to their critical infrastructure.
During this webinar, we will explore the fundamentals of segmentation through the combination of traditional methods used and the modern alternatives available that provide protection for the mix of systems used in OT environments. This 45-minute session will discuss the
- Traditional and modern segmentation methods for operational environments including the risks associated with a flat network architecture
- Segmentation practices to support compliance with NIST, IEC 62443 and other operational cybersecurity frameworks
- Importance of investing in a platform to deliver cybersecurity for all layers of the network
CISO Operational Technology, North America
Rick brings the Fortinet OT-CI team more than 37 years of cybersecurity and global partnering experience working across foreign, domestic, and commercial industry sectors at the National Security Agency (NSA). As Fortinet’s Operational Technology North American CISO, he delivers cybersecurity defense solutions and insights for the OT/ICS/SCADA critical infrastructure environments. Prior to Fortinet, Rick led development of cyber capability across Endpoint, Infrastructure, and Industrial Control System technologies at the agency. Previously, Rick also served as an executive leader supporting the Information Assurance Directorate at the NSA. Earlier in his career, he served in a broad range of leadership and Engineering roles including Chief of Staff for the NSA Cyber Task Force and a 5-year forward liaison charged with directing integration of cyber and cryptologic solutions for U.S. Air Force Europe, Ramstein AFB, Germany.
Sr. Director, Operational Technology USA
Carlos-Raul Sanchez is a technologist with 32 years of experience in network, telecommunications, and critical infrastructure security. Carlos specializes in simplifying complex business problems with a pragmatic application of technology. With master’s degrees in computer science, business administration, and a wide range of experience ranging from US Air Force, DOD contractor, and O&GIT security, he is known for securing critical infrastructure worldwide. He spent 15 years leading teams securing oil fields in the United States and offshore assets Gulf of Mexico, Western Africa, Brazil, and South China Sea. Now with Fortinet, he is the Sr. Director of Operational Technology, providing solutions and education to companies seeking to improve their critical infrastructure security posture.
part 2 | segmentation for NGFW and Network Infrastructure
Part 2: OT Network Protection without Disrupting Operations
Industrial organizations that rely on operational technology (OT) are increasingly finding themselves in the cross hairs of cyberattacks. Sensitive systems in critical infrastructure and industrial environments face new risks as organizations embrace digital transformation. The industrial internet-of-things (IIoT) replaces traditional serial OT connections with digital connections, increasing the number of internet-connected systems and devices. The air gap, which was used to secure or separate OT from IT, is gone requiring a new approach to secure OT operations from potential threats.
During this working virtual session, we will discuss and demonstrate how to integrate network protection through segmentation into an industrial environment without disrupting operations. You will learn about how to:
- Establish continuous visibility of every asset connected to the network, both wired and wireless, without compromising availability.
- Dynamically assign role-based controls to group applications, link data, and limit access to specific groups in order to fortify OT defenses providing fine-grained control that adjusts access based on continuously assessing the trust of devices and users.
Chris brings more than 10 years of cybersecurity and critical infrastructure experience working in the renewable energy industry. He was directly involved in the development, construction, and operations of wind and solar power plants and their high voltage systems. His work within the energy and utility industry has also afforded him experience in the development and maintenance of substation protection, automation, and control systems. Chris has a master’s degree in electrical engineering from Clarkson University with thesis work in substation protection, automation, and control involving the IEC61850 family of protocols.
CSE, Operational Technology
Fabio is a senior cybersecurity practitioner with more than 18 years of experience serving in technical, sales and leadership roles. He joined Fortinet in 2014 and has held various positions in the sales engineering organization.
In his current role as the Operational Technology Solution Architect for North America, he guides customers through a safe Digital Transformation journey for their ICS/SCADA critical infrastructure environments. In this role he assists by sharing reference architectural insights and industry best practices.
Prior to joining Fortinet, Fabio led the Latin America IT/OT Infrastructure and Security teams at FMC Corporation, a global chemical manufacturing organization. Previously, he worked for Siemens Enterprise Communications (currently Atos Unify), delivering professional services and pre-sales support for complex multi-vendor environments with a variety of government, industrial and retail customers.
part 3 | Segmentation for heterogeneous networks
The adoption of Internet of Things (IoT) or industrial IoT (IIoT) devices is growing exponentially, especially as operational technology (OT) embraces digital transformation. Just a few years ago there were very few network-connected devices in OT. Today, meters, gauges, sensors and control systems from multiple vendors coexist and are all connected to the network, increasing process efficiency and expanding the attack surface.
Security for a multi-vendor network infrastructure should protect the availability of your OT environment but not add complexity. During this working virtual session, we will discuss and demonstrate how to leverage network access control (NAC) for protection in a multi-vendor environment without disrupting operations. You will learn about how to:
- Deploy network access in a phased approach – discovery, device classification, alerts and notifications, and policy enforcement – to establish patterns of behavior.
- Leverage alerts and notifications as a mode to build confidence in your network controls before you activate policy enforcement.
- Enforce policies across the mix of wired and wireless devices in your OT environment to speed reaction time to events and maintain availability.
Kunle Adetoro is a Senior OT Cybersecurity Engineer with more than 25 years of technical and cybersecurity experience in various technical and leadership roles. He joined Fortinet in 2008 and has held various positions in engineering and services organizations.
In his current role as the Operational Technology Consulting Systems Engineer for North America, he provides a technical escalation to guide customers through design, configuration and deployment of cybersecurity solutions in complicated industrial environments. His goal is to provide a safe Digital Transformation journey for their ICS/SCADA critical infrastructure environments.
Prior to joining Fortinet, Kunle spent three years working for Metal Box Toyo Glass Nigeria Ltd a glass manufacturing company in Nigeria providing ICS/SCADA Technical/engineering support.
FortiNAC Solution Architect
Rick Leclerc leads the FortiNAC Solution Architect team at Fortinet where he focuses on FortiNAC’s ability to extend the Fortinet Security Fabric to address the most challenging cyber security issues across any third-party wired or wireless network. With extensive experience working with technology partners and multi-national customers, Rick is responsible for developing innovative FortiNAC security solutions across IoT, OT, and critical infrastructure networks.
Prior to joining Fortinet, Rick co-founded Bradford Networks and served as the Chief Solutions Architect and SE Manager for 19+ years. He was responsible for strategic technology partnerships and strategic technical account management for the Network Sentry Network Access Control solution. While at Bradford Networks, he also led the NAC Security as a Service initiative – working with MSP partners to deliver a managed security service for network access control hosted in the public cloud. Bradford Networks was acquired by Fortinet in 2019.
Rick holds a BS in Computer Science from the University of New Hampshire, an MS in Computer Science from the Northeastern University.