Michael Rostov Of Oasis Defender On What We Must Do To Protect Critical Industrial Systems From Cyber Attacks
An Interview With David Leichner
Prioritizing Employee Training. Picture an employee from a power plant who clicked on a phishing link in an email, mistaking it for legitimate communication. The attackers then gained entry to the network as a result of this small action. Consistent staff training could help avoid this breach, with employees knowing how to identify and counter such misleading techniques.
Ransomware attacks have sadly become commonplace and increasingly brazen. Huge enterprise businesses, gas pipelines, universities, and even cities have been crippled by ransomware and forced to pay huge ransoms. What can an individual or a business do to prevent and repel a ransomware attack? In this interview series, we are talking to cybersecurity experts who can share insights from their experience and expertise about what we must do to protect critical industrial systems from cyber attacks. As a part of this series, I had the pleasure of interviewing Michael Rostov.
Michael Rostov is an entrepreneur and VC with over a decade of experience in the telecom and cybersecurity sectors. He co-founded Dubai-based startup Oasis Defender, which focuses on developing AI-driven software for unified visualization and configuration of multi-cloud security. Oasis Defender’s team recognized a pain point of many organizations: the challenge of managing security across diverse cloud environments. Their solution streamlines this process by providing a unified interface with seamless integration across multiple cloud providers.
Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?
Thanks to my parents, who were both engineers, I was surrounded by technical marvels from an early age. My first memory of an encounter with mechanics came when I was just three years old. Attracted by the sounds and mechanics of an old mechanical alarm clock, I couldn’t resist taking it apart.
But what really marked the beginning of my journey into the world of technology was a broken line printer that my father brought home when I was seven. With an insatiable curiosity and a screwdriver in hand, I dissected it, trying to unravel the magic behind its operation.
My subsequent encounter with a personal computer at the age of 10 fueled my passion. With its novel functionalities, it symbolized the vast world of electronics and computing, very different from the mechanical devices I was familiar with. With the guidance of my parents, I dived into the fundamentals of engineering, setting the stage for my academic pursuits.
This foundation led me to attend a technical university, where I specialized in electronics and networking. My time there helped bridge the gap between my early experiences and becoming a professional ready to make the mark in telecommunications. And when I founded Nlink Telecommunication in 2003, my academic pursuits and childhood dreams came together seamlessly.
Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.
Growing up, I’ve always been interested in technology, which naturally steered me towards the telecommunications sector. Now, as a director of a telecommunications company, security isn’t just an added concern — it’s a top priority. In our field, ensuring data integrity and safeguarding it is of utmost importance.
However, the true gravity of cybersecurity became undeniably clear in the early 2010s when the wave of ransomware attacks began. For me, it wasn’t just a headline — it was personal. Several of my close friends in the industry fell victim to these malicious attacks. While some suffered devastating losses, watching their data disappear and their entire businesses hang in the balance, others were faced with the choice of paying a hefty ransom. It all led to a sense of helplessness and chaos. But there were a few who had preemptively invested in robust security systems and comprehensive data back-ups. They were the beacons of calm in the storm, demonstrating the importance of proactive cybersecurity measures.
Watching these events unfold around me was a profound turning point. I realized that in this digital age, it’s not enough to simply be aware of cybersecurity. It’s imperative to understand it, to be equipped for it, and to stay several steps ahead of potential threats.
Can you share the most interesting story that happened to you since you began this fascinating career?
One of the most memorable incidents since the launch of our foodtech/fintech startup came from a restaurant owner in Prague. Our startup was primarily aimed at simplifying the restaurant experience with a QR menu and tip features.
The owner, who wasn’t particularly tech-savvy, was initially reluctant to integrate our QR menu system. But she decided to give it a try. Shortly, she noticed that not only were service times improving, but tips were increasing because of the ease of payment.
When I was in Prague, I stopped by this restaurant for lunch and to talk with the owner. She told me how our platform had made her small business run more smoothly and efficiently. Importantly, her restaurant was starting to gain a reputation as a trendy and modern place. The increase in footfall was evident, as new customers were drawn to the tech-forward dining experience.
