Something sinister is stirring in the systems…
In this Cyber Brews Halloween Special, we dive into the true story behind one of the most chilling cyber incidents in industrial history the Triton malware attack.
What began as a routine night in a control room turned into a digital nightmare, when rogue code infiltrated safety systems designed to prevent catastrophic industrial accidents.
With a Halloween twist, “Ghost in the Control Room” explores how a few hidden lines of code nearly turned a secure facility into a scene of chaos — and what this haunting real-world case teaches us about human error, resilience, and the invisible forces moving through our networks.
So grab your favourite brew, turn down the lights and settle in for a Halloween Special.
Series 2 – Episode 6!
This month’s brew takes a fresh look at the latest updates in IEC 62443-2-2:2025 — The standard that sets out requirements for industrial automation and control system security programs.
If that sounds a bit dry, don’t worry — we’re serving it up in plain English, with a dash of Dave & Chris -style "banter".
In this episode, we break down what’s new in the revised standard, why it matters, and how these changes impact organizations looking to strengthen their OT security posture.
Key topics on tap this month include:
So grab your favourite brew and join us as we try to make sense of the updates in the new IEC 62443-2-2:2025 — hopefully without the headache.
Series 2 – Episode 5!
Cyber Brews: IEC-62443 Security Levels, Simplified?This month’s brew tackles the industrial cybersecurity standard that everyone talks about — but few really get: IEC 62443. If you’ve ever felt lost in a sea of FRs, SRs, and SLs, you’re not alone. We’re here to break it down, coffee (or pint) in hand.
In this episode, we unpack the core components of IEC 62443 — from Foundational Requirements (FRs) to Security Levels (SLs) — and explore what they actually mean for real-world OT environments.
Key topics on tap include:
So whether you’re just getting into IEC 62443 or trying to explain it to someone else without inducing a yawn, this episode’s for you.
Grab your brew of choice and join us as we demystify the standard — one security level at a time.
Series 2 – Episode 4!
Cyber Brews: Trust No One, Verify Everything (Zero Trust)
This month’s brew dives into a game-changing security model that’s making waves in both IT and OT: Zero Trust. Forget the old perimeter mindset — in this episode, we explore why trust is no longer a security strategy, especially when it comes to protecting critical industrial systems.
We kick off with a breakdown of what Zero Trust actually means, where it came from, and why it’s become essential in the world of Operational Technology. As OT and IT networks continue to converge, the traditional “trust but verify” approach just doesn’t cut it anymore.
Key topics on the table include:
Why OT environments need Zero Trust now more than ever.
How to apply Role-Based Access Control, Network Segmentation, MFA, and Continuous Monitoring in industrial settings.
The real-world benefits of Zero Trust: from reduced insider threats to better compliance and resilience.
Common challenges and how to start making progress, even in complex legacy environments.
So grab your favourite brew and join us as we unravel how Zero Trust could secure the future of OT — one segment, one policy, one verified connection at a time.
Series 2 - Episode 3!
Cyber Brews: CEOs meet CyberThis time, we’re flipping the script and taking cybersecurity straight to the top. That’s right — we’re talking senior management and the critical questions they need to be asking when it comes to protecting Operational Technology (OT).
In this episode, we unpack the essential governance-level questions that help leaders understand their organization's cyber risk posture.
From assessing the cyber threat landscape to defining roles and responsibilities the various teams, we dive into the high-level decisions that can make or break your organization’s resilience.
We will cover topics like:
So grab your favourite brew and join us as we arm the boardroom with the right questions to protect the control room.
Series 2 - Episode 2!
Lets get Physical, Physical. I wanna get Physical...
In this episode, we delve into the critical interplay between physical security and cyber security within Operational Technology (OT) environments.
In this months episode we discuss the importance of well-defined physical security policies, robust perimeter controls, and effective access management to protect sensitive areas and critical assets.
Key topics include establishing security perimeters, entry controls, and physical segmentation, along with the roles and responsibilities of personnel in maintaining these security measures.
We discus the need for a unified approach that integrates physical and cyber security strategies, ensuring that both realms work in harmony to protect against threats from all angles.
