Podcasts about Critical infrastructure

Podcast: Bites & Bytes PodcastEpisode: Hiring for the Frontlines of Critical Infrastructure with Nathaniel SmithPub date: 2025-07-08Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWhat does it take to build a cybersecurity workforce capable of protecting the systems that keep the lights on and food on our plates? In this episode, host Kristin Demoranville is joined by Nathaniel Smith, Co-Founder and VP at SR2, a purpose-driven recruitment firm. Nathaniel, who specializes in hiring OT/ICS, brings over 14 years of recruiting experience and a refreshing dose of honesty to the challenges of hiring in critical infrastructure. Together, they explore what makes a strong Operational Technology (OT) candidate, why culture fit matters as much as technical skills, and how broken hiring processes often keep the best people out. For sectors like food and agriculture, where operational technology is directly tied to safety, production, and public trust, getting the right people into the right roles isn't just important. It's essential. --------------- Show Notes: Mike Holcomb's Episode (here) SEC Ruling on Disclosure of Cyber Incidents (here)

Also - row erupts in Belfast City Hall over Pride stained glass window installed in May

Tanya Janca joins the show this week, with unique perspective on building secure software and advocating for better cybersecurity policy.George K and George A talk to Tanya about: Her transition from 14 years as a Canadian public servant to private sector entrepreneurship The core values that guide her work: performing good and moving the industry toward secure software Entrepreneurship since age 19: solving real problems that hurt badly enough for people to pay Civil advocacy for security by design policies and challenging inadequate government cybersecurity practicesTanya's perspective on building businesses around genuine problem-solving rather than just seeking acquisition or wealth creation offers valuable insights for any founder. Whether you're interested in secure coding, entrepreneurship, or how to advocate for better cybersecurity policy, this episode delivers actionable insights from someone who's been in the trenches and made real impact.Mentioned: The Eh List: https://ehlist.org/ Forte Group: forte-group.org/home-our-mission Tanya's petition: https://www.ipetitions.com/petition/secure-canadas-future Tanya's Secure Coding Guideline: newsletter.shehackspurple.ca/c/secure-coding-guideline

What does the future of enterprise networking really look like?   In this episode, Extreme Networks' Chief Product & Technology Officer Nabil Bukhari joins Craig to explore how AI, autonomous agents, and platform thinking are transforming the core infrastructure of modern businesses.   From managing mission-critical networks to building agentic systems that collaborate, troubleshoot, and scale autonomously - this is a deep dive into how connectivity is being redefined from the ground up.   Whether you're a tech leader, CIO, product builder, or simply curious about how infrastructure evolves, this conversation reveals where the enterprise is headed next.   Check out Extreme Networks: https://www.extremenetworks.com/   Stay Updated: Craig Smith on X: https://x.com/craigss Eye on A.I. on X: https://x.com/EyeOn_AI   (00:00) Preview (01:02) Introducing Nabil Bukhari & Extreme Networks (05:24) Why Global Connectivity Is Still Accelerating (07:54) How Enterprise Data Flows Across Modern Networks (12:34) Networking for AI vs. Built-in AI (14:12) Platform One & Agentic AI Systems Explained (21:20) Human-in-the-Loop, Over-the-Loop, and Above-the-Loop (23:35) Why AI Guardrails Must Be Baked into the Architecture (27:33) Introducing the ARC Framework (31:15) Persona-Based Interfaces for NetOps, CFOs & CMOs (33:25) The Problem with Chatbots (36:06) Enterprise vs. Public Networks (38:38) Global Connectivity Infrastructure & Use Case Variability (44:29) How Secure and Resilient Are Enterprise Networks? (52:24) In-House AI for Critical Infrastructure