That visit put things into perspective for me. Our startup wasn’t just about providing a tech solution. It was about having a real impact while improving businesses and making a tangible difference in everyday situations.
You are a successful leader. Which three character traits do you think were most instrumental to your success? Can you please share a story or example for each?
Success, in my view, is a combination of innate traits and learned skills, shaped by experiences and challenges. Reflecting on my journey, I think the core character traits that have always played a role are curiosity, resilience, and adaptability.
Throughout my career, my innate need to understand the complexities and intricacies of every situation has served me well. This insatiable curiosity has led me not only to explore the depths of telecommunications networks and the layers of cybersecurity but also to venture into the challenges and opportunities of building an international business. The constant quest for understanding and innovation has been a hallmark of my career.
Running multiple businesses has come with its share of challenges. But with each hurdle, rather than being daunted, I have embraced it as an opportunity for growth. This resilience has been crucial in turning potential setbacks into learning experiences and driving success.
I’ve always valued adaptability in the technology industry. It has allowed me to stay ahead of the curve and be proactive in the face of change, and it has guided my transition from telecoms to startups, and ultimately to founding a cloud security startup.
Are you working on any exciting new projects now? How do you think that will help people?
Yes, it is true, the word “exciting” describes this project very well.
I’m heavily involved in Oasis Defender, our latest cybersecurity initiative. It’s AI-powered software that provides a unified visualization and configuration platform for multi-cloud security.
Today, businesses increasingly rely on multiple cloud platforms, and managing security across them can be complex and daunting. Oasis Defender is designed to make it easier. By consolidating security information and providing a single management interface, we’re helping organizations ensure that their cloud infrastructures are robustly secure.
Our goal is to reduce vulnerabilities and provide seamless integration so that businesses can operate without the constant worry of potential cyber threats. It’s about giving businesses the right tools to protect their digital assets and thrive in the modern digital landscape.
Oasis Defender is the open source, making it universally accessible to all and eliminating vendor lock-in, making the world a safer place.
Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. In order to ensure that we are all on the same page let’s begin with some simple definitions. Can you tell our readers about the different forms of cyber attacks?
The digital landscape is expansive, and so are the types of cyber attacks that could be lurking.
One of the most recognized forms is malware, which refers to a range of malicious software such as viruses, worms, and Trojans. These are usually created to harm, interfere with, or gain unauthorized access to computer systems. For example, ransomware, a kind of malware, prevents users from accessing their data and extorts them for its release. The WannaCry attack in 2017 held countless systems worldwide hostage.
Phishing attacks are another prevalent technique, where attackers pose as trustworthy entities, usually through deceptive emails or websites, to steal sensitive information like login credentials or credit card numbers. For instance, scammers may send an email from a fake bank, urging the recipient to update their details via a provided link that redirects to a fake website.
Man-in-the-middle attacks involve attackers intercepting and relaying communication between two parties. It’s like having a private conversation, but without your knowledge, someone eavesdrops and alters your words. This is similar to what happens in a digital man-in-the-middle attack, often found in unsecured public Wi-Fi scenarios.
Denial of Service (DoS) attacks aim to disrupt services by overwhelming them. Instead of stealing information, the objective is to render a website or online service unreachable, often by overwhelming it with unwanted traffic. This can be amplified through Distributed Denial of Service (DDoS) attacks, where multiple systems coordinate to flood the target.
Additionally, zero-day exploits are attacks that exploit vulnerabilities in software that are unknown to those responsible for mitigating them, including the vendor. Because these vulnerabilities are not known in advance, developers have zero days to fix the issue, making them especially hazardous.
For the benefit of our readers, how would you define a critical industrial system? Can you please explain with some examples?
A critical industrial system refers to the indispensable infrastructure and services that support and enable the everyday operations of society and the economy. These are the systems whose disruption can have significant, widespread consequences for the public safety, health, economic security, and overall well-being of a nation or region.
For instance, imagine turning on a faucet and having no water come out or flipping a switch and finding that the lights remain off. These situations emphasize the importance of specific systems. For example, the power grid is a prime example of a critical industrial system, as it provides electricity to homes, businesses, and other essential infrastructure. A failure or compromise of this system could lead to power outages, transportation disruptions, and even communication breakdowns.
