Jeevan ThankappanKhalid Aljamad, VP for KSA at Nozomi Networks, sheds light on the pressing challenges and trends in critical infrastructure security.
What trends and challenges do you observe in the critical infrastructure security sector?
I think one of the biggest challenges is asset management. Even when starting with a cybersecurity strategy, the convergence of technologies across IT, OT, and IoT introduces significant complexity. You end up with a mix of new and old devices—so how do they coexist? How do you manage them?
More importantly, how do you take ownership of these assets when they fall between different departments? This is the most recurring theme and challenge we hear from our customers and partners.
How do you approach protecting OT systems, considering they lack the mature protocols and frameworks that IT systems have?
I think that’s a very good question. To address it, you need to collaborate with traditional automation or OT manufacturers like Emerson, Schneider, GE, Honeywell, and others to understand the primary functions of those systems. When discussing IT, the focus is on information. However, when discussing OT, the focus shifts to operation and the continuity of that process.
From a security perspective, information is not as much of a priority in an OT environment as maintaining operational continuity. Therefore, when we attempt to implement cybersecurity in such environments, it’s critical to identify and understand the potential risk factors. We must also analyze the operational variables produced by these systems and figure out how to bridge the gap between traditional technologies and modern cybersecurity tools, which are heavily influenced by IT practices.
What we’re seeing today is a growing trend among customers and partners toward creating converged IT/OT Security Operations Centers (SOCs). These centers often bring together subject matter experts who either come from an automation background and gain deep cybersecurity knowledge or vice versa—cybersecurity professionals trained to understand OT systems. This cross-disciplinary expertise is essential for effectively managing and securing these environments.
Are you observing any targeted attacks on critical infrastructure, or is it primarily ransomware and similar threats?
I don’t think ransomware is as much of a challenge in OT environments as it is in IT environments. After all, you’re not likely to steal critical information like a turbine’s RPM, right? The information itself doesn’t carry the same level of sensitivity.
However, given the geopolitical climate over the past 12 to 13 years, we’ve all heard about major cyberattacks on critical infrastructure. These include attacks on Ukraine’s electrical grid, incidents in the U.S. that compromised gas and water supply lines, and attacks targeting refineries and oil companies in Saudi Arabia.
These issues, along with many others, represent a growing and significant challenge in the realm of OT security.
We’re in the age of AI, and it’s a topic everyone is discussing. Do you see AI playing a significant role in the critical infrastructure security?
One of our co-founders has a PhD in AI, and AI and machine learning are core pillars of how our solution is built. I think this is critical—not just because Nozomi is doing it, but because everyone is trying to leverage AI in one form or another.
Why is that? When you’re dealing with a power plant, refinery, or smart meter, the volume of information that needs to be processed to identify patterns of an attack is far beyond the comprehension of a human engineer or operator. AI tools are essential for analyzing data and detecting patterns, as they enable us to identify deviations from normal processes and operations.
Coincidentally, this approach is also how we can protect against zero-day attacks—attacks that, by definition, have never been seen before. AI allows us to detect such attacks by analyzing the behavior of the environment and identifying unusual patterns in the system’s output. This capability is vital for staying ahead of emerging threats and maintaining robust security.
Do you see the skill shortage in this field as one of the biggest challenges? If so, what is Nozomi doing to help build and develop those skills?
There’s a significant shortage, and it’s a challenge across the board. Even in IT, I think the gap is smaller than it used to be—it’s still a growing pain, but within OT, the gap is much larger. This is partly due to the nature of the field. When training someone to be a cybersecurity expert today, the focus is usually based on IT.
I believe organizations, vendors, and regulatory authorities should play a larger role in advancing OT cybersecurity specifically, rather than just IT cybersecurity, and in building up the talent pool.
In a nutshell, yes, there is a huge shortage. However, I do believe that Nozomi and our industry peers can play a major role in bridging this gap. There are already initiatives underway to build training labs and collaborate with educational institutions, whether universities or larger organizations, to develop expertise and capabilities. These initiatives aim to train both fresh graduates and professionals transitioning to OT cybersecurity, ensuring they have a solid foundational knowledge to build upon.
