Welcome Danny Vital of XTec, New Expert in the Digital Utility Group- [an Energy Central Power Perspectives™ Expert Interview]
- Sep 16, 2021 11:59 am GMT
The cyber experts in the energy industry have been sounding the alarm for years, and finally the mainstream is starting to pay attention. From the SolarWinds attack exposing utility industry vulnerabilities to the cyber attack that shut down the Colonial Pipeline, leaders in industry and government alike are stepping up to tighten cybersecurity of the grid.
Luckily for the rest of us, those cyber experts have been hard at work creating the most advanced and effective tools for years. These leading voices in grid and enterprise security are extolling the importance of best practices, not skimping on implementation or equipment, and highlighting how major events can be sparked from the most minor of oversights.
As the rest of us play catchup on the world of cybersecurity, we’ll continue to lean on these experts, and you can find a who’s who of them in Energy Central’s Network of Experts in the Digital Utility Group. The newest addition that we’re thrilled to introduce is Danny Vital, Senior Cybersecurity Engineer at XTec. Danny brings with him two decades of IT experience, and his experience and expertise will surely prove invaluable to the Energy Central community as we all seek to navigate the upcoming cybersecurity requirements in the power industry.
To highlight this value he’ll surely bring our community, Danny was gracious enough to participate in our Energy Central Power Perspective ‘Welcome New Expert Interview Series.’
Matt Chester: To kick things off at the basics and help our community get to know you better, can you share your background in the utility industry? How did you first get involved, what do you do today, and how did your journey take you from the beginning to the present day?
Danny Vital: I’ve been working in IT for the past 20 years and got involved in the utility sector when working on a project for the NCCoE (National Cybersecurity Center of Excellence). This was a public private partnership that was setup to explore Identity and Access Management for the Energy sector as one of its first use cases. While working at XTec I had the opportunity to begin exploring what Identity Management meant in various sectors with the utility sector being one of them.
MC: Among your chief areas of focus these days is in cybersecurity of the grid and other key areas of infrastructure. It would seem that this is an area that everyone ostensibly agrees is of paramount importance, but there are still some struggles in getting the necessary measures implemented. Why do you think there is that disconnect?
DV: There needs to be a clear definition of what security means for this space and strict adherence to these standards. There are also many ways to solve a problem so flexibility makes it easy for organizations to meet their compliance goals but at the same time offers such variance that there is a wide range of technology being implemented, each with their own pros and cons. These standards also need to keep up with the times and help implement solutions that are growing in adoption especially in these hyper connected environments.
There is some work being done at the Federal level to improve cybersecurity in this space. The two recent appointments from the Biden administration, Executive Order 14028 and the National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems, specifically focus on this.
MC: Within infrastructure cybersecurity, you have key expertise in identity management. What sort of technologies are coming along that are changing this field and how optimistic are you that they’ll be adopted as they’re needed?
DV: A strong credential is coming for this space. This is a credential that cannot be duplicated and one that allows you to authenticate your employees and contractors with speed and ease. Derived credentials also allow your personnel to include these strong credentials on their devices including mobile phones, laptops, and tablets.
This technology appears to be headed to the OT side for device authentication as well. This prepares the grid for secure device to device communications.
MC: What are some of the typical hurdles you typically have to deal with when trying to implement cybersecurity measures at the utility level? What do you wish decision-makers in this industry better understood to overcome those challenges?
DV: Going into new environments you’ll have to account for the different legacy systems that the customer has in place. We see these coming from a vast array of different vendors. It helps to identify these dependencies up front that way we’re able to see if some of these products use standards that allows them to be a part of the solution.
MC: Can you tease for us some of the under the radar or soon to come developments that you and your team at XTec are looking to roll out soon? How will the offerings in the world of utility IT security change in the near term?
DV: The recent National Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems is an exciting development for security on the OT side. It creates an Industrial Control System Cybersecurity Initiative with the goal to expand the deployment of technology that helps protect essential control systems and operational technology networks.
Details will be published on September 22 by DHS and will be a positive change for utilities going forward. It will also represent a new way of thinking about cybersecurity for many as well.
MC: What value do you hope to bring to the community? What’s the main takeaway you hope you can impart to the Energy Central community as our newest expert?
DV: It’s necessary to have a defense in depth approach to security in your organization. Identity is really your first perimeter and having a strong credential at your disposal makes securing all other perimeters that much easier. I hope to bring the knowledge that I’ve gained throughout my career to this community and help contribute to discussions that my expertise can help with.
As all of these new changes begin to happen both from the Executive Order and the National Security Memorandum we’re looking forward to having standards based solutions be implemented. We have technology that has been vetted and in use for over 15 years which can be easily adopted by the Utility sectors. Let’s take these already existing standards and give them the best path forward for protecting Critical Infrastructure.
Thanks to Danny Vital for joining me for this interview and for providing a wealth of insights an expertise to the Energy Central Community. You can trust that Danny will be available for you to reach out and connect, ask questions, and more as an Energy Central member, so be sure to make him feel welcome when you see him across the platform.
No discussions yet. Start a discussion below.
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.