Water treatment and distribution facilities are another crucial example, as they guarantee the delivery of clean, potable water to households and industries. A disruption could endanger public health, particularly in densely populated regions.
The transportation sector, including traffic control, subways, and airports, is crucial. Any interruption in these systems may result in significant delays, economic losses, and safety worries.
Likewise, communication networks, essential for phone calls and internet access, are integral to contemporary society. Disruptions here could isolate communities, interrupt businesses, and even affect emergency services.
Additionally, the healthcare sector, including hospitals, pharmacies, and other medical facilities, must function properly since interruptions could result in loss of life. This concern is especially significant if, for example, emergency services or crucial medical equipment become compromised.
In the industrial context, manufacturing plants, chemical processing facilities, and refineries fall under this category. Their continuous operation is vital for economic reasons, and any interruption could trigger widespread effects on employment, the economy, and even global supply chains.
Can you share some examples of recent and notable attacks against critical industrial systems? Why do you think these attacks were so significant?
In 2020, the SolarWinds breach was a notable occurrence. While it was not a direct attack on an industrial control system, its impact was significant. Attackers infiltrated SolarWinds’ widely used Orion software in multiple industries, notably energy and utilities. This breach provided the attackers with unparalleled access to crucial systems and sensitive data in various sectors within the US, including multiple government agencies. Its importance is rooted in its secretive nature, scope, and potential impact of a supply chain assault on vital infrastructure.
In early 2021, a hacker tried to contaminate the water supply of Oldsmar, Florida. By accessing a remote system, the perpetrator attempted to raise the levels of sodium hydroxide in the water to dangerous levels. Although the attempt was prevented, the incident highlighted the vulnerabilities of smaller but critical services.
Later in 2021, Colonial Pipeline, one of the largest fuel pipelines in the US, experienced a ransomware attack that caused a significant disruption in fuel supply across the Eastern US. The effects were noticeable, including gas shortages, price increases, and a rush to acquire fuel. This incident highlighted the real-world implications of cyberattacks on public life and the economy.
Tata Power, India’s largest integrated power company serving approximately 12 million customers, was hit by ransomware in October 2022. Hackers released employee PII, national ID numbers, tax account numbers, and salary information, along with engineering drawings, financial and banking records, and customer information.
In Africa, customers of the Electricity Company of Ghana were unable to purchase or access electricity for nearly a week after an apparent ransomware attack. More worryingly, one source claimed that an ECG project had been taken over, with hackers modifying source code and taking control of servers.
These attacks had a significant impact for several reasons. They emphasized the vulnerabilities inherent in systems that societies deeply rely on. Besides, they revealed a trend where attackers are not just seeking data or financial gain but are aiming for operational disruptions with significant societal consequences. The impact of cyber threats on daily life has become a harsh reality for many, with the possibility of water poisoning, gas shortages, and disruptions in the food chain.
These incidents emphasize the need for enhanced security protocols, international cooperation, and the fortification of critical industrial systems to withstand and recover from cyber attacks.
Why are critical industrial systems particularly vulnerable to attack?
Critical industrial systems, also known as operational technology (OT), have become attractive targets for cyber attackers. These systems are vulnerable due to a combination of historical and operational factors.
Many of these systems were designed and implemented in the past when cybersecurity was not a primary concern. They were designed to function in isolated environments and were not originally equipped with modern security measures. However, as the world has become increasingly connected, many of these systems have been linked with IT networks to enhance monitoring and efficiency, consequently exposing them to internet-based vulnerabilities.
Compounding these issues are operational challenges, such as the use of outdated software and hardware in many OT systems. Upgrading or patching systems can be intricate, time-consuming, and may disrupt essential services. As a result, organizations may postpone or avoid updates, leaving systems vulnerable to known threats for extended periods.
Furthermore, there’s a skills gap in OT cybersecurity expertise, which is less prevalent despite attention and investment in IT cybersecurity. The subtle distinctions between IT and OT imply that approaches effective for the former may not translate to the latter.
