close
close

Robust incident management for critical infrastructures

Governance and risk management, operational technology (OT), standards, regulations and compliance

Covestro’s Durgesh Kalya on managing legacy systems and new threats

Tom Field (SecurityEditor) •
May 31, 2024


Durgesh Kalya, OT Network Security Expert, Covestro LLC


Managing legacy systems and new cyber threats is critical to protecting critical infrastructure. Durgesh Kalya, OT network security expert at Covestro LLC, emphasized the importance of integrating the incident command system originally developed by the Federal Emergency Management Agency and the Department of Homeland Security with industrial automation systems. This integration facilitates active participation and collaboration among industry stakeholders, he said.

See also: OnDemand | Navigating the SEC Rules for Enhanced Cybersecurity in IT and OT Environments

By knowing what systems they have and how they are managed and updated, organizations can improve their protection and reduce risk, especially when critical systems run on legacy software such as Windows 95 or Windows NT.


“Basically, everyone is a cybersecurity engineer because they work on computer systems. You can’t update software on hardware that’s decades old; you need the latest hardware and equipment,” he said.


In this video interview with Information Security Media Group at the Cyber ​​Security for Critical Assets USA Summit in Houston, Kalya also discussed:

  • The need for robust incident management frameworks for critical infrastructure;
  • Collaboration between organizations and ICS vendors to ensure timely upgrades;
  • Understanding and segmenting systems to mitigate the risks associated with ransomware.


Kalya is an OT security professional with nearly 20 years of experience in manufacturing, engineering, and IT. He is the Director of Safety and Security at the International Society of Automation and the Internet of Things Security Foundation Houston Chapter.