Armis Launch of CIPP, The Critical Infrastructure Protection Program

On this week's Industrial Talk we're talking to Peter Doggart and Keith Walsh, with Armis about “The Launch of CIPP, The Critical Infrastructure Protection Program”.  Get the answers to your “Cyber Security” questions along with Peter and Keith's unique insight on the “How” on this Industrial Talk interview!

Finally, get your exclusive free access to the Industrial Academy and a series on “Why You Need To Podcast” for Greater Success in 2022. All links designed for keeping you current in this rapidly changing Industrial Market. Learn! Grow! Enjoy!

PETER DOGGART'S CONTACT INFORMATION:

Personal LinkedIn: https://www.linkedin.com/in/doggart/

Company LinkedIn: https://www.linkedin.com/company/armis-security/

Company Website: https://www.armis.com/

KEITH WALSH'S CONTACT INFORMATION:

Personal LinkedIn: https://www.linkedin.com/in/keith-walsh-ba13152/

Kroll Website: https://www.kroll.com/en

PODCAST VIDEO:

THE STRATEGIC REASON “WHY YOU NEED TO PODCAST”:

OTHER GREAT INDUSTRIAL RESOURCES:

NEOMhttps://www.neom.com/en-us

AI Dash: https://www.aidash.com/

Hitachi Vantara: https://www.hitachivantara.com/en-us/home.html

Industrial Marketing Solutions:  https://industrialtalk.com/industrial-marketing/

Industrial Academy: https://industrialtalk.com/industrial-academy/

Industrial Dojo: https://industrialtalk.com/industrial_dojo/

We the 15: https://www.wethe15.org/

YOUR INDUSTRIAL DIGITAL TOOLBOX:

LifterLMS: Get One Month Free for $1 – https://lifterlms.com/

Active Campaign: Active Campaign Link

Social Jukebox: https://www.socialjukebox.com/

Industrial Academy (One Month Free Access And One Free License For Future Industrial Leader):

Business Beatitude the Book

Do you desire a more joy-filled, deeply-enduring sense of accomplishment and success? Live your business the way you want to live with the BUSINESS BEATITUDES…The Bridge connecting sacrifice to success. YOU NEED THE BUSINESS BEATITUDES!

TAP INTO YOUR INDUSTRIAL SOUL, RESERVE YOUR COPY NOW! BE BOLD. BE BRAVE. DARE GREATLY AND CHANGE THE WORLD. GET THE BUSINESS BEATITUDES!

Reserve My Copy and My 25% Discount

PODCAST TRANSCRIPT:

SUMMARY KEYWORDS

critical infrastructure, armis, peter, scott, devices, vulnerabilities, conversation, problem, exploits, industrial, ot, business, increase, risks, threats, understand, environment, program, visibility, solution

00:04

Welcome to the industrial talk podcast with Scott Mackenzie. Scott is a passionate industry professional dedicated to transferring cutting edge industry focused innovations and trends while highlighting the men and women who keep the world moving. So put on your hard hat, grab your work boots, and let's

00:21

go Hello, and welcome to industrial talk the ever expanding industrial ecosystem that features incredible companies, wonderful people, solving problems making my life, your life and the world a better place to live. Now in this podcast, we're going to be talking to RMS, and pharmacists get this great program called critical infrastructure protection program. And you need to know about this. So let's just get right into the conversation. Welcome to industrial talk. We've got key, and we've got Peter, and we're going to be talking a lot about, well, cybersecurity, and you're telling, you're saying yourself, Scott, and I don't want to talk you have to talk about this is an important conversation. Before we get into this topic. Peter, give us a little 411 on who you are.

01:08

Absolutely. Scott, great to be here. My name is Peter Doggart, I'm the Chief Strategy Officer here at Armis. Been in the company about two and a half years, we've been in cyber about 25 years. What you've seen a lot. But we have seen a lot, but the problem still exists.

01:28

Yeah. But gosh, that's a heck of a business. All right, Keith, give us a background on you.

01:34

Yeah. Hey, so Thanks, Scott. Good to be here. So name's Keith Walsh. I'm the director of OT strategy and operations at Armis. We've been in the cyberspace since the early 2000s. And, yeah, it's interesting to see where we've come in where we're going. And, you know, to Peter's point, it just seems like a wash, rinse and repeat, because we're struggling with the same problems today that we were 15 years ago.