Moreover, the stakes are inherently high for critical industrial systems. Whether it is a power grid, a water treatment plant, or a transportation system, any interruption can result in immediate real-world ramifications. This makes them attractive targets for nation-state actors or cyberterrorists who aim to cause significant disruption or leverage for political, ideological, or financial gains.
Lastly, the nature of these systems — always-on and mission-critical — means they often don’t have the luxury of downtime. This operational necessity makes it more challenging to implement regular security assessments or maintenance without risking service disruption.
What makes critical industrial systems such an attractive target for bad actors?
Critical industrial systems, such as Industrial Control Systems (ICS) or Supervisory Control and Data Acquisition (SCADA) systems, are attractive targets for malicious actors due to their potential for high impact. Interference with these systems can result in tangible consequences, such as power grid failures or water supply contamination, which can have economic, operational, and even human ramifications. When these systems are compromised, it can cause fear and confusion, which may be exploited by groups seeking to make political statements or exert influence.
Additionally, many of these industrial systems were developed decades ago and did not consider today’s cyber threats, making them vulnerable. As more of these systems connect to the internet for remote management, they provide more entry points for attackers, increasing their risk. Often, there is a lack of cybersecurity awareness and training among ICS/SCADA operators, which increases the risk of vulnerabilities resulting from human errors.
The complexity that arises from the mixture of various technologies in ICS environments can make it challenging to maintain consistent security. Industrial systems can also be treasure troves for espionage activities, as nation-states or competitors may be eager to uncover proprietary processes or techniques. Some attacks could be showcasing a group’s cyber capabilities. Specifically, divergent from other cyberattacks aimed at data or monetary theft, the compromise of ICSs could yield physical harm or danger. The possibility of tangible damage, along with the ability to interrupt economies and spread terror, gives incentive to malicious actors.
Who has to be most concerned about cyber attacks? Is it primarily businesses or even private individuals?
Cyberattacks have become a pervasive threat in our increasingly digital world, impacting both businesses and individuals.
For businesses, the stakes are high. They house a plethora of data, from customer information and payment details to intellectual property and trade secrets. A cyberattack on a business can lead to data breaches, which can erode customer trust and tarnish the company’s reputation. Additionally, businesses encounter financial ramifications not only from potential theft but also from expenses associated with mitigating the breach, legal fees, and possible regulatory fines. Additionally, operational disruptions, such as when ransomware locks essential data, can bring business procedures to a halt, resulting in revenue loss. For smaller enterprises, a substantial cyber incident might even endanger their survival. On a larger scale, targeting critical infrastructure sectors such as energy, transportation, or finance can lead to significant disruptions that affect society and the economy.
Conversely, individuals face personal risks; for example, cybercriminals may gain access to personal data through tactics such as phishing or malware, leading to identity theft. With this stolen identity, malicious actors could open credit accounts, make fraudulent purchases, or even commit crimes in the victim’s name. There are also privacy concerns; personal photos, conversations, and sensitive data could be exposed, leading to emotional distress and possible public humiliation. In today’s interconnected world, even everyday devices, from smartphones to smart refrigerators, could be vulnerable, providing cyber attackers potential entry points into an individual’s personal life.
However, it is not solely a matter of businesses versus individuals. The line between these spheres is becoming increasingly blurred. Numerous individuals work from home and access corporate data using personal devices, rendering them a potential weak link in corporate cybersecurity. Conversely, data breaches within businesses can spread and harm customers or employees on a personal level.
Who should be called first after one is aware that they are the victim of a cyber attack? The local police? The FBI? A cybersecurity expert?
When someone realizes they have fallen victim to a cyberattack, determining whom to contact first can be a complex decision influenced by various factors. The nature and scale of the incident, alongside the individual or organization’s context, play a significant role in this decision-making process.
For businesses and organizations, particularly those with an IT department or dedicated cybersecurity team, the initial response should typically involve contacting their internal IT experts. These professionals can promptly begin assessing the damage, taking measures to mitigate additional risks, and gathering essential technical evidence that could be critical for any ensuing investigations. Additionally, they can advise the organization on which external agencies or authorities to reach out to next.
