Sergio Caltagirone - Director of Threat Intelligence, Dragos


Written by

Sergio Caltagirone’s work as director of intelligence for Dragos has put him at the center of the maturing field of industrial control systems (ICS) cybersecurity. He talks about hurdles the ICS community has overcome and how defenders can up their game further.

CyberScoopHow do you think the industrial control system sector has matured in its approach to cybersecurity in recent years?

Sergio Caltagirone: I’m impressed how the ICS security community and the IT staffs are working together closelyhelping to bridge that most important gap between the business and operations that adversaries are exploiting all the time. For the security of us all, there can’t be a gap. Many are recognizing that now.

CSHave we had the “big bang moment” yet — an attack on ICS that drives home the nexus of cybersecurity and safety to folks outside of the ICS community?

SC: No, we are far off from the big bang in ICS security. Ukraine and the Middle East have already had theirs, with electric grids disrupted and safety systems compromised. But Asia, Americas, and Europe are still discussing it in the abstract in too many places. The time will come when this problem hits home in these regions, but it may be awhile.

CSWhat technology is helping you do your job? How are technical advances helping ICS defenders get better?

SC: The first element revolutionizing industrial security is the same thing that has revolutionized enterprise security — visibility. Visibility is the first requirement of a secure environment. We can now collect, store, and analyze massive sets of data in reasonable timesenabling faster and better detection and response and putting adversaries in a poor position in any environment. Second, security operations efficiencies continue to grow, and I think that will be a major driver for decreased threat dwell time. Defenders are getting better at deciding what can be dealt with now and what can wait. There is a long way to go but it’s steadily improving. But, vendors need to listen to the SOC [Security Operations Center] more and push what they think is best less.

CSYou spent three years at Microsoft before coming to Dragos. How has that background helped you bridge the gap between IT and OT security?

SC: As IT and OT converge along with the industrial Internet of Things [IIoT], they’ll be looking to the cloud. At Microsoft, I was part of the shift into cloud-first technologies and because of that experience I’m familiar with the security issues IT and OT are facing when looking forward to the cloud. I was helping to build the technology many of them will use to secure themselves in the next three to five years.

CSTell us about the nonprofit Global Emancipation Network, and how you apply your infosec skills to this cause.

SC: At the Global Emancipation Network, we are a group of nerds, geeks, and volunteers leveraging technology from across industry and developing analytics to identify human trafficking victims and their traffickers which we feed to operational partners worldwide through our platform. We find traffickers much like hackers — through data analytics and intelligence — and we’re having amazing success. It’s one of the honors in my life to use my skills to address this, the second largest global crime, and a blight on humanity.