Cyber Senate Podcast

ERTMS Unit Project Officer for European Union Agency for Railways discusses Cybersecurity with Cyber Senate at the 10th annual Rail Cybersecurity UK EU conference in London 2024. Learn more at www.railcybersecurity.com or www.cybersenate.com#railcybersecurity

A interview with Joseph Mager, Deputy CISO, NS Cybersecurity for NS Rail Netherlands. This interview took place at the Cyber Senate Rail Cybersecurity UK EU Summit in London 2024. www.railcybersecurity.com or www.cybersenate.comTwo main topics that rail sector professionals consider their biggest challenges:NIS 2 legistlation and Supply Chain Risk ManagementWe hope you enjoy this interview as much as we did working with NS Rail.

Cyolo recently presented at the Rail Cybersecurity UK EU conference 2024 in London. Their presentation was highly valued, "Securing and Simplifying Privileged Remote Operations in the Rail Industry"In this interview they discuss why their solution is a great fit for the rail sector. Their presentation touched on the following points:Understand how traditional IT remote access and PAM solutions cannot effectively secure operational technology environmentsLearn from the experience of other industry peers in CNI and manufacturing how best to provide simplified yet secure remote accessUnderstand how best of breed Remote Privileged Remote Access does not require the cloudUnderstand the challenges being faced by Critical National Infrastructure providers securing access to privileged environments

Cracking the code for cybersecurity, interview from the Rail Cybersecurity UK EU 10th annual conference, with Johannes Emmelheinz, CEO Siemens Mobility Customer ServicesCracking the code for cybersecurity Legislation, such as NIS2, the Cyber Resilience Act and other national cyber regulation, require cybersecurity to be sustained actively by the rail industry.This challenge must be managed by suppliers, integrators and operators jointly with automated, coordinated work processes which are supported by tools adapted to the assets.The presentation will provide an overview of Siemens Mobility's comprehensive approach to increase the resilience of its customers.Presented through practical examples such as cloud security, vulnerability monitoring and management with decision support for the operators, security monitoring and incident response.

Cyber Senate had the privilige of having Dr. Andreas Hamprecht, CIO/CDO DB Regio AG join us as a presenter and speaker at the Rail Cybersecurity UK EU conference in London 2024. Here is an extract of an interview our team did with him at the event. We hope you enjoy his insight as much as we enjoyed hearing it and working with him. 

Cyber Senate Jamison Nesbitt speaks to Stefan Liversidge, OT SME of Fortinet UK about their recent presentation on the 10th annual Control Systems Cybersecurity UK EU conference in November 2023 in London UK. OT trends typically follow IT and that's a theme we have seen over the past couple of decades. As we look to improve Cyber Security maturity into OT then we see this trend continuing and so we start to see requirements building for Zero Trust in OT environments. To many the deployment of zero trust in OT sounds a daunting task and we start to see a fear of the unknown leading to resistance and a resulting fall back to classical approaches to securing OT environments.In this presentation we will explore zero trust as a methodology and what a roadmap for zero trust adoption looks like.Stefan LiversidgeSystems Engineer, OT Subject Matter Expert, Fortinet

As defenders, how are we implementing controls and how do we do it better? Join Jamison Nesbitt and Stefan Liversage for this educational, thought provoking and controversial conversation.The fundamentals are simple; patching, segmentation, malware controls, visibility – but what we are trying to achieve is no easy feat when you look to dismantle more than 20 years of ad hoc OT security measures as there is still risk during the implementation phase.Key points to be discussed:Technical controls / process and peoplePoor visibility (automation)Organisational structure to support OTManage risk fasterContain threats quickerMinimise impactGreen field vs brown fieldSkills from the ground upManaged servicesManaging multiple streams of activityIterative, agile process, we learn, we move forwardRapid threat containment

