In n 2017, the National Security Advisor (NSA) recognized that vital pieces of infrastructure aren’t adequately protecting themselves against cyber attacks, warning of an “echo chamber, loudly reverberating what needs to be done to secure critical US infrastructure against aggressive and targeted cyber attacks”.
Dana Tran, Global Industrial Cyber and Digital Security expert at Siemens, recalls that the announcement effectively put the US Department of Homeland Security in a state of emergency.
“The country’s most important operational facilities are being left open and vulnerable, all because they’re not being properly secured,” she says. “Critical infrastructure — like oil and gas, nuclear, utilities — are at major risk because they are so behind on protecting their assets. If you can blow up a nuclear reactor, you can kill more people than in traditional warfare.”
Today, Dana’s job is to collaborate and communicate with governments and major industrial figureheads — urging them to take cyber-readiness in their own environments seriously. In her experience, megastructures and plants like oil fields and nuclear reactors — the very lifeline of modern civilization — aren’t equipped for a large-scale cyber attack.
She believes the problem is that so few people really understand this new digital world. “They’re too busy focusing on being compliant rather than being secure,” she says. “But if you’re secure, you’ll always be compliant.”
Spotting flaws in a bid to future-proof projects
Part of a small but continually growing team that’s focused on delivering cybersecurity to Siemens’ energy sector, Dana’s workplace feels more like a cutting-edge start-up than an international corporation. “Right now, a lot of the spotlight is on us because we’re the key leaders in industrial digitization,” she says.
Despite being the youngest in the team, she regularly travels all over the world, meeting clients and telling them how to future-proof incredibly volatile projects. “We’re racing against the clock right now,” she says. “We need to get everyone up to speed, to have them doing vulnerability scans in their environment or utilizing the technologies they need to protect themselves.”
Her work focuses on a wide range of services, from physical to digital all the way to educational and training that’s based on operational technology. At the moment, most of the monoliths of industry don’t have the tools or methods to help them detect, uncover and neutralize attacks. So Dana goes in and troubleshoots their entire process, pinpointing any flaws that could be the gateway to a global disaster.
“I have gone into meetings when I’ve asked a plant manager or a chief security officer about the last time they checked for vulnerabilities in their entire industrial environment,” she says, “and they say ‘Oh, we do those once a year at our plant shutdown.’ That’s just not good enough.”
Dana is well aware that it’s hard to get a like-for-like assessment of how something operates when you only test for vulnerabilities while it’s powered down. “The most accurate information is done when your plant is running,” she says. “So we work with different companies to try and solve that problem.”
Partnering with Tenable on a product called Industrial Security, Dana and her team have created a passive scanner that can be used while a plant is running. “It works in real time,” she says, “without affecting businesses or impacting any of the units.”
Following the American dream
In 1975, towards the end of the Vietnam War, Dana’s parents fled the worn-torn country in boats with the goal of making it to the United States. As the daughter of immigrant parents, she’s strived hard to forge a better life for herself — but she hasn’t followed a cookie-cutter path into cybersecurity.
Dana enrolled in medical college with the hope of becoming a doctor, but was compelled to explore the opportunities offered by cyber. Defying her parent’s wishes, she followed her passion, taking the skills she developed while studying medicine and venturing into the unknown world of start-ups and technology. “When you’re a doctor, you have to find out if things are weak,” she says. “It’s the same in cybersecurity.”
Witnessing a global hacking confirmed her career choice
During her studies, Dana began working in analytics for Microsoft and fell in love with technology. But it was later, while working at Sony Pictures on the movie The Interview, that the idea of cybersecurity really captured her imagination.
In 2014, a hacker group, believed to be the North Korean government, leaked emails from her colleagues in retaliation for the film and its portrayal of the ‘hermit state’. It caused a diplomatic outcry. “I started looking into how Sony knew they weren’t secure,” she says, “and how they still didn’t take the right steps to prevent an attack — and it got me thinking.”
Without any formal training or background in cyber technology, Dana explored her deepening interest and worked hard to convince executives to allow her an opportunity to work in technology. Her determination paid off and she landed a job at a cybersecurity company.
But despite it being her passion, Dana is only too aware that cybersecurity isn’t always an obvious choice. “My brother is in college,” she explains, “and none of his computer science friends are thinking about roles in cybersecurity.” In addition, women are very under-represented in the field. Currently enrolled at a college herself, specializing in cyber strategy, Dana says that there are only two other women in her class.
Being innovative means carving out a space for yourself
Based in Washington DC, Dana’s office has the best views over the capital. “We’re on the 10th floor of one of the most notable and expensive buildings in all of DC. “From the office, I can see huge US flags and the Capitol,” she says. “If I look really hard, I can see the White House.”
As the team grows, Dana is a natural advocate for her profession. “High-schoolers gear themselves up for typical jobs without really knowing what’s out there,” she says. “It’s like when I was studying to be a doctor, I didn’t realize there’s more than one way to help people. Now I’m in a role where I’m helping a broader audience and it helps me put meaning into my job. It’s like I’m correlated to everyone, and I’m able to be proactive rather than reactive.”
Born and raised in California, Dana Tran now lives in Washington DC where she works in Global Industrial Cyber and Digital Security. Find out more about working at Siemens.