01:58

So for the listeners out there, let's level set on on armas. So nothing fancy, nothing big. Give us sort of that strategic vision of what Armis is all about.

02:10

Yeah, so the Scott. So at a super high level, what we're trying to do is solve a critical problem we've got that is trying to see everything, all these new things coming into our industrial environments, our enterprises. And quite frankly, try understand how does that impact our risk? If we boil it down to it is how do you utilize all these all this new hardware, all this new software to help us become more productive, more efficient, more competitive, but do that, and also not increased risk?

02:48

Because I see this whole digital transformation conversation, which is out there, man, everybody's chirping about it. Everybody's saying I gotta be a part of it, I've got to do this. Now the other thing, and all I can see, although good, and manufacturers need this, we need to be protected. And we need to have that visibility as arm is that that organization, that company, that solution that says, Alright, let's Yeah, you can go down this road, but recognize that we see that that needs to be, you know, you know, addressed and so on and so forth. That's a is that sort of it?

03:21

Yeah. 100% I mean, the if, again, if you if you take a super quick look at this is we're trying to uncover those the unknowns in the environment, then there are many, many, many unknowns today. And we're trying to understand those risks. We're trying to understand how are things connected? How are things behaving? How is what what what side gap analysis, what's being utilized on in our, in our environments, how's the OT in the in the IT world, converging, as all these questions we've got, but no answers. And that's what this is doing is giving us the answers. Please

03:55

make that simple, please. I think it's an important reality. Because if I was putting on my little manufacturing hat and I'm a small to midnight and large, whatever, it doesn't matter. The last thing I want to have is a conversation about I need to digitize but what do I do to protect he is there a is there an increase? I mean, I don't know I'm sitting there are there is an increasing out there the cyber sort of issue.

04:20

Yeah, you know, it's interesting so to the point that Peter just raised with with regards to all these new devices that are coming into the the market whether that's on the OT side, the IoT side or the the IT side, the building management side, with this explosion of devices comes the explosion, obviously of software applications and firmware, and with the firmware software and apps comes vulnerabilities and then we see exploits so you know, the overall attack surface has just exploded, basically because of the quantity and volume of devices that are hitting these networks both inside the fence and outside. So interest Stingley enough to that point, what used to be the the primary vector or avenue into any enterprise was was phishing and the, you know, the unenviable email that we would inevitably have gotten and clicked through and downloaded a, you know, a virus of sorts has now been replaced by things like RDP vulnerabilities, right, which is just a vulnerability that's been around for, you know, for ages, it seems. But the problem is, with the explosion of these devices, you know, we now have this type of exploit that has jumped 73% In the last six months. And that's a number that came from our Miss researchers, right. So as we monitor, you know, over 2 billion devices globally, in real time daily, we have insights into the threats and attacks into these environments. So we can very easily enter into, you know, queries in this database. And we can pull and extract extremely interesting information about trending. Right, about, you know, which which vectors are being exploited in which verticals? And yeah, and yeah, so, you know, as I mentioned, the past six months, a big increase in exploits of RDP vulnerabilities, which really should cause our industrial control systems and our OT operators to really stand up and take notice.

06:29

So what I hear is one, if I'm a business, and I want to venture into digital transformation, I need to make sure that my environment, my IoT, it is secure and have significant visibility into that and be able to have that sort of nimble platform so that I know that if I put that device in, I know that here's a solution that will say, here it is, it's protected. You're good to go. Thumbs up, move forward. And I think that that's a beautiful thing now, to you, Peter, let's talk critical infrastructure. I would imagine if I have the various nefarious intent, I would go after critical infrastructure. Can you sort of shed some light on that?

07:14

Yeah, this is pretty serious issue, you know, and it's actually frankly, one reason I'm in this business in the first place. I, there's a, there's goodness that we're trying to do here. And I am extremely concerned, if you look at all the stats and keys just mentioned a couple that we've been bombarded by, you know, the bad things are happening. And one of our partners checkpoints just recently revealed, it's been a 46% increase in attacks and industrial, low in the past year. It's, and we see these numbers, and I think it's, we need to not become numb to all these numbers hitting us all the time, we need to act, and we need to act now. Yeah, and you know, we only need one or two really bad things to happen with our wastewater treatment facilities or a nuclear power plant. And it's game over.