Cyber Senate had the privilege of catching up with Willi Nelson, CISO, Operational Technologies, Fortinet to discuss their forthcoming presentation on Cyber Preparedness September 29-30th in Celebration Florida, for the 9th annual Control System Cybersecurity USA conference.  Large or small, cyberattacks are making headlines and elevating executive attention toward cyber resiliency. Preparing for, responding to and recovering from cyberattacks should be a strategic part of any business continuity plan. As recent cyberattacks have demonstrated increased risk to both IT and operational technology (OT) environments, readiness equates to enforcement of rules and policies that provide the visibility, control and situational awareness to respond at the speed of business.  Cybercriminals are maximizing their opportunity by exploiting older vulnerabilities and an expanding attack surface. Strategic readiness should be underpinned with the notion that eventually an attack will happen, and when it occurs, you are proactively ready to respond. During this session, we will explore security considerations for developing cyber resilience covering security fundamentals and readiness planning to protect your IT and OT environments.Willi joined Fortinet as the CISO for Operational Technology in August 2022. He brings more than 25 years of experience in Information Security working across industry verticals such as Healthcare, Telecom, Financials, Manufacturing, and Life Sciences. Most recently with GlaxoSmithKline (GSK), he established and directed the Global OT Infrastructure Security team charged with monitoring and protecting the OT assets for GSK. Globally, the team deployed 43 additional controls across the OT landscape assessed against NIST CSF and aligned business units to embrace a unified model for security, incident response, and risk reporting. During Willi's tenure, he also oversaw the creation of the Security Organization and the Global Cyber Defense team for GSK's Consumer Health startup (now called Haleon). Beyond building and leading the OT and Consumer Health security teams, he led the security team responsible for Cloud transformation for both IT and OT. Willi relies on a pragmatic and systematic approach to achieve company goals while also maturing the organizations and teams he leads. Willi is a graduate of Rockhurst University in Kansas City, MO, USA and holds a CISSP (Certified Information Security Professional) certification in good standing. Willi lives in NW Arkansas with his family. He's an avid outdoorsman, cyclist, woodworker, and veteran.

Cyber Senate recently had the opportunity to catch  up with Rick Peters, CISO, Operational Technology North America with Fortinet, to discuss their involvement in the rail sector, how they are helping and to elaborate further on their planned presentation for the May 12/13th conference Rail Cybersecurity USA in Arlington VA. www.railcybersecurityusa.com Mr Peters will be discussing "Safe Available Secure: Five Essentials to Keep the Rail Sector on Track."Like many industrial environments, rail systems have been in operation for decades.  Keeping services on time and available, along with providing safety to passengers and cargo have been a staple.  As rail systems add digital or cyber connectivity to their environment, they introduce efficiency gains but also take on risk.In late 2021, new cybersecurity guidelines for rail transit were introduced to shore up critical infrastructure following a year of headlines regarding ransomware attacks.  There are five cybersecurity essentials important for keeping rail systems on track to maintain safe, available and secure services.  During this session, we will explore how you can innovate securely by incorporating these principles into your cybersecurity strategy including:·         Balancing modernization priorities such as Safety and Reliability, Ease and Comfort, Smart Transportation, and Customer Experience·         Understanding known and unknown vulnerabilities worthy of immediate attention·         Integrating and controlling access to the digitally connected IT and OT systems·         Investing in a cybersecurity framework to support a distributed architecture·         Recognizing cybersecurity is a team sport and partnerships matterRick brings the Fortinet OT-CI team more than 37 years of cybersecurity and global partnering experience working across foreign, domestic, and commercial industry sectors at the National Security Agency (NSA).  As Fortinet's Operational Technology North American CISO, he delivers cybersecurity defense solutions and insights for the OT/ICS/SCADA critical infrastructure environments.  Prior to Fortinet, Rick led development of cyber capability across Endpoint, Infrastructure, and Industrial Control System technologies at the agency.  Previously, Rick also served as an executive leader supporting the Information Assurance Directorate at the NSA.  Earlier in his career, he served in a broad range of leadership and Engineering roles including Chief of Staff for the NSA Cyber Task Force and a 5-year forward liaison charged with directing integration of cyber and cryptologic solutions for U.S. Air Force Europe, Ramstein AFB, Germany.

