ITTech Pulse Exclusive Interview with Nicholas Janouskovec Global Cybersecurity Business Development Manager at Emerson
Stay updated with us
Sign up for our newsletter
Nicholas Janouskovec of Emerson discusses how critical infrastructure operators can strengthen OT cybersecurity while maintaining reliability, resilience, and operational continuity.
Your leadership journey spans industrial technology, digital transformation, and cybersecurity innovation at Emerson. Looking back, what key experiences shaped your perspective on securing critical infrastructure, and how have those lessons influenced your current approach to OT and industrial cybersecurity?
My unique background has had a profound influence on my perspective around securing critical infrastructure. I started at Emerson many years ago as an instructor teaching distributed control system and cybersecurity classes to Ovation™ power and water system users. Through that direct user interaction, I was able to gain deep insight into user experiences and challenges that come from everyday utilization. As I moved more toward product support engineering as a cybersecurity specialist, much of my focus, perspective, and goal setting was shaped by my experiences with users both in the classroom and in the field—seeing the problems and the challenges users faced in real-time at the plants.
What I’ve learned is that many cybersecurity products are really designed with large IT enterprises in mind. But plant needs are often very different from business enterprise needs. Many of the behaviors and features of these IT-centric applications can be very disruptive to the plant environment and can upset operations. Years of seeing firsthand how all these tools must work together and coordinate seamlessly, while simultaneously supporting other engineers as they would encounter issues, has been invaluable in helping me anticipate the most effective ways to add cybersecurity software to running plants from both a use and reliability standpoint.
Read More: ITTech Pulse Exclusive Interview with Michael Campell, Chief Product Officer, Hyland
The recent partnership between Emerson and OPSWAT focuses on strengthening cybersecurity for critical infrastructure environments. What strategic gap were you aiming to solve through this collaboration, and why was now the right time for this move?
There is a lot of uniqueness in and across OT environments. Even as plants are increasingly connected—to enterprise systems, as part of remote operations centers, and even to each other—there is still quite a bit of “air gapping” of systems that must happen. In environments where there is much more regulation, there is still a strong hesitancy to products that require outside connectivity, which is a common factor in IT solutions. We needed to find a way to bridge that gap.
While many cybersecurity solution providers will have features to meet those requirements, we heard users saying they needed cybersecurity solutions designed specifically to fit the OT environment. Reliable, continuous, real-time operation must be the primary focus. Updates, patches, and even reboots will still need to happen regularly, but they need to happen in a much more controlled environment—not controlled entirely from the top down but rather controlled by those who cannot afford distraction or complications when performing real-time operations. We wanted to design in more granularity to eliminate the noise and messiness of traditional cybersecurity infrastructure.
OPSWAT™ is dedicated to and focused on OT environments. Their willingness to collaborate with us and make the necessary adjustments to develop products that allow for better scheduling and feedback on process status is critical to providing the control necessary to implement effective cybersecurity solutions—informed by feedback from users—that meet the needs of OT.
Ultimately, the timing of a new Ovation control system release, new operating system requirements and changes to update service infrastructure, and increasing calls from customers for OT-friendly solutions came together to create the perfect environment to develop a new way forward.
Industrial environments have very different security requirements compared to traditional IT systems. From your perspective, what are the biggest cybersecurity blind spots organizations still face when protecting operational technology (OT) environments?
An operator in an OT environment works differently than an office user in an IT setting. The operator may be calling critical functions, dealing with off-specification operations, or even just working through complex processes—all situations in which they cannot afford to be distracted by update notifications, or, worse, an unexpected reboot or system outage.
If a control system suddenly stops working, it can mean power disruption, water delivery disruption, or even environmental or safety incidents. Any update action taken brings risk of negative consequences on the targeted endpoints. Those risks must be accounted for. However, a poor cybersecurity posture can also create the same risk of unavailable systems leading to outages, so implementing solutions is always a careful balancing act. We cannot take control away from the team operating the plant, but we also must implement and update solutions to mitigate risk.
In addition, there are some sites that are regulated and have compliance requirements. These teams must be able to patch on a regular basis and cannot defer those patches. They need ways to manage these patches as well as document evidence for reporting while still ensuring they meet their production goals. OT-centric solutions are critical to balancing these needs.
Read More: ITTech Pulse Exclusive Interview with Dean Valentine, CEO and Co-founder of ZeroPath
Critical infrastructure sectors are under increasing pressure from ransomware, supply chain attacks, and nation-state threats. How should organizations rethink resilience not just prevention when it comes to protecting essential operations and minimizing downtime?