08:14

I'm glad I'm glad with armistice doing the solution that you're providing the visibility into that and I, I think you're absolutely spot on for what I hear. You're doing good. And I think that that's real important. Now, from my perspective, I don't even know where to begin, right? Let's say I'm Scott, manufacturer on Scott utility, whatever it might be. Are there things that I can do to approach you and say, Hey, can you come in look at my mice, you know, overall, and just give me an assessment and then let's move forward? Is that is there? Is it painful on my part?

08:49

No, you know, the one thing I love about what Armis is doing is we removed those painful barriers that you typically see the big honking pieces of hardware that's got to be shipped everywhere and tuned. And it oh, by the way, it takes a couple of months to figure out what's going down. Those the Those days are gone, you know, we can, we can go in there pretty quickly and get things moving literally within hours now. And one thing we want to do is we want to accelerate that process, Scott and really broaden what armas can do for our critical infrastructure. And we wanted to share some some news with you today about that.

09:35

There it is. That's a segue that is beautiful, perfect. Peter talked to us who sort of chirp on about that, that solution that needs to be talked about.

09:45

Yeah, and I think our US government and CISA have done a great job with trying to bring together the private and public sector working together and I think that is a great thing that should happen. And we want to help that we want to help, Jenny's to lose team and see Sir in the shields up program. And one thing we announced on May, the 10th, was a new program called the critical infrastructure protection program by alumnus and or CIP for short, if you wish. And this is basically, we got together as a team going, what can we do to fundamentally help the critical infrastructure? What can we do to accelerate this and help protect and the best thing we came up with is, hey, why don't we as Armis use the powerful platform, we've got it, just give it away for free to critical infrastructure. That's exactly what we're doing. So it's a very, you know, we are literally putting everything on the line here, because we think this is the right thing to go do. So CIP, the program will be going live, as I say, on May 10. And it's going to allow a lot of the critical infrastructure like marine ports, the power generation utilities, to go and use the almost platform for basically all of 2022 or six months, and we want them to go and user we want to remove those barriers, we want to make sure that they can get access to our software, our machine learning our back end, 2 billion plus knowledge base of assets. And we're going to help them along the way we're going to put our team on this, we're going to help with our solution architects, we're going to get it up and running. So there we are, we want to do the right thing. And for both not here and Homeland, but also all critical infrastructure and all NATO countries.

11:43

Okay, it's bold in the prices, right? The price is on the rise, you can run with that. Right? If you want to put that on. There you go right ahead. We're gonna wrap it up. But you have anything to add to that. Because I think that that's really important. I think that that is really helping organizations, companies, businesses, whatever, NATO critical infrastructure succeed. And I think that that's an incredible, bold approach.

12:13

It is. And, you know, we're not we're not alone, Scott, we've also brought with us an incredible partner to help us with Sep, that partner is crawl. And probably your audience is probably very familiar with koalas being a leading provider in cyber risk and governance. And they've got an amazing cyber risk practice. And they are plugged in, they're trained up, they can go and literally use all the asset intelligence and threats and risks from harm. There's all that data and do 24 by seven incident response. So if you're, you know, a water treatment facility, and we see something bad happening, they can swoop in here, within seconds, grab that data, understand what's going on and help remediate sounds really,

13:02

this is another conversation, we I know that we have to sort of wrap this conversation up as because when we we've got to crawl that's k R O L L, I want to make sure that listeners understand that. And that is a relationship of a partnership with between RMS and curl. Is that correct? That's correct. Just making it even more beautiful.

13:26

Yeah, you know, so So conceptually, right. The The idea is that this problem isn't solved by a single vendor, right? All vendors have strengths all vendors bring different things to the table. So you know, approaching this as, you know, an ecosystem to solve what faces us in 2022. You know, we feel this is the best way to really jumpstart this type of program inside of this type of environment that we find ourselves in to Peter's point Crowell brings an incredible amount of, you know, of history with them, and, and the capabilities that they can augment what art is does fits perfectly. And we fully expect to engage additional vendors as we move forward. Because as I mentioned, all vendors have strengths arm is being the foundation of discovering what all these devices are, their risks, their threats, their vulnerabilities, the connections that they make, and then feeding that seamlessly into Kroll to do incident response. And forensics is is just a perfect fit, and it really works hand in glove.