If a cyber attack appears to have wider implications or is on a significant scale that could have national or large-scale financial consequences, it becomes essential to contact federal authorities such as the FBI. In the United States, for example, the FBI has specialized units focused on dealing with and investigating cyber threats. The Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security manages significant cyber incidents involving critical infrastructure.
For individuals or smaller entities without immediate access to cybersecurity experts, contacting local law enforcement can serve as a reasonable initial step. Local law enforcement agencies, particularly those in larger cities, may possess cyber units or digital crime specialists who can aid victims or, at the very least, direct them to more specialized agencies.
Nevertheless, the lines between these steps can frequently become unclear. For example, a ransomware attack on an individual’s personal computer linked to a cyber attack may necessitate the services of a cybersecurity specialist to reduce and potentially undo any damage. At the same time, informing law enforcement is imperative due to the criminal nature of the attack.
Responding to a cyber attack involves a combination of technical mitigation, legal proceedings, and potential communication with the public or stakeholders. The order in which these entities — cybersecurity experts, local police, or federal agencies — are notified will depend largely on the specific circumstances of the attack and the victim’s available resources. It is a multidimensional reaction that highlights the intricacy and potential severity of cyber threats in our contemporary digital realm.
What are the most common data security and cybersecurity mistakes you have seen companies make that make them vulnerable to ransomware attacks?
Companies today face numerous threats from ransomware attacks, and various lapses in their cybersecurity practices can leave them more vulnerable. One critical oversight is underestimating the sophistication of cybercriminals. This often results from multiple missteps in their defense strategies.
One such lapse is failing to keep software and systems updated. Outdated software can harbor known vulnerabilities, creating open doors for attackers. Additionally, inadequate investment in employee training can be detrimental. Employees serve as the first line of defense, and if they are unable to detect suspicious activity, they may unknowingly become vulnerable targets for cyber threats.
Backup strategies are also pivotal. Companies that lack secure and tested backups may be pressured into paying ransoms when their data becomes encrypted. On a related topic, risky password practices and failure to implement multi-factor authentication may lead to unauthorized access risks for companies.
There’s a common misunderstanding that the cloud is inherently secure. Even though cloud providers execute rigorous security standards, the shared responsibility model implies that data, settings, and applications in the cloud remain the company’s accountability. Misconfigurations in the cloud can lead to data exposure, enabling potential attackers to gain access.
A companies adopt hybrid cloud strategies or utilize multiple cloud services, it becomes increasingly difficult to maintain consistent security across these platforms. Effective traffic filtering is essential as data moves between on-premises servers and clouds. Without proper monitoring and filtering, malicious entities can infiltrate, and sensitive data may become compromised.
Besides, efficient traffic filtering mechanisms, including cloud access security brokers, are crucial in identifying and preventing any malicious activities and ensuring data stays within its intended environment.
What would you recommend for the government or for tech leaders to do to help limit the frequency and severity of these attacks?
In the midst of increasing cyber threats, particularly ransomware, government entities, and technology leaders play crucial roles in establishing a more secure digital environment. Collaborative efforts between these parties can establish a framework that effectively minimizes the frequency and intensity of attacks.
Governments can take the lead by implementing stringent regulations and cybersecurity standards that organizations are required to follow, guaranteeing a basic level of security. By implementing these measures, organizations can establish an atmosphere where careless security procedures are not only hazardous but also legally impermissible. Governments can also facilitate cooperation between the public and private sectors. By exchanging threat intelligence and best practices, they can proactively detect potential weaknesses and alleviate risks.
Besides, governments should allocate resources towards awareness campaigns. Educating businesses, particularly small and medium-sized enterprises, on the continually changing cyber threat environment can assist in readiness against potential attacks. Additionally, supporting and financing cybersecurity research can result in the creation of advanced tools and practices to counteract cyber threats.
Conversely, tech leaders can set an example by embracing and advocating best practices. As pioneers, they are in a prime position to continually create and improve security solutions. Given the complexity introduced by multi-cloud strategies, there is a pressing need for tools that can seamlessly manage and filter traffic across multiple cloud environments. This highlights the importance of an effective solution for multi-cloud traffic filtering configuration. By developing and implementing such solutions, technology leaders can ensure that data transferred between various cloud platforms and on-premises data centers is continuously examined and protected, minimizing possible points of vulnerability.
