Greg Kapourellos, Head of Global Intelligence Advisors, Google Threat Intelligence Group, discussed the future of operational technology (OT) cybersecurity and why our companies are joining forces to help organizations stay ahead of the curve.
Operational technology (OT) cyberattacks target industrial control systems (ICS) in critical operations such as factories, pipelines and power grids. And alarmingly, Honeywell’s 2025 Cybersecurity Threat Report revealed that malware and ransomware targeting these systems increased significantly from Q4 2024 to Q1 2025, with ransomware attacks jumping by 46% during the quarter.
These attacks on OT cybersecurity systems can also be costly, with the total cost of a data breach in the industrial sector averaging $5.56 million, according to a 2024 report from IBM. OT cyberattacks can also pose serious threats to physical safety and disruption of critical infrastructure, like water, electricity and other energy sources.
As a long-standing leader in industrial innovation and operational resilience, Honeywell has been at the forefront of OT cybersecurity, leveraging decades of domain expertise to help protect critical infrastructure. From refining secure system architectures to deploying threat detection across complex industrial environments, Honeywell continues to shape how the world safeguards this critical infrastructure.
That’s where innovative cybersecurity solutions come into play. Enter Google Cloud and Honeywell’s partnership to accelerate autonomous operations for the industrial future, which includes a focus on OT cybersecurity.
AS MANISH GOYAL, GENERAL MANAGER, HONEYWELL CYBERSECURITY EXPLAINS,
“By integrating Google Cloud’s threat intelligence and AI-driven insights into Honeywell’s OT cybersecurity tools, we further enable organizations to detect threats earlier, automate responses and significantly enhance resilience – all at industrial speed.”
Through this integration, Google Threat Intelligence – featuring frontline insight from Mandiant – will be integrated into current Honeywell’s Cyber Threat Intelligence, thus allowing Honeywell OT cybersecurity products to enhance threat detection and help protect global infrastructure for industrial customers.
We caught up with Greg Kapourellos, Head of Global Intelligence Advisors, Google Threat Intelligence Group, for a closer look at the trends impacting OT cybersecurity and the growing need for cutting-edge solutions to help better safeguard people and critical assets from cyberattacks.
Google Cloud has become a cornerstone of innovation for business worldwide. With Mandiant now part of Google Cloud, it’s clear there’s a strong commitment to enhancing cybersecurity offerings. What’s the story behind this acquisition and journey?
Greg Kapourellos: Google has a history of innovating and building secure computing systems and is committed to solving hard security problems. In 2022, Google Cloud demonstrated its commitment to security with the acquisition of cybersecurity leader, Mandiant.
With leading cybersecurity expertise and threat intelligence, Mandiant joined Google Cloud to help organizations improve their threat, incident, and exposure management.
The combined forces of Google Cloud’s security portfolio and Mandiant’s threat intelligence create a comprehensive security operations suite. This suite leverages Google’s data processing, AI/ ML analytics, and threat elimination focus to help organizations adapt to the evolving threat landscape. Simply put, as Mandiant, our mission is to make every organization secure from cyber threats and confident in their readiness. In May of 2024 we introduced Google Threat Intelligence. This brought together Mandiant curated and frontline intelligence, VirusTotal crowdsourced intelligence, and threat insights from Google.
Google Threat Intelligence is often described as a game-changer in the cybersecurity space. Why is this, and why do traditional threat intelligence vendors struggle to keep up? What makes Google Threat Intelligence so uniquely effective?
Greg Kapourellos: Traditional threat intelligence vendors struggle to keep up due to a variety of challenges – notably:
- Limited global visibility as threat actors operate across borders and industries.
- Lack of context and actionability, resulting in raw threat data leading to massive operationalization overhead.
- Lack of cyber threat intelligence talent, making it challenging to hire and retain top threat intelligence professionals. Google Threat Intelligence is considered a game-changer because we’re providing actionable threat intelligence at Google scale.
Google Threat Intelligence is considered a game-changer because we’re providing actionable threat intelligence at Google scale.
Organizations are drowning in data when it comes to threat intelligence, but acting on it remains a challenge. What are the biggest pain points businesses face when operationalizing threat insights and how does Google Threat Intelligence help solve them?
Greg Kapourellos: This is really one of the greatest challenges. Organizations often struggle to act on threat intelligence data and experience several pain points when operationalizing threat insights. In short, Google Threat Intelligence helps organizations focus on the threats most relevant to them – and take action. To expand on that, Google Threat Intelligence specifically addresses these challenges by providing:
- Unmatched visibility: Breadth and depth in threat intelligence from diverse sources.
- Expertise: Google Threat Intelligence includes Mandiant frontline expertise for real-time research, analysis and reporting.
- Actionable insights: Google Threat Intelligence enables users to respond to new and novel threats in minutes instead of weeks. Intelligence is only as good as what you do with it.
- AI-Infused threat intelligence: Google Threat Intelligence leverages AI for risk profiling and malware analysis.
- Integration and automation: A major focus for Google Cloud Security is integrating actionable intelligence into Google SecOps or Security Command Center. We also have hundreds of integrations for other security vendors, to help operationalize and automate security workflows.
- Improved response: Google Threat Intelligence accelerates alert response and enables smarter resource allocation.
What made this the right time for Google Cloud and Honeywell to join forces in this area, and what unique strengths do each bring to the table?
Greg Kapourellos: It’s a really exciting time and opportunity. We are presented with a unique time in history where we can join forces to help make a real difference and change the game in OT cybersecurity with this partnership. We just launched Google Threat Intelligence last year, and when you combine this unmatched threat visibility with our leading AI and Honeywell’s best-in-class solutions and products, we are able to really do great things. We can better safeguard critical infrastructure and OT environments from both increasing nation-state and cyber-crime threats.
Honeywell successfully integrated Google Threat Intelligence (GTI) into Honeywell Cyber Threat Intelligence thus benefiting their Cybersecurity products. This partnership has been instrumental in enhancing Honeywell OT cyber solutions by providing solutions and products with near real-time, context-rich threat data, which enables more informed decision-making at the edge.
Looking ahead, where do you see the future of threat intelligence and OT cybersecurity?
Greg Kapourellos: Businesses are zeroing in on protecting their OT cybersecurity systems. OT systems are increasingly important as they integrate with IT networks, blurring the line between digital and physical infrastructure. Utilizing “defense-in-depth” strategies (like segmentation, air-gapping, and zero trust) is essential for defending against OT cybersecurity attacks.
Additionally, the combination of threat intelligence with OT cybersecurity products will benefit by achieving a faster path to actionable insights and informed security decisions. This is where we are combining Google’s market leading Threat Intelligence with Honeywell automation systems and its OT cybersecurity products.
Implementing resilient strategies isn’t just smart for business continuity, it’s also in line with the increasingly complex regulatory environment. With rising regulatory standards, governments worldwide are mandating the reporting of cybersecurity incidents to enhance cyber resilience.
Additionally, businesses are prioritizing proactive incident response – crucial for maintaining essential systems’ operational continuity.
With all of this in mind, leveraging AI for better threat awareness and automating security operations will be key.
