Hack the Plant

EXPLORE

Society & Culture

© 2024 PodJoint

https://is1-ssl.mzstatic.com/image/thumb/Podcasts115/v4/dd/4c/12/dd4c1274-2418-36ec-9dad-df6cd5fb3396/mza_8683818142540185759.jpg/600x600bb.jpg

Hack the Plant

Bryson Bort

47 episodes

2 months ago

Electricity. Finance. Transportation. Our water supply. In Hack the Plant, podcast host Bryson Bort looks for answers to the question: Does connecting these systems, and others, to the internet leaves us more vulnerable to attacks by our enemies? We often take these critical infrastructure systems for granted, but they’re all becoming increasingly dependent on the internet to function. From the ransomware threats of Colonial Pipeline to the failure of the Texas power grid, it is clear our interconnectivity is also a significant source of risk. Hack the Plant walks through the world of hackers working on the front lines of cyber security and public safety to protect the systems you rely upon every day. Hack the Plant is brought to you by ICS Village and the Institute for Security and Technology. ICS Village is a nonprofit that equips industry experts and policymakers with the tools to better defend our critical infrastructure. We educate people on critical infrastructure security with hands-on examples, not just nerd stuff. Catch us at an event near you! www.icsvillage.com. The Institute for Security and Technology is a nonprofit think tank with the mission to bridge gaps between technology and policy leaders to help solve these emerging security problems together. Learn more at securityandtechnology.org.

Show more...

All content for Hack the Plant is the property of Bryson Bort and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Electricity. Finance. Transportation. Our water supply. In Hack the Plant, podcast host Bryson Bort looks for answers to the question: Does connecting these systems, and others, to the internet leaves us more vulnerable to attacks by our enemies? We often take these critical infrastructure systems for granted, but they’re all becoming increasingly dependent on the internet to function. From the ransomware threats of Colonial Pipeline to the failure of the Texas power grid, it is clear our interconnectivity is also a significant source of risk. Hack the Plant walks through the world of hackers working on the front lines of cyber security and public safety to protect the systems you rely upon every day. Hack the Plant is brought to you by ICS Village and the Institute for Security and Technology. ICS Village is a nonprofit that equips industry experts and policymakers with the tools to better defend our critical infrastructure. We educate people on critical infrastructure security with hands-on examples, not just nerd stuff. Catch us at an event near you! www.icsvillage.com. The Institute for Security and Technology is a nonprofit think tank with the mission to bridge gaps between technology and policy leaders to help solve these emerging security problems together. Learn more at securityandtechnology.org.

Show more...

Episodes (20/47)

Hack the Plant

Creating a Cyber Aware Culture for Local Water Utilities

“A majority of the water utilities that we're targeting are small systems. They have limited resources and technical capabilities…so often, people talk about how they are interested in learning about cyber because they know it's important, but they don't really know where to start. That’s where [we] plug in.” - Lessie Skiba

2 months ago

27 minutes 50 seconds

Hack the Plant

Local Infrastructure is Critical Infrastructure

“When we have our crisis—and we will eventually—I hope it's small enough and not impactful enough that it doesn't harm too many people, and it wakes people up.” - Kirk Herath

3 months ago

51 minutes 5 seconds

Hack the Plant

Old Systems, New Threats

“When I talk to people and they ask me, ‘well, where do I start?’ Well, you start with understanding your environment first. What do you have? What do you need to protect? This piece of equipment goes down. What happens to your environment?” - Jim Montgomery

5 months ago

31 minutes 9 seconds

Hack the Plant

The Truth About OT Vulnerabilities

“Threat research is an umbrella that covers the way that we try to find threats on systems, and identify threats, and try to inform the industry and our client about these threats ahead of time.” - Adam Robbie

6 months ago

33 minutes 32 seconds

Hack the Plant

Bridging the Cybersecurity Resource Gap

“I'd say this is a project about nonprofit cybersecurity…but it's also about how cities can better protect infrastructure that isn't their own, and how cities can actually play a much bigger role in the cyber defense of their own communities.” - Sarah Powazek

7 months ago

33 minutes 43 seconds

Hack the Plant

Preparing for Unnatural Disasters

“When everything is critical, nothing is critical.” - Josh Corman For the premiere of season 5, Bryson Bort welcomes back season one guest Josh Corman to discuss his Cyber Civil Defense initiative UnDisruptable27, and the four lifeline infrastructure systems we’ll be focusing on this season: electricity, healthcare, food, and water.

