Google’s Cyber World Champion 2022, Gabriel Marcus, on the current challenges and opportunities of industrial cyber security today


Gabriel Marcus, ethical hacker, Google World Cyber Champion

Gabriel Marcus, Ethical Hacker

The real solution today needs to be a fast offline recovery device, which cannot be attacked and also possess a very fast recovery option.

Gabriel Marcus, a known cyber architect, and Google’s cyber champion for 2022 discusses industrial cyber security, and the challenges we’re facing today: ICS basically integrates hardware, software, and network connectivity for running and supporting critical infrastructure. I think the challenge today is, on the one hand, identifying and defeating malicious activity, and on the other hand, ensuring a swift recovery from any attack that might occur, preferably ASAP before it causes widespread harm and stalls production, which in many cases creates cost issues.


  • Hi Gabriel, what do you think is the top cyber threat an industrial business face today?
  • ICS basically integrates hardware, software, and network connectivity for running and supporting critical infrastructure. I think the challenge today is, on the one hand, identifying and defeating malicious activity, and on the other hand, ensuring a swift recovery from any attack that might occur, preferably ASAP before it causes widespread harm and stalls production, which in many cases creates cost issues.
  • It is customary to refer to a business continuity plan as a process of firewall protection, detection, and elimination of threats when actually, a BCP should also refer to an incident scenario. What’s your take on that?


I agree. We have to look at the whole cycle, from the possibility of a threat to the moment of going back to normal after an attack. With an increasing rate of attacks on critical infrastructures, every organization should be prepared with a recovery plan. It is no longer a question of “if” but a question of “when”.

  • The major vulnerability in Critical infrastructure is downtime. We don’t defend today; we contain and recover. There is no other possibility. Can you give us a quick review as to what OT organizations are using now for recovery?


Up until a couple of years, many OT companies have been using, and some still are, manual or semi-automatic backup solutions (Ghost, Acronis, NetApp). These are good solutions for backup, but it leaves you with two main problems:

Attackers are aware of these systems, and they also target them by diverting ransomware payloads to backup protocols over the network. Recovery from a ransomware attack, using these solutions can take days, depending on the size of the data affected. The real solution today needs to be a fast offline recovery device, which cannot be attacked and also possess a very fast recovery option.

  • How essential, do you think it is, for an ICS & OT organization to use OT-focused solutions vs IT-focused solutions?


In the IT world, where data is the main concern, the efforts revolve around protecting the information, to the extent of restoring a file of a previous minute. In OT, the major concern is operational continuity so efforts revolve around reducing downtime. So, I assume, the answer depends on the organization and its ability or willingness to withstand downtime and risk ransomware attacks. In addition, you cannot be everywhere all the time, so automatic solutions are a must.

  • What do you think separated Salvador’s technologies’ solution from others?


Well, I haven’t been able to hack it, for starters! I should mention the solution basically consists of a cyber Recovery Unit (CRU), agent software, and a monitoring system. The CRU, which contains 3 NMVe disks for backup, is based on patented air-gapped technology, and it is air-tight proof against any infrastructure and application attacks. Salvador Technologies have the unique ability to recover your system in record time. The solution decreases immensely the cost of a ransomware attack in any type of environment. Unique software and hardware, developed only in labs, make it very difficult for reverse-engineering their product and creating vulnerabilities or zero-day attacks.

  • Finally, how do you see industrial cyber security in 3 years?


It is ever-changing; it will progress much faster than it does today. The world advances so fast, we will be traveling into a period in which OT is a key for infrastructure development and production. We will have faster computers and better abilities, a lot more knowledge, and an understanding of how cyber warfare is conducted. It started in Europe this year, and it is waged all over the Globe, but it will become a much more serious focus in the upcoming years.

Ransomware as a Service (RaaS) has become a vast industry and will keep evolving and becoming more impactful and dangerous. We will need to shift with the threat, faster, and more agile. It’s an ever-changing landscape.

Gabriel has practiced cyber for 25 years and has OSCP certification and can perform PT in both application and infrastructure vectors. He currently works as a Cyber Application Architect and DevSecOps specialist.

Expert in Cyber and Information Security specializes in social engineering and offensive security, both application and infrastructure. CTF specialistת won the Google world championship in 2022.

Share article on social media or email:

Leave a Reply