While IoT/IIoT is everywhere in product catalogs today, Oil & Gas is the original Joe for connected embedded things to fulfill specific purposes such as providing telemetry remotely or to monitor the health of a well or pipeline. And like many aspects of industrial systems, it was and still is the Wild West of security, updates (or lack of), and deployments, where it makes little economic sense to upgrade, enforces the fact that producers need to reduce any disruption or security risk for these devices – new or legacy.

With thousands of existing deployments, these devices are often forgotten, and whether for cyber-security or for merely inventory management due to divestment, an effective resource-friendly method is absolutely required to manage these types of systems.

In this session, Ron Brash walks through several areas (agnostically) with more than 35 years of combined experience on:

  • How are these devices are often deployed, and in what kinds of environments?
  • Discovering technical vulnerabilities/weaknesses and horror-shows buried in these devices
  • One approach to successfully enumerate, research, and support candidate devices
  • A live demonstration of a hidden surprise with a device obtained from the grey-market
  • And how to bring these devices into the fold for inventory/asset management with considerations for cyber-PHAZOPs & vulnerabilities


Related resources


4 Steps to Think Global, Act Local in OT Vulnerability Management

The Think Global, Act Local concept emerged to describe how to scale vulnerability analysis, remediation design, and audit in industrial control systems.

Learn More
Case Study

Remediation in 90 Minutes with Think Global, Act Local

Achieve remediation in 90 minutes! A real-life case study tackling challenges of large and complex assets, coupled with scarce OT security resources.

Learn More

Subscribe to stay in the loop

Subscribe now to receive the latest OT cyber security expertise, trends and best practices to protect your industrial systems.