29 February 2024 Line

I’m looking for new voices in the community

Joe Slowik, Threat Intelligence Manager at MITRE, is a part of this year’s advisory board for the international Industrial Security Conference 2024, which takes place on the 12 – 13 – 14 November. Warm up to the conference in November, with an interesting interview with Joe Slowik. 

 

Would you like to start by introducing yourself, what is your background and how do you work with industrial security?

Hello, my name is Joe Slowik. I currently lead the CTI portion of the MITRE ATT&CK framework and perform critical infrastructure cyber analysis for MITRE. I have been working in or around industrial and critical infrastructure cybersecurity for over a decade at this time, including through ongoing training, teaching, and consulting through my company Paralus LLC.

You are a part of the Advisory board 2024 at the Industrial Security Conference CPH. Why and what do you get out of being on the board?

ICS-CPH is an amazing community, and being on the advisory board is an excellent way to remain a part of that community. Between exposure to excellent research proposals and interactions with other board members, it is a very easy thing to “sell” one to do!

What do you think is relevant in the industry right now?

I think there are two main items of concern to the industry – the industrial cybersecurity industry – right now, and neither is AI! The main trends I see are increasing migration to or adoption of cloud, cloud-based, or cloud-adjacent solutions for what used to be on-premise activity; and the emergence of third-party identify management as a new frontier of security beyond “host” and “network” considerations. The two are also very much linked, and together will represent a dramatic change in how we think an OT network operates and, as a result, is secured.

The deadline for Call for Papers is May 1st for the conference. What will you be looking for in the selection of submissions?

I’m looking for new voices for one! Too many of the same voices appear in the community, and we need to diversify! Beyond that, I’m looking for talks that challenge assumptions of what OT “is” and how to secure it, backed with a firm technical foundation and (ideally) experience.

What are you focusing on in your workplace right now? What are you working on at the moment?

Right now I’m working on a lot of things! But what might be most interesting is identifying how prioritization of critical infrastructure security needs to work in order to actually defend modern economies in a major disruption or wartime scenario. What’s tricky is this sort of exercise means some entities get left out, which might be very critical to some people but “less critical” than some other organizations. I hope to present research and analysis of this topic throughout 2024 and 2025!

What is the value for you of attending the Industrial Security Conference CPH? And why do you think it’s important for others to attend?

ICS-CPH is one of the premier events in OT security, at present the only major event with an international focus in the Nordics, and arguably the most interesting assembly of OT talent and research in Europe. For individuals in Denmark or nearby in the OT security field, this is a must attend event for exposure to trends and ideas in the industry. For individuals in Europe (or even North America), ICS-CPH has quickly grown into one of the best industrial security events in the world and should be considered when planning travel and budgets.

What projects are you excited about right now when it comes to Industrial Security?

I’m really excited about how we build a secure future in energy that also embraces environmentally sustainable mechanisms. Examples of this would be identifying how we deploy, manage, and secure operation of distributed energy resources such as renewables as well as distributed storage implementation. These are the problems that not only will define the future of cybersecurity within OT spaces, but arguably the future of humanity as well.

What does the future look like in industrial security?

The future looks sadly a bit challenging as a lot of “bad actors” are increasingly curious about and developing capabilities for industrial networks. While actual impacts have been few (at least in public), multiple disclosures over the past few years clearly show interest from a variety of threats in disrupting industrial environments for various purposes. While this is unfortunate, at the same time it makes OT security one of the most exciting and important realms within cybersecurity operations.

Do you want to join the conference?

Take a look at the conference here and sign up today. Last year more than 300 attendees joined, so this year we have teamed up with a new venue to make room for even more attendees. This year the conference is held at Scandic Copenhagen. Read more about the conference and join today.