SAME Mid-Maryland present Parson's Juan Espinosa as he discusses Critical Infrastructure Protection: IT/OT Integration
The threat to network, control, and physical security systems has never been greater and points to a need for a holistic information technology/operation technology (IT/OT) approach. The environment changes constantly, and the magnitude of risk varies by customer. Parsons currently provides its services in support of its clients to identify weaknesses in their system. Given the complexity and ever-changing nature of the asymmetric threat, it is possible that traditional IT approaches to resolve cybersecurity issues in critical infrastructure may not identify systemic flaws in certain situations. These flaws may provide openings for attacks, which would then place the client in jeopardy. Client jeopardy in cybersecurity, functionality, and physical security stems from vulnerabilities and threats that capitalize on them. Parsons’ Converged Security Solutions are designed to evaluate these areas for weaknesses, but if adequate information is not available, vulnerabilities and threats may escape notice. Further, the very nature of information systems is that the advantage is to the attacker, and in most cases, the network defense is in a constant state of reaction to identified vulnerabilities and new or evolving threats. In addition, critical infrastructure/industrial control system networks have unique characteristics that make them vulnerable to attacks if not secured correctly.
Parsons’ Converged Security Solutions brings a portfolio of services and tools which are designed to promote integrity, cyber and physical security, reliability, and resiliency. Parsons’ Converged Security Solutions addresses
technical areas such as network, software and hardware controls, and administrative policies and procedures to provide a layered security posture. Parsons achieves this using a holistic approach, which combines physical and
cyber threat analysis and remediation to both the information technology (IT) networks and their associated operational technology (OT) systems, to identify system flaws and provide recommendations for improvement.
This presentation will provide an overview of the current state of cyber protection for critical infrastructure, and provide some in-depth explanation of the effectiveness and need of a holistic approach for protection that includes
knowledge of IT infrastructures and networks and their interaction with control system networks.
Juan Espinosa, P.E., PMP, GICSP, Principal Project Manager, is a licensed Professional Engineer with 19+ years of experience in project and program management supporting cybersecurity, design, and construction programs, primarily for Federal customers including DOD, DOS, and USACE.
He has led diverse and complex projects from radar installation in the jungles of South America to Embassy compound construction projects in Australia. Juan has extensive overseas design-build experience acquired through the management of Federal projects in more than 10 countries including military infrastructure and US Embassy construction. Over the last six years, he has been leading a multidisciplinary team of controls engineers and cybersecurity experts to provide critical infrastructure and SCADA cybersecurity consulting services for critical government facilities.
Juan holds an MBA from the University of Maryland, a PMP certification from PMI, and a GISCP-Global Industrial Cybersecurity Professional from GIAC.