Adapting to Legislative Demands: Insights on Cyber Security Compliance in Critical Infrastructure
Welcome to Razorwire, the podcast dedicated to exploring the complex and evolving world of cyber security legislation. I'm your host, Jim, and in today's episode, we delve into the intricate landscape of cyber security legislation with our guests Steve Applegate and Phil Tonkin from Dragos.
In this episode, our guests shed light on the challenges and intricacies of navigating the cyber security legislature, focusing on the impact on critical infrastructure and the evolving landscape of compliance. From managing connectivity safely to the complexities of integrating IT and OT in modern manufacturing, we explore the key factors influencing cyber security legislation and its practical implications.
Key Talking Points: The importance of managing connectivity safely and ensuring proper segmentation and visibility in the Niz legislation. Challenges faced by organisations, such as Sellafield, in implementing controls and recognising legacy challenges in OT environments. The impact of conflicting regulations on consumers and the need for practical compliance requirements in cyber security legislation.
“We can't let FUD be the guide, right? If every time we hear a thing, we start panicking and we deviate from our processes and start making a whole bunch of new mandates, even internally, all the people within a company that have to track that and follow it and meet with people, and it's a distraction, I think, from real security."
Steve Applegate - Dragos
Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen
In this episode, we covered the following topics:
- Managing Connectivity Safely: Emphasising the need to ensure proper segmentation and visibility in cyber security legislation.
- Challenges Faced by Organisations: Discussing the difficulties in implementing controls, recognising legacy challenges, and the importance of proportional controls.
- Conflicting Regulations and Consumer Impact: Raising concerns about conflicting regulations and the impact on consumers due to compliance costs.
- Information Exchange Hesitance: Discussing the hesitance of information exchange for cyber security purposes and its impact on managing threats.
- Reporting Dilemma: Describing the challenge of eradicating cyber events and the dilemma of reporting to the public versus mitigating further attacks.
- Third-Party Oversight Frustrations: Addressing the frustration with third-party involvement in security oversight and assessment processes.
- Transparency in Security Relationships: Advocating for transparent and trust-based relationships with third parties, emphasising actionable intelligence, and fostering transparency.
- Evolving Skill Set of Security Professionals: Describing the evolving skill set of security professionals, particularly the increasing specialisation and separation from GRC.
- Legislative Impact on OT Environments: Expressing concerns about the impact of legislation and compliance on operational technology environments and the difficulty of implementing changes in systems with old technology.
- Challenges of Sudden Legislative Changes: Discussing the challenges of sudden legislative changes, public outcry influencing legislation, and the need for realistic expectations of change in a legacy industry.
Other episodes you'll enjoy
DORA Compliance Made Clear: Essential Training for Safeguarding Financial Institutions w Paul Dwyer
Lessons from an InfoSec Icon: A Fireside Chat with PCI Guru Jeff Hall
https://www.razorthorn.com/lessons-from-an-infosec-icon-a-fireside-chat-with-pci-guru-jeff-hall/
Connect with your host James Rees
For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.
If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.
Linkedin: Razorthorn Security
YouTube: Razorthorn Security
Twitter: @RazorThornLTD
Website: www.razorthorn.com