CISA warns organizations of potential cyber threats from Iranian state-sponsored actors.Scattered Spider targets aviation and transportation. Workforce cuts at the State Department raise concerns about weakened cyber diplomacy. Canada bans Chinese security camera vendor Hikvision over national security concerns.Cisco Talos reports a rise in cybercriminals abusing Large Language Models. MacOS malware Poseidon Stealer rebrands.Researchers discover multiple vulnerabilities in Bluetooth chips used in headphones and earbuds. The FDA issues new guidance on medical device cybersecurity. Our guest is  Debbie Gordon, Co-Founder of Cloud Range, looking “Beyond the Stack - Why Cyber Readiness Starts with People.” An IT worker's revenge plan backfires. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment, Debbie Gordon, Co-Founder of Cloud Range, shares insights on looking “Beyond the Stack - Why Cyber Readiness Starts with People.” Learn more about what Debbie discusses in Cloud Range's blog: Bolstering Your Human Security Posture. You can hear Debbie's full conversation here. Selected Reading CISA and Partners Urge Critical Infrastructure to Stay Vigilant in the Current Geopolitical Environment (CISA) Joint Statement from CISA, FBI, DC3 and NSA on Potential Targeted Cyber Activity Against U.S. Critical Infrastructure by Iran (CISA, FBI, DOD Cyber Crime Center, NSA)  Prolific cybercriminal group now targeting aviation, transportation companies (Axios) U.S. Cyber Diplomacy at Risk Amid State Department Shakeup (GovInfo Security) Canada Bans Chinese CCTV Vendor Hikvision Over National Security Concerns (Infosecurity Magazine) Malicious AI Models Are Behind a New Wave of Cybercrime, Cisco Talos (Hackread) MacOS malware Poseidon Stealer rebranded as Odyssey Stealer (SC Media) Airoha Chip Vulnerabilities Expose Headphones to Takeover (SecurityWeek) FDA Expands Premarket Medical Device Cyber Guidance (GovInfo Security) 'Disgruntled' British IT worker jailed for hacking employer after being suspended (The Record) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 65: Hacking Critical Infrastructure Through Supply ChainsPub date: 2025-06-24Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCritical Infrastructure software lacks the strict liability standards found in industries like automotive manufacturing, leading to minimal accountability for insecure products when they get exploited.  Alex Santos, CEO of Fortress Information Security, explains how they're typically hired by buyers of ICS equipment—such as utilities—to assess and mitigate supply chain risks, including working with OEMs to improve security.The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: Driving OT Security Innovation: AI, Risk Reduction, and the Future of Critical InfrastructurePub date: 2025-06-23Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWelcome back to Protect It All! In this episode, host Aaron Crow sits down with longtime friend and OT cybersecurity veteran Brian Proctor for a deep dive into the current state—and future—of the OT cyber landscape. Together, they trade stories from the front lines, reflecting on how their early experiences as asset owners shaped their passion for innovation and helping critical infrastructure run safely and securely. Brian, whose career spans roles from OT engineer to startup co-founder, opens up about his journey—highlighting his drive to push the boundaries of traditional OT security and the evolution of key industry technologies. The conversation explores everything from the persistent lack of innovation in OT, to AI's growing role in tackling the daunting challenges of risk reduction, visibility, and scaling assessments across sprawling environments. If you've ever wondered how new tech like AI is reshaping industrial cybersecurity, why “we've always done it this way” just doesn't cut it anymore, or how organizations can realistically stay ahead without breaking the bank, this episode delivers honest insights, practical advice, and a look toward an exciting, if sometimes daunting, future. So grab your headphones and settle in as Aaron and Brian share stories, hot takes, and strategies designed to protect it all—because in critical infrastructure, the stakes have never been higher. Key Moments:  06:45 OT Cyber Industry Evolution 11:57 Evolving Challenges in OT Security 19:34 Bridging the OT Security Skills Gap 21:54 Enhancing OT Security Understanding 30:46 AI Model Security Challenges 34:26 Rapid Scaling for Site Assessments 40:56 Simulating Cyber Threat Responses 47:19 Operational Priorities: Equipment vs. Cyber Tools 49:30 Focus on Meaningful Security Metrics 56:30 Rapid AI Adoption vs. Internet 01:02:12 Cybersecurity: Small Targets are Vulnerable About the guest :  Brian Proctor is a cybersecurity leader with over 20 years of experience protecting critical infrastructure across energy, industrial automation, and operational technology sectors. As the co-founder and CEO of Frenos, he empowers critical infrastructure operators to proactively secure their environments against evolving cyber threats. Brian built his foundation in ICS/OT cybersecurity during his 13+ year tenure at two progressive California Investor Owned Utilities, San Diego Gas & Electric and Southern California Edison serving the 2nd and 8th largest cities in the United States. He managed a team of 15 security engineers and researchers across 150+ projects, established OT security roadmaps, and co-invented an R&D Magazine Top 100 award-winning GPS anti-spoofing mitigation technology that earned him a patent. Brian has published IEEE papers on security monitoring, served as Critical Infrastructure Co-Chair for Securing Our eCity, and regularly speaks at conferences to educate and build the ICS/OT cybersecurity community. He holds technical certifications including GICSP, CISSP, and CRISC, along with a Business Administration degree from the University of San Diego. Links:  https://frenos.io/services - Learn more about Optica, the industry's first tech-enabled rapid OT visibility service  https://frenos.io/autonomous-ot-security-assessment-platform - Learn more about how to automate OT security risk assessments Connect Brian : https://www.linkedin.com/in/brianproctor67/ Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Critical Infrastructure software lacks the strict liability standards found in industries like automotive manufacturing, leading to minimal accountability for insecure products when they get exploited.  Alex Santos, CEO of Fortress Information Security, explains how they're typically hired by buyers of ICS equipment—such as utilities—to assess and mitigate supply chain risks, including working with OEMs to improve security.

In this episode of CISO Tradecraft, host G Mark Hardy discusses the ongoing Israel-Iran conflict and its potential cyber implications with cybersecurity expert Nathan Case. They delve into lessons learned from the Russia-Ukraine conflict, discuss the effectiveness of cyber warfare, and evaluate Iran's cyber capabilities. The conversation also covers the ethical implications of cyber attacks, dual-use targets, and the danger of supply chain vulnerabilities. Practical advice is provided on improving cybersecurity measures, including the importance of MFA, network segmentation, and evaluating internal threats. Join us for an in-depth look at how current geopolitical tensions can impact global cybersecurity. Nathan Case - https://www.linkedin.com/in/nathancase/   Chapters 00:00 Introduction to the Israel-Iran Conflict 00:52 Meet the Expert: Nate Case 01:51 Cyber Warfare Insights from Russia-Ukraine Conflict 03:36 The Impact of Cyber on Critical Infrastructure 08:00 Ethics and Rules of Cyber Warfare 15:01 Iran's Cyber Capabilities and Strategies 16:56 Historical Context and Modern Cyber Threats 23:28 Foreign Cyber Threats: The Iranian Example 24:06 Israel's Cyber Capabilities 25:39 The Role of Cyber Command 26:23 Challenges in Cyber Defense 27:11 The Complexity of Cyber Warfare 32:21 Ransomware and Attribution Issues 36:13 Defensive Cyber Operations 39:39 Final Thoughts and Recommendations

Join us as we sit down with Matt Nicolls, Chief Digital Innovation Officer at Technology Partners, to uncover the unique story behind his creative approach to leadership. Matt shares how his early experiences shaped his passion for visually mapping out solutions, and how this skill has become central to his work in technology. Listeners will hear about the mentors who inspired him, the power of transparency in business, and how bringing “something extra” to the table can make all the difference in driving innovation and building strong teams.Guest Links:Matt's LinkedInTechnology PartnersCredits: Host: Lisa Nichols, Executive Producer: Jenny Heal, Marketing Support: Landon Burke and Joe Szynkowski, Podcast Engineer: Portside Media

Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: Inside OT Penetration Testing: Red Teaming, Risks, and Real-World Lessons for Critical Infrastructure with Justin SearlePub date: 2025-06-16Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow sits down with OT security expert Justin Searle, Director of ICS Security at InGuardians, for a deep dive into the ever-evolving world of OT and IT cybersecurity.  With over 25 years of experience, ranging from hands-on engineering and water treatment facilities to red-team penetration testing on critical infrastructures such as airports and power plants, Justin brings a wealth of insight and real-world anecdotes. This episode unpacks what it really takes to assess and secure operational technology environments. Whether you're a C-suite executive, a seasoned cyber pro, or brand new to OT security, you'll hear why network expertise, cross-team trust, and careful, collaborative engagement with engineers are so crucial when testing high-stakes environments. Aaron and Justin also discuss how the industry has matured, the importance of dedicated OT cybersecurity teams, and why practical, people-first approaches make all the difference, especially when lives, reliability, and national infrastructure are on the line. Get ready for actionable advice, hard-earned lessons from the field, and a candid look at both the progress and the ongoing challenges in protecting our most critical systems.   Key Moments:  05:55 Breaking Into Cybersecurity Without Classes 09:26 Production Environment Security Testing 13:28 Credential Evaluation and Light Probing 14:33 Firewall Misconfiguration Comedy 19:14 Dedicated OT Cybersecurity Professionals 20:50 "Prioritize Reliability Over Latest Features" 24:18 "IT-OT Convergence Challenges" 29:04 Patching Program and OT Security 32:08 Complexity of OT Environments 35:45 Dress-Code Trust in Industry 38:23 Legacy System Security Challenges 42:15 OT Cybersecurity for IT Professionals 43:40 "Building Rapport with Food" 47:59 Future OT Cyber Risks and Readiness 51:30 Skill Building for Tech Professionals   About the Guest :  Justin Searle is the Director of ICS Security at InGuardians, specializing in ICS security architecture design and penetration testing.  He led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and played critical roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP).     Justin has taught hacking techniques, forensics, networking, and intrusion detection courses for multiple universities, corporations, and security conferences.  His current courses at SANS and Black Hat are among the world's most attended ICS cybersecurity courses.  Justin is currently a Senior Instructor for the SANS Institute and a faculty member at IANS. In addition to electric power industry conferences, he frequently presents at top international security conferences such as Black Hat, DEFCON, OWASP, HITBSecConf, Brucon, Shmoocon, Toorcon, Nullcon, Hardware.io, and AusCERT.     Justin leads prominent open-source projects, including The Control Thing Platform, Samurai Web Testing Framework (SamuraiWTF), and Samurai Security Testing Framework for Utilities (SamuraiSTFU).  He has an MBA in International Technology and is a CISSP and SANS GIAC certified Incident Handler (GCIH), Intrusion Analyst (GCIA), Web Application Penetration Tester (GWAPT), and GIAC Industrial Control Security Professional (GICSP)   How to connect Justin:  https://www.controlthings.io https://www.linkedin.com/in/meeas/ Email: justin@controlthings.io Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

In this episode of The New CISO, host Steve Moore speaks with Keith Price, Chief Security Officer at National Highways, about the evolving responsibilities of modern security leaders and the critical role of convergence between cyber, physical, and people security.Keith shares real-world stories from his work protecting England's strategic road network—used by over four million people daily—and explains why understanding both legacy infrastructure and cutting-edge technology is essential for building a resilient security strategy. From managing insider threats and recovering stolen radar equipment to championing mental health and developing junior talent, Keith offers a holistic approach to leadership in critical infrastructure.Key Topics Covered:How converging physical, cyber, and personnel security leads to stronger protectionReal-life insider threat examples—and how sensors helped prevent major damageThe challenge of managing decades-old asset tracking systems across regionsWhy availability and integrity of data now outweigh confidentiality in certain sectorsHow Keith's team detected stolen highway radar for sale on eBayThe importance of empathetic leadership and supporting mental health in security teamsHow "Cyber Coffee" sessions create safe spaces for vulnerability and connectionUpskilling IT staff into cybersecurity roles through “pay-it-forward” learningThe case for offering security-as-a-service to small but critical supply chain partnersKeith's insights reveal why successful security leadership requires more than just technical knowledge—it demands communication, humility, and a deep understanding of human behavior. This conversation is a must-listen for any security professional working to bridge silos and lead with impact.

The story of Dave's Hot Chicken. Daniel Fortune on the possibility of terrorist attacks on US critical infrastructure. Illegal parents of 4 children (all American citizens) to be deported. Red Bull nay have been the cause of women liver issues. Jeff Monosso on the US Navy to rename ship currently named for a gay hero. Your texts and talkbacks.

In this episode, hosts Frank La Vigne and Candice Gillhoolley are joined by Andy Schwaderer and Dr. Christopher Leach from Quantum Knight. As the podcast celebrates its recent top ranking on Feedspot, the conversation dives deep into the urgent realities of post-quantum encryption, highlighting the evolving threats facing our digital lives—far beyond the stereotypical “hackers in hoodies.”Andy and Dr. Leach unpack why “being quantum ready isn't optional, it's essential,” sharing practical insights on defending against sophisticated adversaries, from nation-state actors to criminal gangs exploiting the cracks in legacy infrastructure. From the infamous Sony hack to modern ransomware attacks on hospitals and public utilities, the episode explores how Quantum Knight's innovative cryptosystem aims to protect data across everything from IoT devices to critical medical systems.Tune in for a compelling discussion on why security can no longer be an afterthought, how agile cryptography is enabling a future-proof approach, and why the responsibility—and power—to keep data safe now rests firmly in the hands of every individual and organization. If you've ever wondered how quantum computing and cybersecurity overlap, or how to safeguard your most vital assets in the quantum era, this episode is for you.Timestamps00:00 Streamlined Quantum-Enhanced Data Security08:26 "Data Control is King"14:48 "Understanding Advanced Persistent Threats"17:43 Quantum Computing's Impact on Cybersecurity22:42 "IoT's Security Oversight"32:15 "Admitting Issues, Seeking Solutions"36:02 Cryptography's Limits and Access Control39:31 Affordable Ransomware Protection Solution48:55 Switching Accountants Mid-Service51:35 Data Threat: Public Infrastructure Vulnerability56:45 Versatile Cryptography Support System01:02:19 AI Code Reliability Challenges01:06:53 "Concerns About Health and Security"

