Common Threads Fort Meade: CCP and Cyber Threats to Operational Technology

This event recap is courtesy of SAIC!

On August 19-20, intelligence and national security professionals gathered for our Common Threads Fort Meade: CCP and Cyber Threats to Operational Technology. 

The August 19 unclassified program kicked off with Career Conversations, held in partnership with ClearanceJobs, followed by a welcome reception, with ample time for networking and relationship building. 

The formal program featured keynote remarks by Dave Luber, Former Director, Cybersecurity Directorate, NSA, who spoke to the growing vulnerabilities in Operational Technology systems and the strategic intent behind adversarial cyber activity, especially from the Chinese Communist Party. He emphasized that the neglect of OT has left U.S. critical infrastructure exposed, allowing the CCP to preposition themselves in inadequately protected systems, likely with the intent to launch destructive cyberattacks in the event of a major conflict. Luber highlighted the Volt Typhoon campaign as a clear example and stressed that “Cyber attacks on OT Systems have Physical Consequences.”

These intrusions are difficult to detect because the actors often carry out normal system processes for illegitimate purposes, making their activity appear routine. Unlike IT, the OT community tends to adopt changes slowly, which further complicates efforts to modernize defenses and respond to evolving threats. He offered solutions on how to mitigate attacks, including the need for increased visibility, proactive monitoring, and a shift in how OT security is approached.

To effectively address the vulnerabilities within US critical infrastructure, Mr. Luber stressed that OT users must thoroughly understand their networks, carefully consider who requires access to the systems, and implement routine and continuous monitoring of those systems.

Following his remarks, Mr. Luber took audience questions where he discussed the benefits and risks of integrating AI into protecting cybersecurity, the implications of preparing OT for post-quantum environments, the significant network vulnerabilities at the local municipality level, and how government and industry must work together to secure OT systems.

The evening wrapped with a lively dessert reception and even more networking!

The August 20 classified panel discussion continued the conversation on protecting OT systems from adversarial cyber actors with leaders from CISA, FBI, and Lockheed Martin sharing insights and strategic intelligence.