8 months ago

40 minutes 9 seconds

Hack the Plant

From the Archives

“I started Hack the Plant in August 2020, driven by a deep conviction that we need to do something about the problem of critical infrastructure assurance: from education to action. Over 4 years and 40 episodes, we’ve hosted industry giants and practitioners, members of Congress and policymakers, and hackers and scientists; because with technology it’s the people, those on the front-lines that are making the difference.” - Bryson Bort Bryson closes out season four with a look back at the work we’ve done so far.

8 months ago

23 minutes 7 seconds

Hack the Plant

Protecting Critical Infrastructure for Rural Electric Cooperatives

“NRECA is focused on our members. So we have a series of programs or funding that we try to bring to our co-ops to help them improve their cybersecurity. That's the bottom line. That's really what we're trying to do is find out how to meet our cooperatives, where they are, improve their cybersecurity, improve their awareness, and do that through a number of different funding mechanisms that we have.” - Carter Manucy Carter sits down with Bryson to cover the National Rural Electric Cooperative Association, his work as cybersecurity director, and how we can better combat the cyber threats facing our energy infrastructure.

9 months ago

31 minutes 9 seconds

Hack the Plant

Reliability and Risks of the North American Power Grid

“Compliance and enforcement are necessary tools in our toolkit, but we have a much broader vision and mission that's really focused on a highly reliable and secure North American bulk power system. And those standards are the floor, but there's so much more we can do. And the biggest tool in our toolkit is outreach and education.” - Sara Patrick Bryson interviews Sara on her work leading the Midwest Reliability Organization to identify, prioritize and assure effective and efficient mitigation of risks to the security of the North American bulk power system.

11 months ago

28 minutes 6 seconds

Hack the Plant

Securing Embedded Systems

“MITRE EMB3D is a global threat framework. It's a new one that is focused on embedded systems in critical infrastructure spaces, such as rail, oil, natural gas, water, wastewater, aerospace, autonomous, UAS. So everybody's familiar with MITRE attack and MITRE attack for ICS. Those only actually record observed adversarial threats. That's it. MITRE EMB3D follows everything from a theoretical [threat], which is academic and theoretical to proof of concept, proof of exploit, to then CWE.” - Niyo Little Thunder Pearson In this episode, Bryson and Niyo discuss Niyo’s project MITRE EMB3D, the problems it’s trying to solve, and how the industry is responding to this groundbreaking framework.

1 year ago

31 minutes 20 seconds

Hack the Plant

The Case For A Cyber Force

“But the problem we have here is, the people you're trying to recruit for cyber, those kind of people are not the same people you need in infantry armor units, and flying F-22s, right? Force generation is just one of these things that most people don't look at. Except, if you don't start with the building blocks at step one, there's no way you have a stable high rise at step ten.” - Mark Montgomery In this episode, Bryson and Mark talk about Mark’s time at the Cyberspace Solarium Commission, his pitch for a Cyber Force, and the politics of cybersecurity and the latest cyber policy.

1 year ago

41 minutes 55 seconds

Hack the Plant

Supporting Ukrainian Electrical Grid Resilience in Wartime

“We want to see them safe, happy, and living fulfilling lives. And we're going to do whatever the hell we can, whenever the hell we can, to help people like the Ukrainians because they deserve a peaceful, good life. And we have not lost a single ounce of steam,” reflects Joe Marshall, Senior IoT Security Strategist at Cisco Talos. - Joe Marshall In this episode of Hack the Plan[e]t, Bryson and Joe discuss Cisco’s efforts in the Ukraine war.

1 year ago

32 minutes 19 seconds

Hack the Plant

Preparing for the potential worst day

“From an architecture standpoint, from a resilience standpoint, from a capabilities standpoint, I think everybody's kind of facing the same problems, and I think there's not enough resiliency baked into these systems,” says Paul Shaver. Paul Shaver is Global OT Security Practice Lead at Mandiant / Google Cloud. In this episode, Bryson and Paul discuss Paul’s military background, the difference between persistent threats and regular threats, and more.

1 year ago

30 minutes 36 seconds

Hack the Plant

“So our main product in Claroty is an idea solution. And in order for an idea solution to work properly, it needs to have a really good understanding and visibility into the protocols, to the network traffic. And so I started in Claroty as a protocol researcher, meaning I was trying to understand how industrial protocols operate, and this means I had to research a lot of ICS equipment to really understand what types of data, different components in the ICS network, exchange, how do they operate? What are the different protocols and how can we understand what they mean?” - Sharon Brizinov Sharon Brizinov is director of research at Claroty, a cybersecurity company focused on protecting industrial control system. In this episode, Bryson and Sharon cover Sharon’s career, his experience in the ICS industry, and more.