In this episode of 'Cybersecurity Today', host Jim Love is joined by panelists Laura Payne from White Tuque and David Shipley from Beauceron Security to review significant cybersecurity events over the past month. The discussion covers various impactful stories such as the disappearance of a professor, a data breach at Hertz, and government officials using a commercial app during a conflict. They dive deep into the ransomware attack on PowerSchool and its implications for K-12 schools in North America. The conversation also highlights the vulnerability of critical infrastructures, including the food supply chain and the importance of robust cybersecurity measures. Finally, the panel touches upon the progression towards post-quantum encryption by major tech companies like AWS and Google, signaling advancements in securing future technologies. 00:00 Introduction and Panelist Welcome 00:20 Major Cybersecurity Incidents of the Month 02:04 PowerSchool Data Breach Analysis 04:11 Ransomware and Double Extortion Tactics 12:20 4chan Security Breach and Its Implications 16:31 Hertz Data Loss and Retail Cybersecurity 17:44 Critical Infrastructure and Cyber Regulation 27:03 The Importance of CVE Database 27:54 Debate on Vulnerability Scoring 30:17 Open Source Software and Geopolitical Risks 31:43 The Evolution and Challenges of Open Source 37:17 The Need for Software Regulation 46:50 Signal Gate and Compliance Issues 54:08 Post-Quantum Cryptography 56:10 Conclusion and Final Thoughts

This week on Caveat, Dave and Ben welcome back N2K's own Ethan Cook for our latest policy deep dive segment. As a trusted expert in law, privacy, and surveillance, Ethan is joining the show regularly to provide in-depth analysis on the latest policy developments shaping the cybersecurity and legal landscape. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Please take a moment to fill out an audience survey! Let us know how we are doing! Policy Deep Dive In this Caveat Policy Deep Dive, our conversation and analysis revolve around critical infrastructure policy. Throughout this conversation, we break down how critical infrastructure policy has evolved over the past fifteen years and what policies have been behind some of these advancements. Some key topics focused on during this conversation center on some of the centralization of infrastructure management policies, the creation of CISA, and how the second Trump administration is changing the federal government's approach when managing critical infrastructure. Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our ⁠Caveat Briefing⁠, a weekly newsletter available exclusively to ⁠N2K Pro⁠ members on ⁠N2K CyberWire's⁠ website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week's ⁠Caveat Briefing⁠ a new bill that is gaining traction in Congress where Senators Merkley and Kennedy are looking to limit the TSA's facial scanning program. This law comes after the DHS announced an audit regarding how the TSA has used this technology. Curious about the details? Head over to the ⁠Caveat Briefing⁠ for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to ⁠caveat@thecyberwire.com⁠. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

On this episode of Banking on KC, Joe Kessinger, CEO of HCI Energy, joins host Kelly Scanlon to discuss how the Kansas City-based company is revolutionizing energy delivery for telecom, public safety and underserved areas through sustainable hybrid power systems. Tune in to discover:How HCI Energy's technology provides reliable, renewable energy for mission-critical infrastructureThe environmental and economic benefits of hybrid power in remote and disaster-prone areasHow HCI Energy is contributing to social equity through energy access in underserved communitiesCountry Club Bank – Member FDIC

Steve Summers speaks with SE Radio host Sam Taggart about securing test and measurement equipment. They start by differentiating between IT and OT (Operational Technology) and then discuss the threat model and how security has evolved in the OT space, including a look some of the key drivers. They then examine security challenges associated with a specific device called a CompactRIO, which combines a Linux real-time CPU with a field programmable gate array (FPGA) and some analog hardware for capturing signals and interacting with real-world devices. Brought to you by IEEE Computer Society and IEEE Software magazine.

Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Danielle Jablanski on Critical Infrastructure ProtectionPub date: 2025-05-11Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationDanielle Jablanski, Industrial Control Systems Strategist & Subject Matter Expert at CISA, joins the Nexus podcast to discuss her perspectives on critical infrastructure protection and government's role as a cybersecurity partner on implementation guidance and enablement. Danielle touches on a number of areas of CI security and protection, ranging from the challenges arising from the high percentage of private sector ownership of critical infrastructure, to the assistance available from CISA and other agencies to lesser-resourced entities in the 16 CI sectors. Listen and subscribe to the Nexus Podcast on your favorite platform.The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

In this episode of Cybersecurity Today, host David Shipley covers a range of cyber threats including the Venom Spider malware targeting HR professionals, the emergence of the Noodlofile info stealer disguised as an AI video generator, and misinformation campaigns amid the India-Pakistan conflict. Additionally, the episode discusses warnings from U.S. agencies about cyberattacks on the oil and gas sector, and highlights a recent interview with whistleblower Daniel Brules about security lapses at the National Labor Relations Board. 00:00 Introduction and Overview 00:33 Venom Spider Targets HR Professionals 02:12 Fake AI Video Generators and Noodlofile Malware 03:41 Misinformation Amid India-Pakistan Conflict 05:40 US Oil and Gas Infrastructure Under Threat 07:22 Conclusion and Final Thoughts

Danielle Jablanski, Industrial Control Systems Strategist & Subject Matter Expert at CISA, joins the Nexus podcast to discuss her perspectives on critical infrastructure protection and government's role as a cybersecurity partner on implementation guidance and enablement. Danielle touches on a number of areas of CI security and protection, ranging from the challenges arising from the high percentage of private sector ownership of critical infrastructure, to the assistance available from CISA and other agencies to lesser-resourced entities in the 16 CI sectors. Listen and subscribe to the Nexus Podcast on your favorite platform.

