Junyu is a manager in the Ernst & Young Cyber Security practice. He specializes in cyber security in operational technology environments. Before joining EY, he was an electrical engineer with 7 years of experience in implementing SCADA and industrial control systems in the energy and transport sectors. At EY, he consults on cyber security for industrial control systems deployed in critical infrastructure. Junyu has also been involved in security consulting and assessment engagements for a wide range of industries including banking, government agencies, stock exchanges and high-technology companies, performing network security assessment as well as attack and penetration. Junyu holds SANS GICSP.
ICS Security: Risk Management of an IT and OT Converged Network
In this talk we will at the driving forces between IT and OT convergence and the risk of bridging these two silos. First we will do a comparison between IT and OT and how there is a drive for change. We will then look into some case studies where things went wrong and what lessons have been learned. Subsequently we will talk about the difficulties when trying to converge these networks, especially with regard to legacy systems and how you cannot “just” force your IT Security policy on the OT environment. Next we will explore how detective controls can be far more effective in an OT environment than in an IT environment, we will give an overview of what other countries are doing and which open standards are available that help companies manage OT and assist with making the right decisions with regard to risk management of OT environments.