Vytautas Butrimas has been working in information technology and security policy for over 29 years starting from his work as a computer specialist for Prince William County Government in Virginia, to his work on information society development as Vice Minister at the Ministry of Communications and Informatics, Republic of Lithuania. In 1998 he moved on to the Ministry of National Defense (MoND) as Policy and Planning Director where he chaired a task force which prepared Lithuania’s first National Military Defense Strategy. From 2001 to 2011 Mr. Butrimas worked as Deputy Director responsible for IT security at the Communications and Information System Service (CISS) under the MoND. In 2009 he chaired task forces which prepared the first MoND Cyber Defense Strategy and Implementation Plan. In 2007 (and again in 2012) the President of the Republic of Lithuania appointed him to the National Communications Regulatory Authority Council (RRT-Council). He served as Chief Adviser for the MoND of Lithuania with a focus on cyber security policy from 2011-2015 and served on a national task force that wrote The Lithuanian Law on Cybersecurity passed in 2014. In December of 2016 he was delegated by the Minister of National Defense to work as Cybersecurity Subject Matter Expert for the NATO Energy Security Center of Excellence in Vilnius. Mr. Butrimas has participated in NATO and National exercises that that have included cyber-attacks on critical infrastructure in the scenarios. He has also contributed to various reports on cybersecurity and critical infrastructure (for OSCE, EU ENISA, IEA, NATO and other org.), published articles and been an invited speaker at various conferences and trainings on Cyber Security and Defense policy issues. He is currently working on a cyber risk study of the NATO Central Europe Pipeline.
The advances in information and communications technologies have provided possibilities for new functions, features and efficiencies in remotely managing and controlling industrial processes and services essential to the national economy and well-being of our societies. Unfortunately for every new feature introduced by these wonderful enabling technologies there is a vulnerability that can cause an unintentional accident or be intentionally exploited by an adversary. This is well understood by specialists working in Information Technology (IT) and there are well established best practices for protecting computers, data, websites, and networks. However, in protecting critical infrastructure and the technologies used by Industrial Control Systems (ICS) or Operational Technology (OT) the IT security practices that are very good at protecting data and networks do not fully apply in protecting a physical process or preserving a desired process state. For example safely monitoring and controlling the physical processes in generating electricity at a nuclear power station (flow of coolant), insuring the right level of chemicals are added to drinking water, refining crude oil at a petrochemical plant, pumping liquid fuel or compressed gas down a pipeline or safely running a railway system. This presentation will point out the peculiarities and challenges faced by security practitioners in protecting the supporting ICS technologies of these complex systems that provide the technical foundation for modern economic life, insuring national security and well-being of society.