Cyber Senate discuss 'Sustainable Cybersecurity over the Complete Life-Cycle for Rail' with Christian Paulsen, Product and Solution Security Officer at Siemens, sponsors of the Rail Cybersecurity USA conference February 9/10th online. www.railcybersecurityusa.com Christian drives protecting Mobility portfolio elements against cyber threats. With more than 20 years of experience in rail and utility business he understands the needs of transport customers managing cybersecurity risks along the complete lifecycle of their assets. His background in telecommunication, SCADA and security systems as well as process and project management helped him defining the governance and guidance standards applicable throughout Siemens Mobility.Christian is Chair of the Cybersecurity group of the European Rail Industry and active with the European Rail ISAC.Christian's presentation on February 9th:The advance and benefits of digitalization in the transport sector and the related need for cybersecurity is undisputed. Operators face new threats and new laws and define new requirements for cybersecurity. These requirements not only take technical implementations into consideration, but also processes and the inclusion of all internal and external stakeholders along the lifecycle of a transportation system. In the presentation our expert gives you an overview over communalities and differences in approaching cyber risk management worldwide. He will share best practices and actionable approaches to secure the rail operation and assets.

Supply Chain Cybersecurity Cyber Senate Control Systems Podcast with Industrial Defender.Cyber Senate were pleased to catch up with Jeremy Morgan, Principal Risk and Solutions Consultant at Industrial Defender to discuss the panel theme "Supply Chain Cybersecurity" that will take place March 29-31st online for the Cyber Senate Control Systems Cybersecurity Conference 2021 EST. www.industrialcontrolcybersecusa.com In his role at Industrial Defender, Jeremy helps ICS asset owners build a strong foundation to apply security controls in OT environments. With a diverse career spanning compliance management at a utility to cybersecurity product management for a major OEM, Jeremy has over 20 years’ experience in IT and OT cybersecurity.You can learn more about Industrial Defender at https://industrialcontrolcybersecusa.com/virtualeventsponsorsPanel: Supply Chain Risk and Maturity30-03-2021, 15:30 - 16:10Supply Chain Cyber Security is taking center stage and is our biggest risk.-Are we identifying risk in the supply chain?-How are we doing this and if not how can we improve?-Information Sharing on supply chain threats, common practices, challenges and ways we can improve-How can we more effectively build trust with our suppliers and industry peers?-How can we better communicate supply chain risk?-Sourcing and Procurement - how can we better communicate cyber risk contractually and move away from the 'break and fix' model with our suppliers-Lets look closer at how vendors, infosec leaders and engineering are working -together in ensuring security of OT products

•Building a Framework and the 4 why's and How •Identifying critical assets•What are we seeing, day to day •Understanding your tools and user awareness •Identifying risk prior to stopping threats •APT EducationPanellists include Noureen NjorogeCISCOCybersecurity Threat Intel Engineer(now Director of Global Cyber Threat Intelligence at Nike)Jacob Benjamin, PhDDragosPrincipal Industrial Consultant

Panel: “CIA” – confidentiality, integrity, and availability versus Safety and Reliability"James Nesbitt Cyber Senate DirectorGuido Villacis EDF Technical Client Organisation I&C Cyber Security Lead, PWR TechnologyGeorge Bearfield Rock Rail Health & Safety DirectorMichael H Firstenberg Waterfall Security Solutions Director of Industrial SecurityAndreas Klien OMICRON electronics GmbH Head of Business Development Power Utility Communication

Digital Transformation, Automating OT: Our Biggest ChallengesAndy Powell Maersk Chief Information Security OfficerDiscussion includes:Instrument OTAutomation of ProcessControlling Device Identities

