Welcome to "PrOTect It All," the podcast where we peel back the layers of cybersecurity to reveal the core strategies, challenges, and triumphs of protecting our digital and operational landscapes. We're thrilled to have you on board for an upcoming episode! Your insights and experiences are invaluable to our listeners who are eager to learn and engage with the leading minds in IT and OT security.
As we gear up to dive into conversation, please feel free to share any specific topics or stories you'd like to discuss. Our audience appreciates both the technical deep-dives and the high-level overviews, so bring your unique perspective, and let's make cybersecurity accessible and engaging together.
Thank you for joining us on this journey to foster a more secure future. We can't wait to hear your voice on the "PrOTect It All" podcast!
All content for PrOTect It All is the property of Aaron Crow and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
Welcome to "PrOTect It All," the podcast where we peel back the layers of cybersecurity to reveal the core strategies, challenges, and triumphs of protecting our digital and operational landscapes. We're thrilled to have you on board for an upcoming episode! Your insights and experiences are invaluable to our listeners who are eager to learn and engage with the leading minds in IT and OT security.
As we gear up to dive into conversation, please feel free to share any specific topics or stories you'd like to discuss. Our audience appreciates both the technical deep-dives and the high-level overviews, so bring your unique perspective, and let's make cybersecurity accessible and engaging together.
Thank you for joining us on this journey to foster a more secure future. We can't wait to hear your voice on the "PrOTect It All" podcast!
From Y2K to 2038: Uncovering Time Bombs in OT and ICS Systems with Pedro Umbelino
PrOTect It All
1 hour 7 minutes 3 seconds
4 months ago
From Y2K to 2038: Uncovering Time Bombs in OT and ICS Systems with Pedro Umbelino
In this episode of Protect It All, host Aaron Crow welcomes Pedro Umbelino, Principal Research Scientist at BitSight, for an insightful and lively conversation recorded shortly after they met at RSA. Pedro shares stories of his early days in computing, from scavenging parts as a kid to teaching himself programming on a ZX Spectrum. The discussion quickly dives into critical cybersecurity issues across the interconnected worlds of IT and OT, focusing on dramatic vulnerabilities in Automatic Tank Gauges (ATGs) at gas stations—exposing ways attackers could cause significant physical damage and even spark major operational disruptions, all through insecure legacy protocols.
Pedro also brings attention to a ticking time bomb: the “Year 2038” problem, where millions (if not billions) of 32-bit systems might fail due to an epoch time rollover—an issue that could have consequences reminiscent of Y2K, but on a potentially broader scale, especially for OT and critical infrastructure.
Throughout the episode, Aaron and Pedro share practical strategies, lessons from the field, and the sobering reminder that many of these vulnerabilities are still lurking below the surface. The conversation highlights the importance of awareness, collaboration across industry and ISPs, and a proactive approach to understanding and hardening both new and legacy systems. Whether you're an OT engineer, a security researcher, or just curious about what it means to truly “protect it all,” this episode offers a fascinating look at the evolving landscape of digital and physical security risks.
Key Moments:
06:37 Letting Go of Old Memories
15:12 Refueling Spill Risks Concern Technicians
17:37 Understanding Risks Beyond Fear
23:24 Internet Exposure Risks for OT Devices
32:17 Global Cyber Incident Response Challenges
35:30 Legacy System Challenges
39:19 Unidentified Cyber Assets Risk
48:41 "Understanding the Apocalypse Project's Challenges"
49:31 Testing System Vulnerabilities at Scale
55:12 Tech Vulnerabilities Analogous to Y2K
01:03:08 Challenges in OT Modernization
About the Guest:
Pedro Umbelino currently holds the position of Principal Research Scientist at Bitsight Technologies and brings over a decade of experience in dedicated security research.
His eclectic curiosity has led to the uncovering of vulnerabilities spanning a gamut of technologies, highlighting critical issues in multiple devices and software, ranging from your everyday smartphone to household smart vacuums, from the intricacies of HTTP servers to the nuances of NFC radio frequencies, from vehicle GPS trackers to protocol-level denial of service attacks.
Pedro is committed to advancing cybersecurity knowledge and has shared his findings at prominent conferences, including Bsides Lisbon, DEF CON, Hack.lu and RSA.
How to connect Pedro : LinkedIn: https://www.linkedin.com/in/pedroumbelino/
PrOTect It All
Welcome to "PrOTect It All," the podcast where we peel back the layers of cybersecurity to reveal the core strategies, challenges, and triumphs of protecting our digital and operational landscapes. We're thrilled to have you on board for an upcoming episode! Your insights and experiences are invaluable to our listeners who are eager to learn and engage with the leading minds in IT and OT security.
As we gear up to dive into conversation, please feel free to share any specific topics or stories you'd like to discuss. Our audience appreciates both the technical deep-dives and the high-level overviews, so bring your unique perspective, and let's make cybersecurity accessible and engaging together.
Thank you for joining us on this journey to foster a more secure future. We can't wait to hear your voice on the "PrOTect It All" podcast!
