Governance & Risk Management , Operational Technology (OT)

How to Get Ahead of Critical OT Vulnerabilities

Alexander Antukh of AboitizPower Shares How to Manage Vulnerabilities and Patching
Alexander Antukh, CISO, AboitizPower

Vulnerability management and patching are the major challenges most security practitioners face with OT security, says Alexander Antukh, CISO at AboitizPower, a leading provider of renewable energy in the Philippines.

See Also: Executive Summary | 2023 OT Cybersecurity Year in Review

"In IT security, this problem is more or less solved with existing frameworks. In OT security, the problem is that general updates happen much less frequently, and they are more disruptive. And even if updates happen, plants cannot be shut down often," Antukh says. "So we had to come up with an approach of filtering out among those thousands of vulnerabilities and applying patches to those which are important to us. And those vulnerabilities are not immediately obvious."

"What we had to do is to create our own version of ICT vulnerability. We made an inventory of our assets, and we marked those we thought were critical based on different criteria. This is done by applying a high-risk vulnerability to those assets. Then we make a call whether to patch or accept the risk," he says.

In this video interview with Information Security Media Group, Antukh discusses:

  • How he manages OT security in his organization;
  • A useful road map for OT security;
  • Why vulnerability management is a challenge for OT security.

Antukh is an award-winning cybersecurity leader with 15 years of experience at various companies, from small tech startups and consultancies to some of the largest financial organizations in the world.


About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.in, you agree to our use of cookies.