Critical infrastructure
Features
Hall of Fame
Interview
Vendors

Hall of Fame – Cybersecurity Industry Veteran Robert Lee

November 13, 2022
Hall of Fame

Industrial Cyber unveils a new series of interviews with veterans from the industrial cybersecurity industry. 

In the first of our series, we have Robert Lee, Dragos’ CEO and co-founder. The cybersecurity industry veteran also serves on the U.S. Department of Energy’s Electricity Advisory Committee as the vice chair of the Department of Energy’s Grid Resilience for National Security Subcommittee, and is a member of the World Economic Forum’s subcommittees on Cyber Resilience for the Oil & Gas and Electricity communities.

Industrial Cyber: Where/when did you discover your passion for “safeguarding civilization?” What led you to your career?

Robert Lee: I started interacting with control systems as part of humanitarian work in Cameroon with Engineers Without Borders. Seeing what control systems could do for people, especially in the creation of electricity, clean drinking water, etc. was formative for me. From there I served in the US Air Force tasked to the NSA where I built and led the NSA’s ICS threat discovery mission. Seeing adversaries target these civilian infrastructure sites that had such a power for good and change simply felt immoral. 

From there I knew I’d be dedicating my life to trying to protect civilians and the beautiful industrial world we benefit from. After I left the military I helped lead up the investigation into the cyber attack in 2015 on Ukraine’s electric system and saw first hand security vendors and subject matter experts fully misunderstand what happened and what was necessary for ICS – it was important to have unique ICS answers where appropriate for our unique ICS challenges and do myself and my two co-founders and friends started Dragos.

IC: Who have been the strongest influences in your career? What would you do differently if you had a chance? 

RL: My father was always a huge role model for me and Michael Assante. Michael is the one that encouraged me to author the ICS threat monitoring and response class at SANS which kick started my path and transition out of the military. My conversations with him and Tim Conway have been more impactful on my career than any others. I have no regrets and would not change the course.

IC: What advice would you give a young Rob Lee? From your various accomplishments, what are you most proud of? 

RL: I’d leave him to his own course. It’s worked out so far and I had better mentors than I could be to myself.

IC: Our industrial cybersecurity industry has changed enormously over the decade. As a recognized leader, what should the industrial cybersecurity industry stop doing? And, what should it start doing at the earliest? 

RL: It should stop trying to copy/paste IT security into operations environments especially those applied without the unique understanding of ICS and what risks we’re really trying to reduce. It should drastically increase its ability to implement the core and validated security measures such as the SANS 5 critical controls for ICS security. The world is changing quickly and we’re simply not ready. So many wonderful things are happening but not at the rate and scale we need for the problems we face ahead.

IC: As the industrial cybersecurity vendor landscape continues to change, companies like Dragos are raising substantial capital, acquisitions space, and new start-ups springing up. What would you say is the current state/health of the industry? 

RL: It’s a very healthy and positive industry that’s growing quickly. My concern is less on the vendors, service providers, and the infrastructure owners and operators but often those on the side lines not involved in either that still feel they need to have their voice heard. Yes, that includes some of the analyst firms who have no expertise on what they’re covering. It’s ok to admit when you don’t know something. There’s a vibrant and helpful industry ready to embrace anyone who’s willing to roll up their sleeves and get involved with curiosity and sincerity.

IC: How do you foster creative and innovative thinking at Dragos? 

RL: I hired smarter people than me who hired smarter people than them. 

IC: What would be your ‘Top 3’ tips for young people coming into the industrial cybersecurity industry today, and why? 

RL: Learn the business and industrial operations before trying to apply security to it. Understand that you need to get out to the field and visit your engineers and operators to learn from them. Have patience, yes we need to go faster but these issues are not solved in a few months but instead with a few for decades long cycles. 

IC: Rob has done a lot of work fostering partnerships between the public/private/industry sectors, which seems like it is a high priority. How do you see this impacting the industry going forward? Do you plan on taking these alliances to the global level? If so, what is the time frame? 

RL: Yes. I’ve been working on global partnerships and I feel besides our amazing partners the work at the World Economic Forum and my engagement at their annual conference and working groups – shared with amazing practitioners from around the globe – is helping to amplify that. Everyone understands the need to protect our citizens from those that wish them harm. This is a global mission.

IC: What scares/excites you the most about what’s next in the industrial cybersecurity sector? What do you see as the biggest threats and challenges, and how prepared is the industry as a whole to deal with the present threat landscape? 

RL: The homogenous infrastructure and advancement of the threats has led to capabilities like PIPEDREAM and the need to react and deal with scalable and reusable multi-industry disruptive toolkits is a place we’ve never been before and many aren’t ready for though the warnings were there. What’s most concerning though is if market forces and lack of expertise allow people to believe OT is just a subset of IT or IoT or should be treated as such. A gas turbine and Alexa have nothing meaningful in common. I’m most excited about the amazing and wonderful people coming into the field that will embarrass us all with their intellect and dedication. Defense is doable.

Highlights Section:

  • Years of Experience in the industrial cybersecurity space: Started career in OT cyber in 2009
  • Major Companies worked for: USAF, NSA, Dragos, SANS Institute, Utica College, board member at National Cryptologic Foundation
  • Vertical Focus: Broad industrial control systems including but not limited to electric, oil & gas, various types of manufacturing, rail, water, paper and pulp, and mining.
  • Rob’s message to our readers: “The industrial cybersecurity community has come a long way over the years thanks to their hard work to protect critical infrastructure around the world. But we still have far more to do. The path to securing industrial operations that people depend on requires us to educate and empower each other to all be successful.”

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems