Adapting to Legislative Demands: Insights on Cyber Security Compliance in Critical Infrastructure

Welcome to Razorwire, the podcast dedicated to exploring the complex and evolving world of cyber security legislation. I’m your host, Jim, and in today’s episode, we delve into the intricate landscape of cyber security legislation with our guests Steve Applegate and Phil Tonkin from Dragos.

In this episode, our guests shed light on the challenges and intricacies of navigating the cyber security legislature, focusing on the impact on critical infrastructure and the evolving landscape of compliance. From managing connectivity safely to the complexities of integrating IT and OT in modern manufacturing, we explore the key factors influencing cyber security legislation and its practical implications.

Key Talking Points:

1. The importance of managing connectivity safely and ensuring proper segmentation and visibility in the Niz legislation.

2. Challenges faced by organisations, such as Sellafield, in implementing controls and recognising legacy challenges in OT environments.

3. The impact of conflicting regulations on consumers and the need for practical compliance requirements in cyber security legislation.

“We can’t let FUD be the guide, right? If every time we hear a thing, we start panicking and we deviate from our processes and start making a whole bunch of new mandates, even internally, all the people within a company that have to track that and follow it and meet with people, and it’s a distraction, I think, from real security.”

Steve Applegate – Dragos

Listen to this episode on your favourite podcasting platform:

In this episode, we covered the following topics:

  • Managing Connectivity Safely: Emphasising the need to ensure proper segmentation and visibility in cyber security legislation.
  • Challenges Faced by Organisations: Discussing the difficulties in implementing controls, recognising legacy challenges, and the importance of proportional controls.
  • Conflicting Regulations and Consumer Impact: Raising concerns about conflicting regulations and the impact on consumers due to compliance costs.
  • Information Exchange Hesitance: Discussing the hesitance of information exchange for cyber security purposes and its impact on managing threats.
  • Reporting Dilemma: Describing the challenge of eradicating cyber events and the dilemma of reporting to the public versus mitigating further attacks.
  • Third-Party Oversight Frustrations: Addressing the frustration with third-party involvement in security oversight and assessment processes.
  • Transparency in Security Relationships: Advocating for transparent and trust-based relationships with third parties, emphasising actionable intelligence, and fostering transparency.
  • Evolving Skill Set of Security Professionals: Describing the evolving skill set of security professionals, particularly the increasing specialisation and separation from GRC.
  • Legislative Impact on OT Environments: Expressing concerns about the impact of legislation and compliance on operational technology environments and the difficulty of implementing changes in systems with old technology.
  • Challenges of Sudden Legislative Changes: Discussing the challenges of sudden legislative changes, public outcry influencing legislation, and the need for realistic expectations of change in a legacy industry.

Resources Mentioned

– Dragos

– Sellafield

– Azure Active Directory (AD)

– Microsoft Active Directory

Other episodes you’ll enjoy

DORA Compliance Made Clear: Essential Training for Safeguarding Financial Institutions w Paul Dwyer

Lessons from an InfoSec Icon: A Fireside Chat with PCI Guru Jeff Hall

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email

If you need consultation, visit, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD


Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2023

Follow Us