Tech firms can additionally commit to regular audits and third-party penetration testing to proactively detect and remedy weaknesses. Through transparent communication of their security measures and any incidents of breaches, industry leaders can establish trust and promote a unified response to potential threats.
Government and technology organizations working together, by means of strict regulations, collaboration, innovation, and education, can strengthen overall defenses against cyber threats. Incorporating advanced tools, particularly for multi-cloud environments, is essential in this effort, guaranteeing that as our digital ecosystems expand, they remain robust against malicious attacks.
Ok, thank you. Here is the main question of our interview. What are the “5 Things We Must Do To Protect Critical Industrial Systems From Cyber Attacks” and why?
1. Regularly update and patch systems. The WannaCry ransomware attack caused chaos worldwide in 2017 by exploiting a vulnerability in outdated versions of Windows. Although several sectors were affected, the consequences for essential infrastructure such as healthcare were particularly severe.
2. Implementing Network Segmentation. In a recent incident at a United States water facility, hackers attempted to increase the concentration of lye in the water to dangerous levels. A crucial security error in the facility was the absence of network segmentation. If the operational technology (OT) systems had been segregated from the regular IT network, the scope of the attack might have been restricted, averting potential harm to the public.
3. Prioritizing Employee Training. Picture an employee from a power plant who clicked on a phishing link in an email, mistaking it for legitimate communication. The attackers then gained entry to the network as a result of this small action. Consistent staff training could help avoid this breach, with employees knowing how to identify and counter such misleading techniques.
4. Establishing multi-factor authentication (MFA) is crucial. A petrochemical plant in the Middle East experienced a cyberattack with the aim of detonating an explosion. The perpetrators infiltrated the system by utilizing purloined credentials. Fortunately, a glitch in their programming helped prevent a catastrophe. Had MFA been implemented, the culprits would have faced greater obstacles in breaching the system, regardless of the stolen credentials.
5. Maintaining Real-time Monitoring and Rapid Response Mechanisms. Powerful grids may suffer cyber attacks, resulting in power outages in huge cities. Malware was employed by the attackers to gain entry, followed by a manual intervention to disrupt the power. The grid’s prompt response team proved to be the savior, as they detected the breach immediately and expedited the manual restoration of power.
You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. :-)
If I were to inspire a movement, it would focus on Global Digital Literacy and Cybersecurity Education.
Young people may be proficient with technology, but they may lack the insight to differentiate between credible and untrustworthy sources on the internet. Adults who did not grow up in the digital age may feel overwhelmed by the ever-evolving online environment. And the integration of the IoT into our homes and cities adds to potential vulnerabilities.
Thus, a global movement to promote digital literacy and cybersecurity education could involve the following:
- Empower individuals to protect their personal information, identify online threats, and make informed decisions online.
- Combat misinformation by educating individuals to critically evaluate the content they encounter, ensuring that factual information and credible sources prevail.
- Foster safer online communities by providing everyone with the knowledge to detect and report malicious activities, thereby collectively thwarting cyber threats.
- Bridge the digital divide, ensuring that no one is left behind as the world moves forward, regardless of age, economic status, or geographical location.
Promote economic growth by equipping individuals with the necessary digital skills for a variety of jobs, promoting innovation, and ensuring businesses can operate without constantly worrying about cyber breaches.
How can our readers further follow your work online?
Hit me up here:
https://www.linkedin.com/in/michael-rostov/
This was very inspiring and informative. Thank you so much for the time you spent with this interview!
About The Interviewer: David Leichner is a veteran of the Israeli high-tech industry with significant experience in the areas of cyber and security, enterprise software and communications. At Cybellum, a leading provider of Product Security Lifecycle Management, David is responsible for creating and executing the marketing strategy and managing the global marketing team that forms the foundation for Cybellum’s product and market penetration. Prior to Cybellum, David was CMO at SQream and VP Sales and Marketing at endpoint protection vendor, Cynet. David is a member of the Board of Trustees of the Jerusalem Technology College. He holds a BA in Information Systems Management and an MBA in International Business from the City University of New York.