So as always grab your favourite brew and join us for another episode of Cyber Brews!
Welcome everybody to Series 2 of Cyber Brews the series that tries to make OT Cyber–Security Interesting!!
In this episode of Cyber Brews, we take a deep dive into the biggest cybersecurity stories we covered in 2024.
From shocking insider threat statistics to the evolving tactics of ransomware groups like Ransomhub, we break down the key trends shaping the cyber landscape.
We also revisit wild stories like the Dieselgate scandal, hackers targeting air-gapped systems, and even how lava lamps and internal door pass-codes played a role in security breaches.
Plus, we explore the unexpected collaboration between Western hackers and Russian organised crime groups.
So grab your brew and join us for a recap you won’t want to miss!
Welcome to the Final Episode of the Year—Episode Six!
In this closing episode of 2024, we dive into the critical topic of management of change (MoC) in the context of OT cybersecurity.
We kick things off with a look at the iconic failure of the Empire's Death Star and explore how its downfall can teach us valuable lessons for managing change in operational technology environments.
In this Episode we cover:
Join us as we uncover the complex layers of OT cybersecurity, the importance of thorough risk assessments, and the real-world impacts of implementing robust change management strategies.
Thank you for tuning in throughout 2024. We wish you a Merry Christmas and look forward to bringing you Series 2 of the Cyber Brews Podcast in 2025, with even more exciting episodes planned!
Welcome to Episode Five of Our Podcast!
In this episode, we dive into the critical topic of Risk and Consequence in the context of OT cybersecurity. Here, we share our insights on cyber risks and the potential consequences organisations face.
In This Episode, We Cover:
Risk Assessment Basics: We discuss the foundations of cyber risk assessments, focusing on identifying deviations from normal operations and exploring key concepts like "attack vectors" and the "kill chain."
Example Incident: We examine the CrowdStrike case to understand how OT risk assessments account for insider threats and unintended consequences.
Likelihood and Attack Types: We look at the frequency and variety of cyber threats, considering how risk changes based on the type of attacker, from disgruntled employees to bot-driven attacks.
Mitigation Strategies: We wrap up with a look at prevention versus mitigation, discussing ways to prioritize actions and implement these countermeasures despite the challenge of quantifying cyber risks.
Join us in exploring the complex layers of OT cybersecurity risk assessments and the real-world impacts of these measures.
Thank you for tuning in, and don’t forget to rate our podcast as we continue our journey through the world of OT cybersecurity!
Episode Four - NIS2 Unveiled: The Future of Cyber security Compliance.
Welcome to Episode Four of our podcast! In this podcast episode, we delve into the NIS2 directive, which aims to enhance cyber security resilience in critical sectors across the European Union & and maybe even some of the UK!
Investigate the facts behind the directive:
Join us as we uncover the Expanding layers of OT cybersecurity and the adventures of NIS2.
Thank you for tuning in to our exploration of OT cybersecurity and don't forget to rate our podcast!
We made it to Episode Three - Revenge of the OCG - Unveiling the Dark World of Organized Crime Groups in OT Cybersecurity.
Welcome to Episode Three of our podcast! In this gripping episode, we dive deep into the shadowy realm of Organized Crime Groups (OCGs) within the Operational Technology (OT) sector. Discover the secrets behind:
Join us as we uncover the hidden layers of OT cybersecurity and the relentless threats posed by OCGs. Don’t miss this eye-opening episode!
Thank you for tuning in to our exploration of OT cybersecurity!
Our second episode (Woo), we dive into the topic of 'Creating a cyber security culture'.
In this episode we look at how Cyber security is not just technical fixes.
A cyber security culture is as important as it reflects the actions of the human which is normally the weakest link.
This episode looks at:
• What culture is
• Organisational barriers
• Developing a good cyber security culture
Cyber Brews looks to take the topic of cyber security in the OT domain and break it down into sizable chunks.
This is our first episode (We are excited) dives into the Topic of cyber security ransomware in the OT industry. Join us as we explore the challenges, strategies, and solutions to safeguard critical infrastructure.