14:34

See, I love and I believe that this is more apt today than ever before there needs to be an continue the speed of innovation, the speed of technology, there has to be a consistent and continuous education, then you you don't have all the answers and therefore that you need to collaborate and that in what you just said you have to and to be able to have that business that is is truly resilient and healthy. You need to have that innovation in place. And I think that what you guys are chirping about on this podcast, absolutely falls in line with that you guys were wonderful. Hey, how does somebody get a hold of you guys?

15:15

Yeah, so there's a there's a couple of places that folks can reach out to arm is. First off is@armas.com. On our OT security page, there is a registration link as well as solution briefs and more description about the program. There's which verticals are included in the program. And and the start point and finish point and all the deliverables that are included in the program, which does in fact end up with a full executive summary and an executive findings report on everything around devices, risks, vulnerabilities, threats, connections, boundary evasions, an active threats that are occurring in the network. So you can engage that process by hitting our website, you can also email cip@armis.com cip@armis.com, that will come into our team that is our bullpen that is handling the inbound requests that we expect. And then it will be triaged from there, and folks will be reached out directly.

16:22

To us, Peter, I don't know how you're gonna follow that. How do they get ahold of you? The same way?

16:29

Anyone can hit me up on LinkedIn. Low problem.

16:33

Very good. Yeah, I do. I'm a big fan of LinkedIn. No doubt about it. I can find anybody that I Yeah. Well, this conversation was excellent. And listeners, we're going to have all the backlinks that you can possibly imagine if you need to get a hold of arm as you need to be able to at least begin that conversation. And I know that this is fantastic. And I think that this is really needed, especially today. I don't think cyber attacks are going away. Are they increasing? Anybody? They're increasing, right?

17:03

Oh, yeah. Yeah, you know, interesting. Interestingly enough, you know, as Peter

17:10

checkpointing put out a note that, you know, in 2021, there's a 40% 46% increase across our utilities and they average 736 attacks per week per utility.

17:25

Now, it's job security on your guys. stuff got a bad oh my gosh, that's amazing. That's a hell of a stat. All right, we're gonna have to wrap it up. Thank you very much for being on the industrial talk. You too. Excellent conversation. I'm sorry. It was so quick, but we're gonna have more FYI listeners there. There's more cyber conversations to have

17:43

your listening to the industrial talk Podcast Network.

Transcript

00:04

Welcome to the industrial talk podcast with Scott Mackenzie. Scott is a passionate industry professional dedicated to transferring cutting edge industry focused innovations and trends while highlighting the men and women who keep the world moving. So put on your hard hat, grab your work boots, and let's

00:21

go Hello, and welcome to industrial talk the ever expanding industrial ecosystem that features incredible companies, wonderful people, solving problems making my life, your life and the world a better place to live. Now in this podcast, we're going to be talking to RMS, and pharmacists get this great program called critical infrastructure protection program. And you need to know about this. So let's just get right into the conversation. Welcome to industrial talk. We've got key, and we've got Peter, and we're going to be talking a lot about, well, cybersecurity, and you're telling, you're saying yourself, Scott, and I don't want to talk you have to talk about this is an important conversation. Before we get into this topic. Peter, give us a little 411 on who you are.

01:08

Absolutely. Scott, great to be here. My name is Peter Doggart, I'm the Chief Strategy Officer here at Armis. Been in the company about two and a half years, we've been in cyber about 25 years. What you've seen a lot. But we have seen a lot, but the problem still exists.

01:28

Yeah. But gosh, that's a heck of a business. All right, Keith, give us a background on you.

01:34

he cyberspace since the early:

01:58

So for the listeners out there, let's level set on on armas. So nothing fancy, nothing big. Give us sort of that strategic vision of what Armis is all about.

02:10

Yeah, so the Scott. So at a super high level, what we're trying to do is solve a critical problem we've got that is trying to see everything, all these new things coming into our industrial environments, our enterprises. And quite frankly, try understand how does that impact our risk? If we boil it down to it is how do you utilize all these all this new hardware, all this new software to help us become more productive, more efficient, more competitive, but do that, and also not increased risk?