How prepared is your business for a ransomware attack? Not just to prevent it, but to continue operating when it happens. In this episode, I sit down with Trevor Dearing, Director of Critical Infrastructure at Illumio, to discuss the latest findings from their global ransomware report and what they reveal about cyber resilience. Trevor shares insight from a survey of more than 3,000 organisations across multiple sectors. The most concerning figure is that 58 percent of those impacted by ransomware were forced to halt operations. That number has risen sharply from 43 percent just two years ago. Despite this, many businesses in the UK still avoid reporting attacks, often due to fears around reputational damage or potential retaliation. Trevor explains why that reluctance is misguided and how public support, improved infrastructure, and more explicit government guidance could encourage more transparency. We also explore the rise of containment as a more practical and cost-effective approach than prevention alone. Rather than trying to stop every attack at the perimeter, organisations are learning how to isolate and limit damage quickly. Trevor explains how zero trust architecture, microsegmentation, and one-click containment tools are being used to keep systems operational even during an incident. Only 13 percent of organisations believe their cyber resilience exceeds what is required. Trevor helps us understand why this number remains low and where organisations should focus to shift from vulnerability to resilience. From evolving regulations to future applications of AI in security, this conversation covers what leaders need to know if they prepare for the next generation of cyber threats. To access Illumio's full ransomware report, visit illumio.com. Is your cyber resilience strategy built for recovery, or just defense?

Joshua Steinman is the co-founder and CEO of Galvanick, a cybersecurity company building tools to secure industrial infrastructure and AI systems.In this episode of World of DaaS, Joshua and Auren discuss:Foreign spies in tech companiesVulnerabilities in critical infrastructureLessons from Stuxnet and UkraineBuilding resilience against cyber threatsLooking for more tech, data and venture capital intel? Head to worldofdaas.com for our podcast, newsletter and events, and follow us on X @worldofdaas.  You can find Auren Hoffman on X at @auren and Josh Steinman on X at @JoshuaSteinman. Editing and post-production work for this episode was provided by The Podcast Consultant (https://thepodcastconsultant.com)

Submarine cables are a hidden wonder. These fiber optic bundles carry data and voice traffic around the world and serve as critical global links for communication and commerce. Today on Packet Protector, guest Andy Champagne dives into the history of submarine cables, the technological and operational advancements that allow voice and data to travel hundreds... Read more »

Submarine cables are a hidden wonder. These fiber optic bundles carry data and voice traffic around the world and serve as critical global links for communication and commerce. Today on Packet Protector, guest Andy Champagne dives into the history of submarine cables, the technological and operational advancements that allow voice and data to travel hundreds... Read more »

During RSAC Conference 2025, Andrew Carney, Program Manager at DARPA, and (remotely via video) Dr. Kathleen Fisher, Professor at Tufts University and Program Manager for the AI Cyber Challenge (AIxCC), guide attendees through an immersive experience called Northbridge—a fictional city designed to showcase the critical role of AI in securing infrastructure through the DARPA-led AI Cyber Challenge.Inside Northbridge: The Stakes Are RealNorthbridge simulates the future of cybersecurity, blending AI, infrastructure, and human collaboration. It's not just a walkthrough — it's a call to action. Through simulated attacks on water systems, healthcare networks, and cyber operations, visitors witness firsthand the tangible impacts of vulnerabilities in critical systems. Dr. Fisher emphasizes that the AI Cyber Challenge isn't theoretical: the vulnerabilities competitors find and fix directly apply to real open-source software relied on by society today.The AI Cyber Challenge: Pairing Generative AI with Cyber ReasoningThe AI Cyber Challenge (AIxCC) invites teams from universities, small businesses, and consortiums to create cyber reasoning systems capable of autonomously identifying and fixing vulnerabilities. Leveraging leading foundation models from Anthropic, Google, Microsoft, and OpenAI, the teams operate with tight constraints—working with limited time, compute, and LLM credits—to uncover and patch vulnerabilities at scale. Remarkably, during semifinals, teams found and fixed nearly half of the synthetic vulnerabilities, and even discovered a real-world zero-day in SQLite.Building Toward DEFCON Finals and BeyondThe journey doesn't end at RSA. As the teams prepare for the AIxCC finals at DEFCON 2025, DARPA is increasing the complexity of the challenge—and the available resources. Beyond the competition, a core goal is public benefit: all cyber reasoning systems developed through AIxCC will be open-sourced under permissive licenses, encouraging widespread adoption across industries and government sectors.From Competition to CollaborationCarney and Fisher stress that the ultimate victory isn't in individual wins, but in strengthening cybersecurity collectively. Whether securing hospitals, water plants, or financial institutions, the future demands cooperation across public and private sectors.The Northbridge experience offers a powerful reminder: resilience in cybersecurity is built not through fear, but through innovation, collaboration, and a relentless drive to secure the systems we all depend on.___________Guest: Andrew Carney, AI Cyber Challenge Program Manager, Defense Advanced Research Projects Agency (DARPA) | https://www.linkedin.com/in/andrew-carney-945458a6/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com______________________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________ResourcesThe DARPA AIxCC Experience at RSAC 2025 Innovation Sandbox: https://www.rsaconference.com/usa/programs/sandbox/darpaLearn more and catch more stories from RSAC Conference 2025 coverage: https://www.itspmagazine.com/rsac25___________KEYWORDSandrew carney, kathleen fisher, marco ciappelli, sean martin, darpa, aixcc, cybersecurity, rsac 2025, defcon, ai cybersecurity, event coverage, on location, conference______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