Meeting the challenges that exist today as well as preparing for a future of increased cybersecurity risk requires a change in the typical mindset. We used to assume attackers are coming from without and are focused on getting into our systems. As a result, we focused our protection on shoring up outside defenses and perimeters. While we still need to shore up those defenses, we must expand our outlook as well.
Today, the most effective strategy is to assume the attacker is already inside and that systems are already compromised, then build layers of defense and recovery to mitigate that challenge as well. Teams must develop ways to recover and rebuild/backup and restore quickly. They also need ways to prevent lateral movement and stop movement between networks. And, most importantly, they must also operate under the assumption all those protections will fail at some point and have a higher-level plan for coming back from that disaster.
As industries accelerate digital transformation through connected devices, AI-driven operations, and remote monitoring, how can organizations ensure innovation does not outpace security governance?
The rise of AI is making the need for OT-specific layered defenses even more critical. Access to AI is making threat actors much more proficient at a much faster pace. Just as AI can help identify threats and define and shore up solutions, it also unveils vulnerabilities far faster than a human can. In fact, we’ve seen cases where vulnerabilities that went unnoticed for decades were discovered by AI in mere seconds.
It is more important now than ever to be agile and be willing to adopt and change technologies. As AI becomes more useful internally to help inform users and advise them on improvements, OT teams will need to regularly reassess to ensure they have the most effective and innovative solutions that are specifically designed for real-time environments. We can’t predict what the changes will be, but we know that the landscape is going to be different. Cybersecurity has always been an ever-moving target, but today the capacity for rapid iteration has that target moving faster than ever. Organizations must be willing to respond in kind, iterating on solutions like zero-trust cybersecurity and other emerging technologies that will protect their critical systems.
Looking ahead, how do you see cybersecurity strategies changing for critical infrastructure over the next 3–5 years, and what should CIOs, CISOs, and plant leaders prioritize today to stay ahead of emerging threats?
Responsibility will continue to increase across the board, both for solution providers and users. Today, as AI tools are exponentially increasing the number of discovered vulnerabilities in core products, solution providers are tasked with creating patches to quickly shore up their software. In turn, organizations are increasingly obligated to monitor for patches and ensure they are implemented as quickly as possible to resolve that vulnerability in their plant. That trend will only increase in the years ahead.
Leadership should also be laser-focused on modernization. Many OT teams rely heavily on legacy technologies, but many of those legacy technologies—especially ones that are decades old—will also see new vulnerabilities discovered. However, unsupported solutions are unlikely to receive patches, meaning attack surfaces will remain live until systems are replaced. This is likely to lead to many organizations accelerating modernization initiatives to ensure systems will have the ability to patch as vulnerabilities are discovered.
Ultimately, organizations will be putting more energy into evaluating the lifecycle of the software they have in their plants and eliminating solutions that are older and intrinsically more vulnerable. They will also be improving strategies for adopting new security measures within plants so they can be prepared for new threats as they emerge. Solutions like monitoring products, and other technologies that leverage AI to provide early warnings are likely to become far more commonplace.
All these complex needs will likely also lead to demand for more well-trained cybersecurity-focused workers within plants. Teams need to prepare personnel to navigate the challenges that are coming, preparing sites with staffing, training, and budgeting for the unexpected technology changes over the horizon.
Thank you, Nicholas, for taking the time to share your insights with us.
Write to us [wasim.a@demandmediaagency.com] to learn more about our exclusive editorial packages and programmes.
Nicholas Janouskovec is the business development manager for Emerson’s Guardian™ digital platform and cybersecurity solutions and services for the power and water industries.
As the cybersecurity business development manager, Nicholas is responsible for setting the direction of Emerson’s global security solutions business including establishing product and service roadmaps and providing sales support. As the Guardian digital platform business development manager, he is responsible for the vision and direction of the platform to ensure the best digital experience for power and water customers.
Nicholas, a member of the Ovation™ automation platform cybersecurity emergency response team and active with the threat intelligence community, helps to ensure that Emerson provides timely notification to its power and water customers regarding current threats and malware campaigns.
With over a decade of experience working with industrial control systems in a variety of previous roles, Nicholas has held various positions of increasing responsibility, including instructor, support engineer, cybersecurity field engineer and security solutions architect. During his time at Emerson, he served as a cybersecurity subject matter expert and mentor for new cybersecurity engineers.
Nicholas received a Bachelor of Science from Appalachian State University majoring in Political Science and minoring in Business Administration, a master’s from Appalachian State in Public Administration and is a certified Global Industrial Cybersecurity Professional.
Emerson is a global automation leader delivering solutions for the most demanding technology challenges. Headquartered in St. Louis, Missouri, Emerson is engineering the autonomous future, enabling customers to optimize operations and accelerate innovation. Visit Emeson.com
