In this Spotlight episode of the Security Ledger podcast, I interview Chris Walcutt, the CSO of DirectDefense about the rising cyber threats facing operational technology (OT). Chris and I talk about how industry is responding – including the growing role of government, ISACs and managed security services providers (MSSPs) in helping shore up the security of critical infrastructure. [Video Podcast] | [MP3] | [Transcript] There is no question that critical infrastructure and the operational technologies that are used to support that infrastructure are in the cross hairs of state actors and – in many cases – under active attack. The question is: what to do about it. Chris Walcutt is the Chief Security Officer at DirectDefense. Volt Typhoon: Is The Coming Storm Already Here? In March, for example, CISA the US Cybersecurity and Infrastructure Security Agency warned the heads of critical infrastructure organizations about the ongoing activities of “Volt Typhoon” and advanced persistent threat (APT) group linked to China’s military. An advisory from February issued by CISA, the NSA and FBI asserted that People’s Republic of China (PRC) state-sponsored cyber actors are positioning themselves on IT networks and maintaining persistent access in anticipation of launching “disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict” with the U.S. Critical Infrastructure And Digital Transformation: A Risky Combination Campaigns like that aren’t new. Warnings about state sponsored actors sniffing around U.S. critical infrastructure go back more than a decade. What has changed is the exposure of industrial firms to cyber attacks, as “digital transformation” and the explosion of remote work have resulted in organizations that own and operate critical infrastructure being far more vulnerable to attacks and compromises. Add to that the high social and economic impacts of critical infrastructure attacks; the varied nature of OT systems (and risks); endemic shortages of cybersecurity talent; and – in many sectors – inadequate budgeting to support cyber operations and you have a recipe for disaster. Securing OT Systems: Help Is On The Way But all is not lost. In our latest Spotlight podcast, recorded on the sidelines of the RSA Conference in San Francisco last month, I sat down with Chris Walcutt, the Chief Security Officer at DirectDefense. Chris and I talked about the rapidly changing threat landscape that critical infrastructure owners and operators inhabit, and how savvy firms are managing OT risks – in part by tapping managed security services firms with expertise managing and securing OT systems and environments. In our conversation, Chris elaborates on the distinction between OT (Operational Technology) and IT, emphasizing the unique challenges in securing OT systems like those in critical infrastructure,