During RSAC Conference 2025, Andrew Carney, Program Manager at DARPA, and (remotely via video) Dr. Kathleen Fisher, Professor at Tufts University and Program Manager for the AI Cyber Challenge (AIxCC), guide attendees through an immersive experience called Northbridge—a fictional city designed to showcase the critical role of AI in securing infrastructure through the DARPA-led AI Cyber Challenge.Inside Northbridge: The Stakes Are RealNorthbridge simulates the future of cybersecurity, blending AI, infrastructure, and human collaboration. It's not just a walkthrough — it's a call to action. Through simulated attacks on water systems, healthcare networks, and cyber operations, visitors witness firsthand the tangible impacts of vulnerabilities in critical systems. Dr. Fisher emphasizes that the AI Cyber Challenge isn't theoretical: the vulnerabilities competitors find and fix directly apply to real open-source software relied on by society today.The AI Cyber Challenge: Pairing Generative AI with Cyber ReasoningThe AI Cyber Challenge (AIxCC) invites teams from universities, small businesses, and consortiums to create cyber reasoning systems capable of autonomously identifying and fixing vulnerabilities. Leveraging leading foundation models from Anthropic, Google, Microsoft, and OpenAI, the teams operate with tight constraints—working with limited time, compute, and LLM credits—to uncover and patch vulnerabilities at scale. Remarkably, during semifinals, teams found and fixed nearly half of the synthetic vulnerabilities, and even discovered a real-world zero-day in SQLite.Building Toward DEFCON Finals and BeyondThe journey doesn't end at RSA. As the teams prepare for the AIxCC finals at DEFCON 2025, DARPA is increasing the complexity of the challenge—and the available resources. Beyond the competition, a core goal is public benefit: all cyber reasoning systems developed through AIxCC will be open-sourced under permissive licenses, encouraging widespread adoption across industries and government sectors.From Competition to CollaborationCarney and Fisher stress that the ultimate victory isn't in individual wins, but in strengthening cybersecurity collectively. Whether securing hospitals, water plants, or financial institutions, the future demands cooperation across public and private sectors.The Northbridge experience offers a powerful reminder: resilience in cybersecurity is built not through fear, but through innovation, collaboration, and a relentless drive to secure the systems we all depend on.___________Guest: Andrew Carney, AI Cyber Challenge Program Manager, Defense Advanced Research Projects Agency (DARPA) | https://www.linkedin.com/in/andrew-carney-945458a6/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com______________________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________ResourcesThe DARPA AIxCC Experience at RSAC 2025 Innovation Sandbox: https://www.rsaconference.com/usa/programs/sandbox/darpaLearn more and catch more stories from RSAC Conference 2025 coverage: https://www.itspmagazine.com/rsac25___________KEYWORDSandrew carney, kathleen fisher, marco ciappelli, sean martin, darpa, aixcc, cybersecurity, rsac 2025, defcon, ai cybersecurity, event coverage, on location, conference______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

Transcend is fundamentally changing how engineers design our world's essential infrastructure through their generative design platform. With $35 million in funding, including investment from industry giant Autodesk, Transcend is automating and optimizing the planning and conceptual design phases for infrastructure projects that typically cost tens to hundreds of millions of dollars. In this episode of Category Visionaries, we spoke with Adam Tank about how Transcend is creating an entirely new category while helping societies build more sustainable, efficient infrastructure from wastewater treatment plants to power systems. Topics Discussed: How Transcend's platform automates preliminary infrastructure design that traditionally requires months of manual work The shift from a consumption-based pricing model to a flat-rate subscription that accelerated user adoption Building a brand in a highly technical, conservative engineering market Leveraging trade partnerships and owned media to educate potential customers The importance of creating a category around "Generative Design for Critical Infrastructure" How strategic investment from Autodesk removed concerns about startup viability The challenge of selling to technical stakeholders who are resistant to change   GTM Lessons For B2B Founders: Validate before building: Adam emphasizes trying to sell your solution before building it. "A lot of entrepreneurs fall into this mindset of 'if you build it, they will come'... Selling it, marketing it, is substantially harder in most cases than building the actual product itself." Education-first marketing for technical buyers: When selling to engineers, plan for 10x more educational content than you might expect. "If I thought we needed to spend four hours a week doing it, we're spending 40 hours a week doing it across both sales and marketing teams." Create webinars, case studies, and detailed content that helps your technical audience understand and trust your solution. Invest in owned media channels: Don't rely solely on platforms you don't control. Transcend created a newsletter reaching 16,000 engineers worldwide that isn't directly branded as Transcend but provides immense value and establishes authority. "If you rely on SEO only, or LinkedIn only... anything can change overnight." Leverage trade partners for amplified reach: Instead of building everything yourself, tap into established networks in your industry. "We'll spend upwards of $5,000 to tap into someone else's network... and we'll get a thousand or more registrants and we've had half or more show up to the webinar, which is almost unheard of." Challenge assumptions with data: Events are often assumed to be critical for relationship-based B2B sales, but Transcend found that "online events, webinars, our newsletters, our social media even, are far more consistent generator of high quality leads than events are for the spend." Rethink pricing to encourage adoption: For complex products requiring significant user education, consumption-based pricing can unintentionally discourage exploration. "We made a big change about a year and a half or so into the company to move away from that consumption based pricing into just a flat rate model... We just want them in the tool, we just want them playing around with it." Balance founder personal brand with company visibility: Adam maintains what he calls a "70-20-10" approach—70% water industry focus, 20% Transcend, and 10% personal. "People like to buy from people. They don't buy from companies. So the extent that a company can have a face that's out front that they can get to know and trust... is super important." // Sponsors: Front Lines — We help B2B tech companies launch, manage, and grow podcasts that drive demand, awareness, and thought leadership. www.FrontLines.io The Global Talent Co. — We help tech startups find, vet, hire, pay, and retain amazing marketing talent that costs 50-70% less than the US & Europe.  www.GlobalTalent.co

About the speaker: Recorded: 04/23/2025 CERIAS Security Seminar at Purdue University Using Side-Channels for Critical Infrastructure Protection Tristen Mullins, ORNL Dr. Tristen Mullins is a cybersecurity professional specializing in side-channel analysis, cyber-physical systems security, and supply chain integrity. Currently an R&D Associate and Signal Processing Engineer at Oak Ridge National Laboratory (ORNL), she conducts innovative research at the intersection of hardware security and national security. Dr.Mullins earned her Ph.D. in Computing from the University of South Alabama in2022, where she focused on developing novel defense mechanisms against side-channel attacks and made significant contributions to adaptive security architectures. At ORNL, she leads initiatives in critical infrastructure protection and cyber resilience while actively mentoring students and promoting cybersecurity education. Additionally, Dr. Mullins plays a vital role in the National Security Sciences Academy and has founded the IEEE East Tennessee Section Young Professionals Affiliate Group to support emerging engineers.Honored with multiple awards for her contributions and leadership, she remains dedicated to enhancing the security of next-generation computing systems through collaboration with both federal agencies and industry leaders.

Two widespread communications failures in the Northland storm and Otago-Southland within two days last week have again exposed the vulnerability of critical infrastructure. Phil Pennington spoke to Ingrid Hipkiss.