02:48

Because I see this whole digital transformation conversation, which is out there, man, everybody's chirping about it. Everybody's saying I gotta be a part of it, I've got to do this. Now the other thing, and all I can see, although good, and manufacturers need this, we need to be protected. And we need to have that visibility as arm is that that organization, that company, that solution that says, Alright, let's Yeah, you can go down this road, but recognize that we see that that needs to be, you know, you know, addressed and so on and so forth. That's a is that sort of it?

03:21

Yeah. 100% I mean, the if, again, if you if you take a super quick look at this is we're trying to uncover those the unknowns in the environment, then there are many, many, many unknowns today. And we're trying to understand those risks. We're trying to understand how are things connected? How are things behaving? How is what what what side gap analysis, what's being utilized on in our, in our environments, how's the OT in the in the IT world, converging, as all these questions we've got, but no answers. And that's what this is doing is giving us the answers. Please

03:55

make that simple, please. I think it's an important reality. Because if I was putting on my little manufacturing hat and I'm a small to midnight and large, whatever, it doesn't matter. The last thing I want to have is a conversation about I need to digitize but what do I do to protect he is there a is there an increase? I mean, I don't know I'm sitting there are there is an increasing out there the cyber sort of issue.

04:20

Yeah, you know, it's interesting so to the point that Peter just raised with with regards to all these new devices that are coming into the the market whether that's on the OT side, the IoT side or the the IT side, the building management side, with this explosion of devices comes the explosion, obviously of software applications and firmware, and with the firmware software and apps comes vulnerabilities and then we see exploits so you know, the overall attack surface has just exploded, basically because of the quantity and volume of devices that are hitting these networks both inside the fence and outside. So interest Stingley enough to that point, what used to be the the primary vector or avenue into any enterprise was was phishing and the, you know, the unenviable email that we would inevitably have gotten and clicked through and downloaded a, you know, a virus of sorts has now been replaced by things like RDP vulnerabilities, right, which is just a vulnerability that's been around for, you know, for ages, it seems. But the problem is, with the explosion of these devices, you know, we now have this type of exploit that has jumped 73% In the last six months. And that's a number that came from our Miss researchers, right. So as we monitor, you know, over 2 billion devices globally, in real time daily, we have insights into the threats and attacks into these environments. So we can very easily enter into, you know, queries in this database. And we can pull and extract extremely interesting information about trending. Right, about, you know, which which vectors are being exploited in which verticals? And yeah, and yeah, so, you know, as I mentioned, the past six months, a big increase in exploits of RDP vulnerabilities, which really should cause our industrial control systems and our OT operators to really stand up and take notice.

06:29

So what I hear is one, if I'm a business, and I want to venture into digital transformation, I need to make sure that my environment, my IoT, it is secure and have significant visibility into that and be able to have that sort of nimble platform so that I know that if I put that device in, I know that here's a solution that will say, here it is, it's protected. You're good to go. Thumbs up, move forward. And I think that that's a beautiful thing now, to you, Peter, let's talk critical infrastructure. I would imagine if I have the various nefarious intent, I would go after critical infrastructure. Can you sort of shed some light on that?

07:14

Yeah, this is pretty serious issue, you know, and it's actually frankly, one reason I'm in this business in the first place. I, there's a, there's goodness that we're trying to do here. And I am extremely concerned, if you look at all the stats and keys just mentioned a couple that we've been bombarded by, you know, the bad things are happening. And one of our partners checkpoints just recently revealed, it's been a 46% increase in attacks and industrial, low in the past year. It's, and we see these numbers, and I think it's, we need to not become numb to all these numbers hitting us all the time, we need to act, and we need to act now. Yeah, and you know, we only need one or two really bad things to happen with our wastewater treatment facilities or a nuclear power plant. And it's game over.

08:14

I'm glad I'm glad with armistice doing the solution that you're providing the visibility into that and I, I think you're absolutely spot on for what I hear. You're doing good. And I think that that's real important. Now, from my perspective, I don't even know where to begin, right? Let's say I'm Scott, manufacturer on Scott utility, whatever it might be. Are there things that I can do to approach you and say, Hey, can you come in look at my mice, you know, overall, and just give me an assessment and then let's move forward? Is that is there? Is it painful on my part?

