Originally Released September 11, 2024

In this episode of Cyber Focus we're revisiting the conversation Frank Cilluffo had last September with Robert M. Lee. Rob is the CEO and co-founder of Dragos, a leading firm in industrial control systems (ICS) and operational technology (OT) cybersecurity. Rob unpacks the real-world consequences of cyber-enabled threats to physical infrastructure, including attacks on water systems, energy grids, and manufacturing sites. He shares insights into advanced malware like PipeDream and Frosty Goop, explains the growing risk of scalable OT attacks, and highlights adversaries' shifting tactics — from state-backed intrusions to criminal exploitation. The conversation also covers lessons from Ukraine, implications of Volt Typhoon, and the importance of visibility, public-private collaboration, and outcome-focused regulation in defending critical infrastructure.

Main Topics Covered:

• What operational technology (OT) is — and how it differs from IT
• Why cyber-enabled threats to physical infrastructure are escalating
• Real-world case studies: Ukraine grid attacks, Saudi petrochemical facility, and U.S. water systems
• Dragos' findings on ICS malware: PipeDream, Frosty Goop, and Modbus TCP exploits
• Emerging adversary trends including Volt Typhoon and the shift to scalable, repeatable OT malware
• The state of public-private collaboration and challenges facing OT cybersecurity in the U.S. and globally
• Lessons from Singapore's regulatory approach and what operators can do today

Key Quotes: "[Operational technology] is all the stuff you have in IT, plus physics." – Robert M. Lee "These are cyber enabled attacks that can have physical consequences." – Frank Cilluffo "[PipeDream] is the first time we've seen ICS or OT malware that is repeatable, reusable, and scalable across industries. It works in everything from a servo motor on an unmanned aerial vehicle to a gas turbine." – Robert M. Lee "There was an attack in 2017 where an adversary broke into a petrochemical facility in Saudi Arabia explicitly to cause an event at a facility that would have killed people if they were successful." – Robert M. Lee "Right now in the operations technology community, we deal with low frequency, high consequence attacks. IT deals with high frequency, low consequence attacks. And if we start to see scale, we're going to start to see medium to then high frequency, high consequence attacks. We're not ready." – Robert M. Lee

Relevant Links and Resources:

• Dragos FrostyGoop ICS Malware Intel Brief
• Chernovite and PipeDream Malware Overview
• CNN Opinion: Small-Town Water Systems Are Global Hacking Targets – Robert M. Lee

Guest Bio: Rob Lee is the CEO and co-founder of Dragos, a cybersecurity company focused on protecting industrial control systems (ICS) and operational technology (OT). With a background in military and intelligence, Rob has worked at the National Security Agency (NSA) and U.S. Cyber Command. He has been instrumental in raising awareness about the vulnerabilities in critical infrastructure and the need for better OT cybersecurity. Rob is widely recognized as a leader in the field, advising government agencies and industry leaders on protecting essential services from cyberattacks.