Podcast: PrOTect It All (LS 25 · TOP 10% what is this?)Episode: Simplifying OT Cybersecurity: Tools and Strategies for Non-Experts in Critical Infrastructure with Steve KissPub date: 2025-04-21Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of Protect It All, host Aaron Crow sits down with Steve Kiss, founder and CEO of IPMeter, for an eye-opening discussion on the future of OT (Operational Technology) and IT cybersecurity. With over 25 years of hands-on experience, Steve shares his journey from network engineering to designing practical cybersecurity tools for real-world OT environments. They dive into the unique challenges faced by operators in sectors like wastewater treatment, building management, and power utilities—where frontline professionals often shoulder critical cybersecurity responsibilities without formal training or extensive resources. Steve and Aaron emphasize the urgent need for simple, scalable, and reliable tools that empower these “full stack” operators to secure critical infrastructure effectively. From bridging the IT-OT divide to managing legacy system risks and improving procurement practices, this conversation offers actionable insights for municipalities, utilities, and smaller organizations aiming to take greater ownership of their cyber defenses. Packed with real-world examples, strategic advice, and a touch of industry humor, this episode is essential listening for anyone focused on protecting essential services and strengthening community resilience. Key Moments:  10:40 Understanding Factory Acceptance Test (FAT) 16:41 Transitioning to Local Water Management 19:52 Compliance and Cybersecurity Standards 25:03 "Digital Spins on Security Concepts" 32:30 Standardizing Power Systems Configurations 35:00 Basic Security Steps for Operators 40:28 Balancing IoT Features and Control 45:01 Durability and Setup for Rail Tech 48:58 "Basic Network Foundations Needed" 54:35 Wastewater's Overlooked Importance About the guest:    Steve Kiss is a seasoned cybersecurity leader with over two decades of experience in engineering, infrastructure security, and strategic leadership. As the inventor of IPMeter™ and a contributor to the NIST 800-53 SP2 standards, he has played a pivotal role in advancing vulnerability management practices. Throughout his career, Steve has been deeply involved in the design, construction, and security of critical infrastructure across sectors such as aviation, defense, data centers, and utilities.  His expertise uniquely bridges the worlds of operational technology (OT) and information technology (IT), addressing the evolving challenges of modern network environments. In addition to founding multiple companies focused on infrastructure security, Steve regularly shares his insights at industry events, including the IMRON Security & Safety Summit at SoFi Stadium.  He also publishes a weekly newsletter, HOTw (Hack of the Week), spotlighting trends and incidents in OT cybersecurity. Through his latest venture, IPMeter, Steve continues to drive innovation in cybersecurity testing and resilience.   How to connect Steve :    Website for IPMeter www.ipmeter.net   LinkedIn https://www.linkedin.com/in/stevekiss/   Blog (once to twice a month- includes HOTw (IoT hack of the week) https://www.ipmeter.net/blog   Contact for IPMeter demos sales@ipmeter.net   Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Join The Audit as we dive into the high-stakes intersection of critical infrastructure and cybersecurity with Tim Herman, President of InfraGard Minnesota. InfraGard is a unique public-private partnership with the FBI designed to protect the 85% of America's essential systems owned by the private sector. From power grids to transportation, the vulnerabilities are real—and increasingly complex. In this episode, we discuss: How joystick-operated tugboats on the Mississippi reveal hidden cyber risks Why tabletop exercises are vital for incident readiness Common mistakes in organizational response plans (and how to fix them)  The importance of physical backups and redundant communication systems  Actionable steps to bridge the gap between planning and execution Cybersecurity isn't just an IT issue—it's national security. Don't miss this compelling conversation on how InfraGard is helping organizations build resilience before the next breach hits. Like, share, and subscribe for more expert insights from the frontlines of cybersecurity.

In this episode of Audience 1st Podcast, Dani sits down with Kristin Demoranville, CEO of Anzen Sage and host of the Bites & Bytes podcast, to uncover the hidden vulnerabilities in one of the world's most overlooked critical infrastructure sectors: food and agriculture. From insider threats in peanut processing to cyber attacks that disrupt egg supply chains, Kristin breaks down why OT security in food systems isn't just about uptime, it's about human lives, brand trust, and national resilience. She pulls no punches, sharing raw stories from the frontlines: Why cybersecurity leaders in food facilities are flying blind What happened when nobody spoke up at Boar's Head How misinformation campaigns are now a cyber risk vector Why “brown cows make chocolate milk” isn't just a joke—it's a symptom of a dangerous knowledge gap We also unpack: The behavioral blind spots holding back executive buy-in Why empathy, not just engineering, is the key to securing food systems What must change in the next 5 years to avoid preventable tragedies

EDITORIAL: PH must redefine critical infrastructure | Apr. 19, 2025Subscribe to The Manila Times Channel - https://tmt.ph/YTSubscribe Visit our website at https://www.manilatimes.net Follow us: Facebook - https://tmt.ph/facebook Instagram - https://tmt.ph/instagram Twitter - https://tmt.ph/twitter DailyMotion - https://tmt.ph/dailymotion Subscribe to our Digital Edition - https://tmt.ph/digital Check out our Podcasts: Spotify - https://tmt.ph/spotify Apple Podcasts - https://tmt.ph/applepodcasts Amazon Music - https://tmt.ph/amazonmusic Deezer: https://tmt.ph/deezer Stitcher: https://tmt.ph/stitcherTune In: https://tmt.ph/tunein #TheManilaTimes#VoiceOfTheTimes Hosted on Acast. See acast.com/privacy for more information.

