An interview with Bryan Schneider, Director – SLED Capture at Fortinet
In state and local governments, much of the operational technology (OT) that monitors and controls critical infrastructure is based on legacy technology. That presents a major challenge.
“Outdated OT systems were not originally designed with cybersecurity in mind. They may lack modern security features, and they are difficult to patch and update,” said Bryan Schneider, with Fortinet. In light of rising sophistication among both profit-minded criminals and nation-state actors, this is a recipe for potential disaster.
In fact, a recent survey of WaterWorld and Wastewater Digest members found that 82% view cybersecurity risk as a threat to populations and public health.
SLED entities may struggle to impose greater security on their critical-infrastructure OT. “Upgrading to a modern solution creates complexity,” Schneider said, noting that modern solutions “can be incompatible with these preexisting network technologies.”
Key Steps
Nonetheless, SLED organizations can take steps to harden their OT.
Agencies must prioritize network visibility as part of their OT cyber strategy, focusing on segmentation between OT and more general IT environments in order to limit the potential impact of a cyber incident, Schneider said.
It’s important, too, to “focus the entire organization around accelerating the digitization of the network — to shift the mindset to proactive controls,” he said. “It starts with performing a cybersecurity threat assessment. [Organizations] can also dedicate a staff member with a title to focus on and address those complex issues.”
Simplicity and Intelligence
As a cybersecurity company with 20-plus years of experience focused on network infrastructure management, Fortinet can help. “We can simplify everything on a single pane of glass, with tools that help deploy solutions efficiently and effectively,” Schneider said.
Experts at Fortinet “can walk an agency through a range of security solutions,” all delivered via a single platform — an approach that centralizes security and visibility across both IT and OT environments, he said.
“We can assist with network segmentation. Our firewalls can help isolate that OT network, limiting the attack surface and enforcing access controls,” he said. “We can also assist with intelligence on the threats, to help detect and block those that are targeting OT environments and critical infrastructure.”
Fortinet solutions can help SLED to comply with zero-trust mandates and multifactor-authentication requirements. And they can help “provid[e] staff with tools that give them the analysis and the real-time visibility to monitor [and] detect unusual activities, whether threats come from the outside or inside,” said Schneider.
For instance, Fortinet recently helped a water and wastewater district serving about 30,000 residents to strengthen its OT protections. “We deployed an easy-to-use management platform, and the improved visibility has changed the game for them,” he explained.
For SLED agencies ready to tackle OT cybersecurity, “keep in mind it’s a journey,” he said. “Assess the assets that are on the network today, think about the long-term plan, then set realistic short-term goals. And make sure you engage top-level consultants that can help you along the way.”
This article will appear in our upcoming guide, Going Place: Priorities for State and Local Tech, that explores how state and local agencies are tackling key policy issues, including cybersecurity, AI, and data.
Leave a Reply
You must be logged in to post a comment.