1 year ago

33 minutes 51 seconds

Hack the Plant

Securing, Defending, and Bringing Resilience to Infrastructure

“If something is going to take a couple of billion dollars to develop and there's not a known, validated commercial return associated with it, why would any private industry take that on? It's really the role of government.” -Robert Shaughnessy Robert Shaughnessy, CEO of operational technology security company Psymetis, joins us for this episode of Hack the Plant. We discuss his work with Psymetis, challenges to innovation in the private sector, and the role of government in developing new technologies.

1 year ago

36 minutes 41 seconds

Hack the Plant

CISA’s Critical Infrastructure Protection Mission with Jen Easterly

"Critical infrastructure is just how we get our water and our health care and our education and our transportation and our communication and how we get gas at the pump and money from the ATM. It really is the networks and the systems and the data that we rely upon every hour of every day and that power our lives." - Jen Easterly Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA) joins us for this episode of Hack the Plant. We discuss her work on leading CISA’s critical infrastructure mission, implementing efforts to make products Secure by Design, and working with private companies to combat ransomware.

1 year ago

50 minutes 54 seconds

Hack the Plant

Ensuring Cybersecurity for Amtrak

“My strategy was built around people, process, and technique … After about a year of working through that strategy, I realized something was missing. I wasn't getting the traction that I needed. And what I realized what was missing was the culture. The company didn't have the culture for cybersecurity, because it wasn't anything anybody thought of previously.” -Jesse Whaley Jesse Whaley, the Chief Information Security Officer at Amtrak joins us for this episode of Hack the Plant. We cover key aspects of keeping Amtrak’s digital assets and physical infrastructure secure. We discuss how Jesse has built up a diverse talent pipeline for the work cyber force, and the role that has played in staffing Amtrak’s cybersecurity. Join us to learn more.

1 year ago

42 minutes 29 seconds

Hack the Plant

Open Source Data Visualization for Cyber Threats

“Within the cybersecurity community, we build cybersecurity tools for other cybersecurity professionals. We don't really build cybersecurity tools designed or intuitive for the operators that need to use it. With ICS Advisory, I focused on how do we just put this in plain language that makes sense for them? Not over using overuse of acronyms, speaking plainly about the vulnerabilities, and really trying to do that with breaking out the common vulnerability scoring system. -Dan Ricci Today’s episode focuses on the ICS Advisory Project, an open source platform that helps asset owners across sixteen critical infrastructure sectors stay secure. Dan Ricci, its founder, joins us to discuss how data visualization translates into more accessible information for the industrial control systems operators on the ground – and how they can use that information to identify weaknesses in their environments. Join us to learn more.

1 year ago

39 minutes 24 seconds

Hack the Plant

Cyber Threat Intelligence Over the Past 25 Years

“The White House has been trying to get their arms around solutions for 25 years. If you look back at the very earliest White House document (Presidential Decision Directive 63), it came out in 1998. They're focused on critical infrastructure. They say, within five years, most of America’s critical infrastructure will be secure, as if it was a one off as if we could just get it right once, and then it would just be secure. But of course, we have intelligent adversaries, and we keep inventing new technology.” -Jason Healey Jason Healey, a Senior Research Scholar at Columbia University’s School for International and Public Affairs, joins us for this episode of Hack the Plant. We discuss an article he recently published at the Lawfare Institute, looking at 25 years of White House cyber policies, from the Clinton to the Biden Administrations. What changes have we made in our regulatory approach over the past 25 years? What are current strengths - and threats - in our cyber defense systems? Join us to learn more.

2 years ago

49 minutes 5 seconds

Hack the Plant

Architecting Threat Responses

“You can simulate power. You can simulate the data that's on the network. You can replay information. That's a very controlled environment. But using the real equipment…it’s the little idiosyncrasies of the systems themselves that you don't get in a very extremely controlled environment. In what the RACICS program was, being able to test out these systems in a mostly controlled environment, but also having the small idiosyncrasies of hey that system doesn't work exactly the way we think it did”. -David Patrick Emmerich David Patrick Emmerich, the Principal Cyber-Physical Range Architect at the University of Illinois, joins us for this episode of Hack the Plant. We’re here to talk about RADICS, a DARPA project - for which David built automated data collection, and set up simulations and testing. What kind of incident response plan is needed for OT in an industrial environment? Join us to learn more.

2 years ago

46 minutes 52 seconds