Cyber Senate discusses confidentiality, integrity, and availability versus Safety and Reliability with Michael Firstenberg, Waterfall Security Solution's Director of Industrial Security. Mr Firstenberg will be moderating and contribution to a Panel Discussion on November 4th with the Cyber Senate for the 7th annual Industrial Control Cybersecurity Europe online conference 2020. Mike Firstenberg is the Director of Industrial Security for Waterfall Security. Mike brings almost two decades of experience in Control System Security, specializing in Control System Cyber Security. With a proven track record as a hands-on engineer - researching, designing, and implementing strategic security solutions, Mike has an established background working with governmental institutions, regulatory authorities, and industrial utilities. The former chair of the American Water SCADA Council, Mike studied Computer Science, Chemical Engineering, and Mathematics at the University of Pennsylvania, and has served as a speaker and panelist at numerous conferences and events.Waterfall Security Solutions is the global leader in industrial cybersecurity, protecting critical industrial networks since 2007. Our mission is to revolutionize how entire industries protect physical assets and industrial processes from cyber attacks. Waterfall’s patented, unidirectional products enable safe IT/OT integration, remote monitoring and diagnostics, cloud connectivity and tamper-proof forensics, without the vulnerabilities that always accompany firewalled connectivity. The company’s growing list of customers includes national critical infrastructures and utilities, power plants, nuclear plants, water and wastewater systems, offshore platforms, refineries, pipelines, pharmaceutical, chemical and manufacturing plants, and many more. Deployed world-wide, Waterfall products support the widest range of industrial and remote monitoring platforms, applications, databases and protocols in the market. As a global leader in industrial control system security, Waterfall contributes routinely to national and international standards, best practice guidance and control system security educational programs. As a result, our products are widely recognized as simplifying compliance with security regulations, standards and best practices. https://www.waterfall-security.com

AI, machine learning and big data analytics are creating a new paradigm for OEM's, but how are they ensuring safety, reliability and cyber security of real time data access, data in transit, cloud, on board control systems and control centers?As rolling stock business models change with the introduction of new technology, digitisation and big data solutions, implementation of IoT or the "The Internet of Trains," enables the consolidation of large volumes of data with business processes and IT systems, creating rolling stock data centers in their own right. With new service offerings for predictive maintenance, condition monitoring, passenger information systems and a plethora of onboard connected sub systems on the rise, bundled data from the vehicles, the infrastructure, and the operations are just the beginning. Do railway organisations understand the value of staying in control of the rolling stock data and do they understand the cyber security implications of digitised assets when considering costs in new assets and refurbishment of older systems?We will dive deeper into Rolling Stock Data Centers in our new webinar, providing insight into the cyber security considerations around new business models, challenges and what we need to consider during design and implementation

The digitisation of the rail sector continues to evolve at an unprecedented rate, as innovation and the implementation of new technologies to enhance services and customer experiences hail in a new era of connected rail travel. Whilst digitisation improves efficiencies, it also extends the attack surface for cyber security incidents across the enterprise.Cloud computing technology is a key business driver, enabling the sharing of railway information resources, improving the capacity of information processing. However, cloud security monitoring remains a barrier to the full realisation of Cloud’s capability. Deploying security monitoring tools, virtualisation and configuration of event management tools in dynamic environments are just a few of the challenges rail security professionals are grappling with on a daily basis, as well as how security information is shared and how we effectively collaborate within a shared infrastructure. Join the Cyber Senate as we dive deeper into the key discussion on Security Monitoring for Cloud Services, as we address best practices in ensuring the confidentiality, integrity and availability of cloud computing for the rail network.You can join our Rail Cyber Security SME Group hereAreas of discussion include:How can we gain full visibility to monitor for potential security flaws and vulnerabilities in a multi-tenant architecture?How can we gain strict controls over data at all endpoints?How can we better identify patterns and pinpoint potential security vulnerabilities?Reliability and performance: How can we ensure it is not impacted by security?A look at Cloud-wide intrusion and anomaly detection systemsSecurity monitoring collaborationHow can we provide more timely information on attacks, vulnerabilities and incident

