OT After Hours

Human Factors and Plant Relationships

Important note: this episode is part two of of a discussion that began last week [https://www.linkedin.com/posts/otsecurity-industrialcybersecurity-manufacturing-ugcPost-7460101603262427139-TYBO/] on the Industrial Cybersecurity Insider podcast. Before you listen, check out that episode [https://industrial-cybersecurity-insider.captivate.fm/episode/ot-cybersecurity-is-the-purdue-model-still-useful/]...or watch it on YouTube [https://urldefense.com/v3/__https://youtu.be/OUpoTasu4A4__;!!JhrIYaSK6lFZ!q4hPVMFhNUY-5qsNR_3RJd3qNtPmicV5gWHuqn84qCAebYMRNw63ftwTXvEstyGDIw8gaMCJNWwnX8RXLEphzHmhY7XO$]! In this episode of OT After Hours, Ken Kully (Delivery Readiness at Rockwell Automation) is joined by Dino Busalachi (Director at BW Design Group), Lance Lamont (Special Projects & Protocols Team Lead at Rockwell Automation), and Tyler Bergman (Principal Security Consultant at Rockwell Automation) to discuss the technical challenges of OT cybersecurity, and the importance of the human element in any plant-facing cybersecurity strategy. Key Takeaways * IT and OT Convergence Challenges: There continue to be persistent challenges and risks associated with IT and OT convergence in industrial environments, including differences in priorities, operational risks, and barriers to collaboration and domain knowledge transfer. * Human Factors and Plant Relationships: Don't underestimate the importance of building trust and relationships with plant personnel, such as electricians and operators, to gain access to critical knowledge and ensure successful cybersecurity and maintenance initiatives. * Technical Complexities in Industrial Environments: The discussion includes multiple real-world examples illustrating the technical complexities and legacy challenges in industrial environments, including outdated systems, undocumented network configurations, and the risks of human error. * Best Practices for IT Managers Transitioning to OT: Actionable advice for IT managers tasked with taking over OT maintenance, stressing the importance of relationship-building, asset inventory, and understanding plant-specific constraints and maintenance windows. * Training, Safety, and Cyber Hygiene Integration: Can cybersecurity practices be integrated into existing plant safety programs? Would it be effective to adopt 'digital safety' protocols and ongoing training to address both operational and cyber risks? Subscribe Follow and subscribe [https://otafterhours.libsyn.com/] for more episodes on Apple Podcasts, Spotify, YouTube, or wherever you get your podcasts. Get in Touch 🔗 LinkedIn [https://www.linkedin.com/company/rockwell-automation/] | YouTube [https://www.youtube.com/@secure-ot] | X [https://www.youtube.com/@secure-ot/] | Contact Us [https://otafterhours.libsyn.com/contact]

Farewell Party

In this episode of OT After Hours, Ken Kully (Delivery Readiness at Rockwell Automation) is joined Lance Lamont (Special Projects & Protocols Team Lead at Rockwell Automation), to bid a bittersweet farewell to Natalie Kalinowski, who is leaving Rockwell after 4 years to take on a new and exciting opportunity. But leave it to Natalie to bring up one last timely topic, in this case the importance of using layered security strategies when defending OT environments. Key Takeaways * Layered Security Strategies in OT Environments: When consistent patching and regular hardware update cycles are unavailable, layered security approaches become a vital means of defending operational technology (OT) environments, especially practices such as network segmentation, compensating controls, and other practical approaches to securing legacy devices. * Practical Security Recommendations and Tools: What are some actionable recommendations for OT security? There are many, including the use of change detection, network monitoring, and leveraging available frameworks and tools to enhance resilience. * Device Interoperability and Undocumented Vulnerabilities: Lance's team within the SecureOT family researches device interoperability, often discovering undocumented vulnerabilities in the things that keep plants running. This underscores the importance of not relying solely on published vulnerability databases. Subscribe Follow and subscribe [https://otafterhours.libsyn.com/] for more episodes on Apple Podcasts, Spotify, YouTube, or wherever you get your podcasts. Get in Touch 🔗 LinkedIn [https://www.linkedin.com/company/rockwell-automation/] | YouTube [https://www.youtube.com/@secure-ot] | X [https://www.youtube.com/@secure-ot/] | Contact Us [https://otafterhours.libsyn.com/contact]

