Episode 341 - Cyber threats and cyber-physical systems, and impacts for APAC
Tim serves as the Technical Director - ICS and SCADA programs at SANS, and is responsible for developing, reviewing, and implementing technical components of the SANS ICS and SCADA product offerings. Additionally, performing contract and consulting work in the areas of ICS cybersecurity with a focus on energy environments.\xa0A recognized leader in CIP operations, he formerly served as the Director of CIP (Critical Infrastructure Protection) Compliance and Operations Technology at Northern Indiana Public Service Company (NIPSCO) and was responsible for Operations Technology, NERC CIP Compliance, and the NERC training environments for the operations departments within NIPSCO Electric.\xa0Recognizing the need for ICS-focused cyber security training throughout critical infrastructure environments and an increased need for NERC CIP hands-on training, Tim authored and instructs the ICS curriculum's newest course ICS456 - Essentials for NERC Critical Infrastructure Protection.\xa0Outside of SANS, Tim continues to perform contract and consulting work in the areas of ICS cyber security with a focus on the energy sector.\xa0Before accepting the opportunity to join SANS, Tim enjoyed a 15-year career with NIPSCO (Northern Indiana Public Service Company) - one of Indiana's largest natural gas and electric companies in the state, where he held management and leadership positions as well as EMS Computer Systems Engineer responsibilities over the control system servers and the supporting network infrastructure.\xa0\xa0During his career, Tim has served as the Chair of the RFC CIPC, Chair of the NERC CIP Interpretation Drafting Team, Chair of the NERC CIPC GridEx Working Group, and Chair of the NBISE Smart Grid Cyber Security panel.\xa0In this interview held on-site at the SANS ICS APAC Summit and Training 2022, Tim shares his insights on the developments in ICS (Industrial Control Systems).\xa0He starts by explaining the evolution of the term \u201cICS\u201d into \u201ccyber-physical\u201d \u2013 from \u201cdata-at-rest, data-in-use, data-in-motion\u201d perspective to one where \u201cdata that does something, data that means something,\u201d or in other words, data that has a \u201ckinetic component,\u201d a \u201cphysics component.\u201d\xa0\xa0\xa0Viewed this way, cyber-physical systems could be large scale, like SCADA covering multiple states, or could be on a plant floor distributed control system, could be individual PLCs, or the IIoT (Industrial Internet of Things) which are \u201cusing small edge devices to control parts of buildings, or SMART cities or transportation.\u201d\xa0Tim also gives an update on the threat landscape in cyber-physical systems and how intellectual property/data theft has evolved to process manipulation.\xa0The latest is the recently discovered malware \u2013 \u201cPipedream,\u201d where the modularity of the malware framework is a \u201cforce multiplier.\u201d\xa0By piecing different malicious components, he explains that threat actors can achieve their goals without knowing their specific environments \u2013 and also across multiple sectors.\xa0Besides the evolving threat landscape,