IT and OT security with Ilan Barda, CEO of Radiflow

Radiflow is on a mission to take the guesswork out of IT and OT security, empowering its customers to prioritise cybersecurity threats with risk management solutions. The company aims to help CISOs make decisions and take action to counter threat actors.

Cyber Magazine speaks with company CEO, Ilan Barda, about how the company is ensuring its own data and operations are best protected, as well as offering advice for businesses.

For more than 20 years, Barda has pursued a career in security and telecoms and held senior positions at several leading companies, including Check Point Software Technologies and Nokia Networks. Since founding Radiflow in 2009, the company is now a leading provider of cybersecurity solutions for critical infrastructure networks, including power utilities, oil and gas.

Radiflow solutions are now deployed by major industrial enterprises and utilities protecting over 8,000 critical facilities worldwide.

“It’s something I’m incredibly proud of,” Barda says.

Please explain the convergence of operational technology (OT) and information technology (IT): why is this increasing risk exposure?

“Not too long ago, IT and OT operated in separate worlds, with limited integration between them. However, today, the convergence of IT and OT has brought about a significant transformation in industries such as healthcare, manufacturing, and transportation, as they increasingly shift toward digitalisation. 

“These sectors now depend heavily on internet connectivity, thereby increasing their vulnerability to cyberattacks, as hackers can exploit various digital weaknesses and entry points.

“Another growing concern pertains to the rising risk of data theft due to the increasing collection of personal information from online activities. The primary goal of cybersecurity remains to defend against malicious attacks and protect digital systems from downtime, whether caused intentionally or accidentally. Vulnerabilities in devices and errors within systems can result in substantial disruptions, underscoring the crucial need to prioritise the resilience of these systems.”

What is the importance of leaders mitigating these (IT/OT) cyber threats and what can they do to ensure better protection?

“The importance of mitigating IT/OT cyber threats lies in safeguarding critical infrastructure, data, and operations from potentially devastating cyberattacks. To execute this, a first important step for leaders is to develop a tailored and comprehensive security strategy that considers both immediate and long-term security needs, whilst also considering budget constraints.

“A robust network-security system should include security audits, regular updates, disaster recovery and business continuity planning, as well as the implementation of industrial threat-detection and monitoring systems. When combined with an industrial risk assessment and management platform, these measures enable early threat detection, interception, and the implementation of effective, pre-emptive mitigation strategies. Visualising vulnerabilities and prioritising measures to strengthen security can significantly reduce risk within the operational technology (OT) environment.

“To prevent attacks and to limit their spread, a strong authentication process, efficient anomaly-detection systems, and network segmentation should be deployed as the primary lines of defence. Moreover, hospitals and factories should establish backup plans and strategies for system patching that do not disrupt their operations, ensuring continuous uptime for critical applications.

“To enhance resilience against cyber threats, it is vital for these businesses to allocate resources to training and awareness programmes. By keeping personnel informed about potential risks and emerging threats, they can enhance their overall cybersecurity posture.”

Why is OT cybersecurity so far behind IT security in terms of maturity and focus?

“When it comes to cybersecurity, the OT ecosystem faces a number of challenges that differ from IT. First, the OT landscape tends to be fragmented as the operation of systems and machinery is often distributed across multiple factories, warehouses, and research and development facilities. This fragmentation, combined with the growing imperative to connect more OT devices to networks in pursuit of digitalisation, leads to an expansion of the attack surface, consequently heightening vulnerabilities.

“Another significant difference lies in the historical approach of OT systems towards cybersecurity. Unlike IT, where cybersecurity typically takes precedence, followed by system availability and safety, OT systems have, of necessity, placed more importance on safety and uptime, with cybersecurity taking a secondary role. 

“This divergence in priorities can be attributed, in part, to the fact that OT systems are typically managed by engineers and laboratory technicians who are primarily responsible for ensuring production and functionality, rather than cybersecurity professionals who are more focused on addressing cyber threats.

“However, given the escalating threat landscape characterised by potentially crippling cyberattacks, this approach must be reevaluated. It is vital for industries to reconsider their current approach and prioritise OT cybersecurity safeguard against threats that could disrupt operational efficiency, financial stability, and even employee and customer safety.”

What future innovations in cybersecurity are you most excited about and why?

“One thing we’re excited about that should have a positive impact on the industry is more global collaboration between cybersecurity professionals. The sharing of different expertise and experience across continents is a great step towards better securing the globe. We ourselves have taken a step towards this with our recent expansion into Europe and Latin America to meet the rise in regulations and the increasing demand for effective solutions against cybersecurity threats.

“This includes hiring regional engineers and partnering with local suppliers to allow our company to better serve customers in these regions and help them to comply with new regulations, including the EU's NIS2 directive (focused on securing critical infrastructure).

“We’ve taken steps to make positive developments for the industry in these regions to address the shortage of cybersecurity professionals with ICS expertise to make it easier for organisations in these regions to protect their systems and data from cyberattacks.

“What’s more, we recently announced our partnership with Zero Trust solution provider, Cyolo, to establish a comprehensive, fully monitored, and secure remote-access solution for OT/ICS networks. This innovation aims to enhance security by providing robust authentication, session validation, and rapid threat-response capabilities, ultimately allowing organisations to better protect their critical assets and maintain operational continuity.”

What is Radiflow doing in the next 12 months to ensure consistent and improved threat detection?

“AI is all the talk at the moment, with decision makers meeting at summits every other week to discuss the best practices for using AI safely and ethically. With this in mind, we have partnered with CyCraft, a Taiwanese company specialising in generative AI detection. This collaboration combines over two decades of real-world threat intelligence from the East and West, and aims to offer a comprehensive OT cybersecurity solution. 

“Using generative AI, this partnership enhances detection and response capabilities against sophisticated attacks on OT assets for industrial customers, managed security service providers (MSSPs), and managed detection and response (MDR) providers. The collaboration also addresses challenges such as securing OT networks against evolving attacks, while also ensuring smoother deployment and operation. 

“This partnership anticipates the need for near real-time root cause analysis, aligning with potential regulatory requirements for faster incident response.”

******

For more insights into the world of Cyber - check out the latest edition of Cyber Magazine and be sure to follow us on LinkedIn & Twitter.

Other magazines that may be of interest - Technology Magazine | AI Magazine.

Please also check out our upcoming event - Net Zero LIVE on 6 and 7 March 2024.  

******

BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability leaders, Procurement & Supply Chain leaders, Technology & AI leaders, Cyber leaders, FinTech & InsurTech leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food.

BizClik – based in London, Dubai, and New York – offers services such as content creation, advertising & sponsorship solutions, webinars & events.