Global Cyber and Physical Attacks

In this episode of OT After Hours, Ken Kully (Systems Support Lead for Rockwell SecureOT) is joined by Natalie Kalinowski (Network & Cybersecurity Specialist), and Mustafa Aamir (Application Consultant Cyber-NCS), for a timely discussion about the December 2025 cyber attack on Poland's power infrastructure, a contemporaneous physical infrastructure attack in Germany, and cyber attacks that have surrounded the recent war in Iran. But it's not all doom and gloom! Many of these attacks follow a familiar script, exploiting basic vulnerabilities like lack of MFA and reused credentials; addressing these can significantly improve security posture. And many of these "low hanging" mitigations, such as changing credentials and implementing MFA, can be undertaken internally without extensive external support, enabling quick improvements. Key Takeaways * Asset Management and Risk Analysis: Use "crown jewels" analysis, risk assessment, and understanding operational risk versus CVSS scores to prioritize protection of critical devices and vulnerabilities. * Basic Cyber Hygiene: Implement cybersecurity controls such as network segmentation, VLAN configuration, basic hardening, and eliminating static credentials; these measures are cost-effective and provide significant risk reduction. * External Expertise and Virtual Advisors: Bring in external consultants or virtual security advisors on a flexible basis to supplement in-house expertise, especially for organizations with diverse infrastructure and limited budgets. * Incident Response and Tabletop Exercises: Perform regular review and rehearsal of incident response plans, including tabletop exercises based on real-world attack scenarios, to evaluate preparedness and identify gaps. * Leveraging Open Source Intelligence: Use available tools to proactively identify exposed assets and low-hanging fruit, enabling operators to secure their attack surface before adversaries exploit it. Subscribe Follow and subscribe [https://otafterhours.libsyn.com/] for more episodes on Apple Podcasts, Spotify, YouTube, or wherever you get your podcasts. Get in Touch 🔗 LinkedIn [https://www.linkedin.com/company/rockwell-automation/] | YouTube [https://www.youtube.com/@secure-ot] | X [https://www.youtube.com/@secure-ot/] | Contact Us [https://otafterhours.libsyn.com/contact]

What's in a Name?

In this episode of OT After Hours, Ken Kully (Systems Support Lead for Rockwell SecureOT), sits down with Rick Kaun (Global Director of Cybersecurity Sales), Natalie Kalinowski (Network & Cybersecurity Specialist), and Lance Lamont (Special Projects & Protocols Team Lead), for a lengthy discussion about IT/OT convergence, how Rockwell's SecureOT platform can enable and accelerate advanced security, asset management, and operational efficiency for Rockwell's clients, and why Verve was renamed to SecureOT late last year. Key Takeaways * Rockwell's Secure OT Rebranding and Strategic Direction: What was behind the transition from Verve to Rockwell's SecureOT branding? What were the strategic motivations, the business strategy review process, and the implications for product positioning and market approach? * Secure OT Platform Capabilities and Value Proposition: What are the SecureOT Platform's technical capabilities? How can it serve as data repository, support advanced security, enable asset management, and drive operational efficiency for Rockwell's clients? * Secure Digital Operations (SDO) and IT/OT Convergence: What are Secure Digital Operations (SDO)? What is its organizational structure, and how can it help bridge the gap between IT and OT security practices within manufacturing environments? * Regulatory Environment and Security Program Evolution: How does SecureOT address the expanding regulatory landscape for critical infrastructure, the importance of defensible security decisions, and the shift from compliance-driven to programmatic security strategies. * Security Culture Versus Rules: What is the distinction between enforcing security through rigid rules versus fostering a culture of security? Subscribe Follow and subscribe [https://otafterhours.libsyn.com/] for more episodes on Apple Podcasts, Spotify, YouTube, or wherever you get your podcasts. Get in Touch 🔗 LinkedIn [https://www.linkedin.com/company/rockwell-automation/] | YouTube [https://www.youtube.com/@secure-ot] | X [https://www.youtube.com/@secure-ot/] | Contact Us [https://otafterhours.libsyn.com/contact]