The Cyber Senate interviews Markus Alexander Wischy Hernandez, Head of R&D IT Security at Siemens Mobility, about their forthcoming presentation for the 5th annual Rail Cyber Security Summit in London February 18/19th 2020. The presentation is entitled "Achieving IEC 62443-3-3 Security Level 3 for Rail Automation Systems." The talk will focus on the strategy achieving IEC 62443-3-3 Security Level 3 compliance for a country-wide, fully digitalized rail automation system. Topics are the current status of standardization, the required central security services and outlook for the protocols required to achieve interoperability. Additionally, the application of this strategy in a large rail-automation infrastructure project is presented at the conference.This topic would bring together various points:· Technical security systems and communication protocols· Standardization, also aiming at the work that is currently done within Shift2Rail IT-Sec Working Group and an overall move of the sector to IEC 62443 compliance.Markus Alexander Wischy Hernandez Siemens MobilityFor more information visit www.railcybersecurity.com

Podcast: Cyber Senate PodcastEpisode: Industry 4.0: Cyber Securing Legacy Systems across the BusinessEpisode pub date: 2019-08-01Cyber Senate discusses Industry 4.0: Cyber Securing Legacy Systems across the Business with Andrew Kling, Director Cybersecurity and Software Practices, Schneider Electric. Andrew has been one of our guest speakers on our Industrial Control Cybersecurity USA conference for several years and brings a wealth of information to our community of subject matter experts. In this podcast, Cyber Senate and Andrew Kling dive deeper into the new ISA Global Strategic Alliance and what the means for the industry, supply chain and IoT cybersecurity, the transfer of risk across global businesses and how our perception and culture are changing to mitigate evolving cyber threats. The podcast and artwork embedded on this page are from James Nesbitt, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

The Cyber Senate welcome special guest, Chris Kubeck, CEO of Hypasec, who will be speaking on our 3rd annual Aviation Cybersecurity Summit in London on November 5/th and 6th. www.aviationcybersec.comHer presentation: More Than Turbulence- Aviation Software Vulnerabilities & ExploitationIntroductions to the challenges of modern aviation and technologyMaintenance and asset managementFAA requirements and recalls -Weaknesses in exposure of various parts databases - Lack of required security testing by FAA on maintenance software Software utilized in a modern airframe -Explanation of what types of software is in use on both planes and weight balancing Buffer overflows, the FAA requires memory checks to ensure they stay within hardware operating parameters. But, no full boundary checks. Explanation of current challenges: F35a has buffer overflow issues requiring a manual reboot of the flight computer, in-flightGate logic doesn't equal good code or secure code: explanation of how the software is written whilst pointing out memory leaks, incompatibility with ease of patching unless substantial downtime (except the 787) and the lack of any security testing for any aviation software on a plane.Exposure of various airframe manufacturer systems.Exposure of various airport ticketing and maintenance systems

Cyber Senate Podcast with Lyzia van Iterson, Information Security Leader, Fluor Corporation.Lyzia is a creative and digital leader helping companies to develop a better picture of their InfoSec posture and define and execute strategies to improve and transform their Infosec capabilities. In May 2016 he joined Fluor, one of the world's largest engineering, procurement, fabrication, construction and maintenance companies to provide information security oversight and implement the roadmap to align the information security capabilities a then recently acquired subsidiary. Prior to that he worked for a number of internationally operating companies including a large Dutch retail bank, defining their future vision for Identity and Access Governance, ran a program to digitally transform a Dutch based fashion company and develop and implement the information security program for Dutch multinational Numico (now part of Groupe Danone)