08:49

No, you know, the one thing I love about what Armis is doing is we removed those painful barriers that you typically see the big honking pieces of hardware that's got to be shipped everywhere and tuned. And it oh, by the way, it takes a couple of months to figure out what's going down. Those the Those days are gone, you know, we can, we can go in there pretty quickly and get things moving literally within hours now. And one thing we want to do is we want to accelerate that process, Scott and really broaden what armas can do for our critical infrastructure. And we wanted to share some some news with you today about that.

09:35

There it is. That's a segue that is beautiful, perfect. Peter talked to us who sort of chirp on about that, that solution that needs to be talked about.

09:45

platform for basically all of:

11:43

Okay, it's bold in the prices, right? The price is on the rise, you can run with that. Right? If you want to put that on. There you go right ahead. We're gonna wrap it up. But you have anything to add to that. Because I think that that's really important. I think that that is really helping organizations, companies, businesses, whatever, NATO critical infrastructure succeed. And I think that that's an incredible, bold approach.

12:13

It is. And, you know, we're not we're not alone, Scott, we've also brought with us an incredible partner to help us with Sep, that partner is crawl. And probably your audience is probably very familiar with koalas being a leading provider in cyber risk and governance. And they've got an amazing cyber risk practice. And they are plugged in, they're trained up, they can go and literally use all the asset intelligence and threats and risks from harm. There's all that data and do 24 by seven incident response. So if you're, you know, a water treatment facility, and we see something bad happening, they can swoop in here, within seconds, grab that data, understand what's going on and help remediate sounds really,

13:02

this is another conversation, we I know that we have to sort of wrap this conversation up as because when we we've got to crawl that's k R O L L, I want to make sure that listeners understand that. And that is a relationship of a partnership with between RMS and curl. Is that correct? That's correct. Just making it even more beautiful.

13:26

tem to solve what faces us in:

14:34

See, I love and I believe that this is more apt today than ever before there needs to be an continue the speed of innovation, the speed of technology, there has to be a consistent and continuous education, then you you don't have all the answers and therefore that you need to collaborate and that in what you just said you have to and to be able to have that business that is is truly resilient and healthy. You need to have that innovation in place. And I think that what you guys are chirping about on this podcast, absolutely falls in line with that you guys were wonderful. Hey, how does somebody get a hold of you guys?

15:15

Yeah, so there's a there's a couple of places that folks can reach out to arm is. First off is@armas.com. On our OT security page, there is a registration link as well as solution briefs and more description about the program. There's which verticals are included in the program. And and the start point and finish point and all the deliverables that are included in the program, which does in fact end up with a full executive summary and an executive findings report on everything around devices, risks, vulnerabilities, threats, connections, boundary evasions, an active threats that are occurring in the network. So you can engage that process by hitting our website, you can also email cip@armis.com cip@armis.com, that will come into our team that is our bullpen that is handling the inbound requests that we expect. And then it will be triaged from there, and folks will be reached out directly.

16:22

To us, Peter, I don't know how you're gonna follow that. How do they get ahold of you? The same way?

16:29

Anyone can hit me up on LinkedIn. Low problem.

16:33

Very good. Yeah, I do. I'm a big fan of LinkedIn. No doubt about it. I can find anybody that I Yeah. Well, this conversation was excellent. And listeners, we're going to have all the backlinks that you can possibly imagine if you need to get a hold of arm as you need to be able to at least begin that conversation. And I know that this is fantastic. And I think that this is really needed, especially today. I don't think cyber attacks are going away. Are they increasing? Anybody? They're increasing, right?

17:03

Oh, yeah. Yeah, you know, interesting. Interestingly enough, you know, as Peter

17:10

out a note that, you know, in:

17:25

Now, it's job security on your guys. stuff got a bad oh my gosh, that's amazing. That's a hell of a stat. All right, we're gonna have to wrap it up. Thank you very much for being on the industrial talk. You too. Excellent conversation. I'm sorry. It was so quick, but we're gonna have more FYI listeners there. There's more cyber conversations to have

17:43

your listening to the industrial talk Podcast Network.

About the author, Scott

I am Scott MacKenzie, husband, father, and passionate industry educator. From humble beginnings as a lathing contractor and certified journeyman/lineman to an Undergraduate and Master’s Degree in Business Administration, I have applied every aspect of my education and training to lead and influence. I believe in serving and adding value wherever I am called.

Leave a Comment





This site uses Akismet to reduce spam. Learn how your comment data is processed.