Predictions, Old and New!

In this episode of OT After Hours, Ken Kully (Systems Support Lead for Rockwell SecureOT), sits down with Natalie Kalinowski (Network & Cybersecurity Specialist), Lance Lamont (Special Projects & Protocols Team Lead), Zach Woltjer (Technical Account Manager), and Rick Herzing (Systems Support Analyst) The team reviews last year's predictions for 2025 in industrial cybersecurity, confirming that most came true and discussing their impact on hybrid workforces, regulatory compliance, AI integration, dynamic detection, zero trust, legacy device security, monitoring, and third-party risks. They then discuss emerging cybersecurity threats and trends for 2026, focusing on AI-driven attacks, deep fakes, mandatory MFA, compliance enforcement, insurance-driven resilience, and ongoing supply chain risks. 2025 Predictions Reviewed * Hybrid Workforce Risks: TRUE. The expansion of hybrid workforces has increased device risks, with companies adopting solutions like VPNs, MFA, and endpoint protection to mitigate new attack vectors. * Regulatory Compliance Challenges: PARTIALLY TRUE. The vagueness of some regulations, the struggle for end users to translate them into actionable metrics, and the slow pace of regulatory change, leave much to be desired. * AI Integration in Cybersecurity: TRUE. There has been growing use of AI in cybersecurity products. The SecureOT research team has found AI to be highly confident but only moderately accurate, underscoring the importance of human oversight. * Dynamic Detection and Zero Trust: TRUE. The shift from signature-based detection to dynamic methods due to adaptive malware, has been ongoing for years. Zero trust policies have become more prevalent. * Legacy Device Security and Obsolescence Planning: TRUE. The persistent challenge of securing legacy devices in industrial environments continues unabated. * Monitoring and Third-Party Risks: PARTIALLY TRUE. Combining passive and active monitoring tools is not on track to become a standard in OT cybersecurity. But there is growing concern over third-party risks and the mitigation thereof, especially with new compliance requirements like the Cyber Resiliency Act. Predictions and Trends for 2026: * AI-Driven Cyber Attacks: We can expect to see more end-to-end AI cyber attacks. There is potential for increased automation and sophistication, including lateral movement into OT environments. * Deep Fakes and Social Engineering: We can expect to see an expansion in the ongoing threat posed by deep fakes and phishing, given the growing ease of generating convincing audio and images. * Mandatory MFA and Compliance Enforcement: We are unlikely to see truly mandatory MFA adoption; that legal compliance and fines may well be necessary for widespread adoption, especially in OT. * Insurance-Driven Cyber Resilience: Insurers may drive faster adoption of cyber hygiene practices by requiring verified resilience for coverage. Some companies may choose pay fines instead. * Supply Chain and Open Source Risks: The threat of supply chain infections, especially with increased AI-generated code contributions, will grow in the year to come. Organizations should focus on retaining skilled software engineers to validate code. Subscribe Follow and subscribe [https://otafterhours.libsyn.com/] for more episodes on Apple Podcasts, Spotify, YouTube, or wherever you get your podcasts. Get in Touch 🔗 LinkedIn [https://www.linkedin.com/company/rockwell-automation/] | YouTube [https://www.youtube.com/@secure-ot] | X [https://www.youtube.com/@secure-ot/] | Contact Us [https://otafterhours.libsyn.com/contact]