Your lights are on, your car runs, because industrial systems work 24/7 to keep our lives ticking. But what happens when those systems—the very pillars of modern society—are threatened?
Hosted by Nate Nelson and Andrew Ginter, The Industrial Security Podcast takes a deep-dive into the most pressing emerging issues in SCADA technologies today. But don't just take our word for it: each new episode of the show features a leading voice in the world of industrial control systems security. You'll hear from executives, engineers, researchers and more, each with their own unique take on what's wrong with how we do things today, and how to fix it.
ICS security is complicated. Here is where it all comes together.
All content for The Industrial Security Podcast is the property of PI Media and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
Your lights are on, your car runs, because industrial systems work 24/7 to keep our lives ticking. But what happens when those systems—the very pillars of modern society—are threatened?
Hosted by Nate Nelson and Andrew Ginter, The Industrial Security Podcast takes a deep-dive into the most pressing emerging issues in SCADA technologies today. But don't just take our word for it: each new episode of the show features a leading voice in the world of industrial control systems security. You'll hear from executives, engineers, researchers and more, each with their own unique take on what's wrong with how we do things today, and how to fix it.
ICS security is complicated. Here is where it all comes together.
Yes the device has to be safe to use on patients, and yes it has to produce its results reliably, but patient / data confidentiality is also really important. Naomi Schwartz of Medcrypt joins us to explore the multi-faceted world of medical device cybersecurity - from MRI's to blood sugar testers.
If you can touch it, you can hack it, usually. And having hacked it, you can often more easily find exploitable vulnerabilities. Marcel Rick-Cen of Foxgrid walks us through the basics of hacking industrial hardware and software systems.
Asset inventory, networks and router / firewall configurations, device criticality - a lot of information. How can we USE this information to make useful decisions about next steps to address cyber risk? Vivek Ponada of Frenos joins us to explore a new kind of OT / industrial digital twin - grab all that data and work it to draw useful conclusions.
We don't have budget to fix the problem, so we accept the risk? Tim McCreight of TaleCraft Security in his (coming soon) book "I don't sign s**t" uses story-telling to argue that front line security leaders should not be accepting multi-billion dollar risks on behalf of the business. We need to escalate those decisions - with often surprising results when we do.
NIS2 legislation is late in many EU countries, and the new CRA applies to most suppliers of industrial / OT computerized and software products to the EU. Christina Kiefer, attorney at reuschlaw, walks us through what's new and what it means for vendors, as well as for owner / operators.
Hundreds of subsystems with the same IP addresses? Thousands of legacy devices with no modern encryption or other security? Constant, acquisitions of facilities "all over the place" network-wise and security-wise? What most of us need is "network duct tape". Tom Sego of Blastwave shows us how their "duct tape" works.
Safety defines cybersecurity - Kenneth Titlestad of Omny joins us to explore safety, risk, likelihood, credibility, and deterministic / unhackable cyber defenses - a lot of it in the context of Norwegian offshore platforms.
How did they get in? How did we find them when they got in? What can we do in future to clean up the mess faster? Chris Sistrunk reflects on a decades' industrial cyber incident response experience at Mandiant (Google).
Asset inventory tools have become almost ubiquitous as main offerings or add-ons to OT security solutions. In this episode, Brian Derrico of Trident Cyber Partners walks us through what it's like to use these tools - different kinds of tools in different environments.
Industrial incidents can be cyber attacks, or equipment failures, or physical equipment leaking product because of metal fatigue or incorrect welds. OT incident responders need to know a lot. Doug Leece of Enbridge explores what is OT incident response and what you look for recruiting people into that role.
For safety-critical operations or for critical national infrastructures, would you rather base your system on a code that people have tested as best they can, or would you rather base your system on a platform that has been proven correct? Daly Brown and Nick Foubert of Metropolitan Technologies look at a new approach to designing OT systems.
Most of us struggle to get funding for industrial cybersecurity. Ian Fleming of Deloitte explains how - because cybersecurity is essential to sustaining the value of industrial assets - how we can embed up to 20 or 30 years of cybersecurity budget into capital plans, rather than fight for budget every year.
Nation state threats are often portrayed as the "irresistible forces" of cyber threats, with little qualification. Joseph Price of Deloitte joins us to dig deeper - what are nation states capable of, what are they up to, and how should we interpret the information that is available to the public?
Security automation needs a machine-readable vulnerability database. Carmit Yadin of Device Total joins us to look at limitations of the widely-used National Vulnerability Database (NVD), and explore a new "data science" alternative.
Tomomi Aoyama translated the book Countering Cyber Sabotage - Consequence-Driven, Cyber-Informed Engineering - to Japanese. Tomomi recalls the effort of translating CCE to Japanese and looks forward to applying CCE and OT security principles to industrial cloud systems at Cognite.
Compromise a cloud service and tens thousands of vehicles can be affected at once. Matt MacKinnon of Upstream Security walks us through the world of cloud security for connected vehicles, transport trucks, tractors, and other "stuff that moves."
The bad guys keep getting better at what they do, and so must we defenders. Gary Southwell of Aria Cyber joins us to look at using AI to get ahead of constantly-changing malware.
The CIS Top 18 is widely used in IT, and Jack Bliss of 1898 & Co. has adapted that list for OT/industrial, adding a lot of industrial context and lists of related OT-centric tools and technology.
Airports really are small cities. Eric Vautier, CISO of all 3 Paris airports looks at what is an airport and how are thousands of airports changing because of NIS2 and the regulatory environment more generally.
Ransomware is the most common cyber attack causing OT outages - all Windows machines encrypted. What if we could "press a button" and have everything working again in seconds or minutes? Alex Yevtushenko of Salvador Technologies joins us to look at new technology for rapid recovery.
Your lights are on, your car runs, because industrial systems work 24/7 to keep our lives ticking. But what happens when those systems—the very pillars of modern society—are threatened?
Hosted by Nate Nelson and Andrew Ginter, The Industrial Security Podcast takes a deep-dive into the most pressing emerging issues in SCADA technologies today. But don't just take our word for it: each new episode of the show features a leading voice in the world of industrial control systems security. You'll hear from executives, engineers, researchers and more, each with their own unique take on what's wrong with how we do things today, and how to fix it.
ICS security is complicated. Here is where it all comes together.