In this edition of Between Two Nerds Tom Uren and The Grugq look at the idea of global critical infrastructure. One common example is submarine cables, which are globally important but are vulnerable because they are hard to defend. But what about services from tech giants? Are they global critical infrastructure? This episode is also available on Youtube. Show notes

In this episode of the cybersecurity month-end review, host Jim Love is joined by Daina Proctor from IBM in Ottawa, Randy Rose from The Center for Internet Security from Saratoga Springs, and David Shipley, CEO of Beauceron Security from Fredericton. The panel discusses major cybersecurity stories from the past month, including the Oracle Cloud breach and its communication failures, the misuse of Signal by U.S. government officials, and global cybersecurity regulation efforts such as the UK's new critical infrastructure laws. They also cover notable incidents like the Kuala Lumpur International Airport ransomware attack and the NHS Scotland cyberattack, the continuous challenges of EDR bypasses, and the importance of fusing anti-fraud and cybersecurity efforts. The discussion emphasizes the need for effective communication and stringent security protocols amidst increasing cyber threats. 00:00 Introduction and Panelist Introductions 01:25 Oracle Cloud Breach: A Case Study in Incident Communication 10:13 Signal Group Chat Controversy 20:16 Leadership and Cybersecurity Legislation 23:30 Cybersecurity Certification Program Overview 24:27 Challenges in Cybersecurity Leadership 24:59 Importance of Data Centers and MSPs 26:53 UK Cybersecurity Bill and MSP Standards 28:09 Cyber Essentials and CMMC Standards 32:47 EDR Bypasses and Small Business Security 39:32 Ransomware Attacks on Critical Infrastructure 43:34 Law Enforcement and Cybercrime 47:24 Conclusion and Final Thoughts

Researchers at the Pacific Northwest National Laboratory have found a new element in critical infrastructure protection. They've discovered how the algorithms that rank pages in internet searches also can help planners better understand how to prevent cascading failures in electrical or water systems. Here with how it all works, PNNL mathematician Bill Kay. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Researchers at the Pacific Northwest National Laboratory have found a new element in critical infrastructure protection. They've discovered how the algorithms that rank pages in internet searches also can help planners better understand how to prevent cascading failures in electrical or water systems. Here with how it all works, PNNL mathematician Bill Kay. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Should space be designated as critical infrastructure? What are the threats we're facing in space for cybersecurity? We tackle these questions with our guest Jake Braun, former White House Principal Deputy National Cyber Director and chairman of DEF CON Franklin. You can connect with Jake on LinkedIn. Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey. It'll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Roman Arutyunov is the Co-founder and SVP of Products at Xage Security, a Series B startup focused on protecting critical infrastructure—including energy systems—from cyber threats. Xage is backed by investors like Chevron Technology Ventures, Aramco, Piva Capital, Valor Equity Partners, and Overture.Cybersecurity is a growing concern as our energy systems become more distributed, electrified, and digitally connected. We spoke with Roman about the vulnerabilities in today's infrastructure, the motivations behind cyberattacks, and how the rise of AI is changing the cybersecurity landscape.In this episode, we cover: [2:11] Introduction to Xage Security[3:12] Cybersecurity 101: Ransomware, nation-state threats, and attacker motivations[7:10] Operational tech (OT) vs. information tech (IT)[13:29] Xage's Zero Trust security approach[15:45] Customer segments and differing security challenges[20:47] Navigating regulations vs. fast deployment timelines[23:40] How AI is shaping both threats and defenses[28:00] When multifactor authentication becomes a vulnerability[31:59] Real-world cyberattacks on energy systems[34:10] Xage's funding history and growth trajectoryEpisode recorded on Feb 20, 2025 (Published on Mar 26, 2025) Enjoyed this episode? Please leave us a review! Share feedback or suggest future topics and guests at info@mcj.vc.Connect with MCJ:Cody Simms on LinkedInVisit mcj.vcSubscribe to the MCJ Newsletter*Editing and post-production work for this episode was provided by The Podcast Consultant

From energy and wastewater treatment to communications, banking, and beyond, critical infrastructure are those assets, systems, and networks that support our daily lives. Any compromise to these resources, whether malicious or unintended, could have debilitating national security, economic, and public safety consequences.   Yet, our critical infrastructure remains vulnerable. And in an era of rising geopolitical tensions, it is also an easy and attractive target for nation state attackers. Solar Winds and more recently Salt Typhoon are two of many examples.   In this podcast, we explore the where's and why's of critical infrastructure vulnerability and associated compliance concerns, along with some strategies and best practices to improve critical infrastructure security and resilience.

Michael Lucci is the founder, CEO, and chairman of State Armor. He helps states enact policies and solutions that protect their assets from foreign adversaries like communist China.“They're trying to invade our homeland, and they likely have developed the capacity to make life very difficult, to create crises within the United States—whether it's power, whether it's wastewater treatment, whether it's telecommunications,” he says. “They have laws that require those companies to engage in espionage. So why are we letting them sell connected devices of any type into the United States?”In this episode, we dive deep into how the Chinese regime has managed to infiltrate our critical infrastructure and communications systems at the local, state, and federal levels.“It's the largest military buildup since World War Two is what China is doing right now,” says Lucci. “If they're just in our back doors, listening, reading, following everything we're doing, following the pattern of life for important officials across the country, that's a pretty deep problem.”Views expressed in this video are opinions of the host and the guest, and do not necessarily reflect the views of The Epoch Times.

⬥GUEST⬥Sarah Fluchs, CTO at admeritia | CRA Expert Group at EU Commission | On LinkedIn: https://www.linkedin.com/in/sarah-fluchs/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin⬥EPISODE NOTES⬥The European Commission's Cyber Resilience Act (CRA) introduces a regulatory framework designed to improve the security of digital products sold within the European Union. In a recent episode of Redefining CyberSecurity, host Sean Martin spoke with Sarah Fluchs, Chief Technology Officer at admeritia and a member of the CRA expert group at the EU Commission. Fluchs, who has spent her career in industrial control system cybersecurity, offers critical insights into what the CRA means for manufacturers, retailers, and consumers.A Broad Scope: More Than Just Industrial AutomationUnlike previous security regulations that focused on specific sectors, the CRA applies to virtually all digital products. Fluchs emphasizes that if a device is digital and sold in the EU, it likely falls under the CRA's requirements. From smartwatches and baby monitors to firewalls and industrial control systems, the regulation covers a wide array of consumer and business-facing products.The CRA also extends beyond just hardware—software and services required for product functionality (such as cloud-based components) are also in scope. This broad application is part of what makes the regulation so impactful. Manufacturers now face mandatory cybersecurity requirements that will shape product design, development, and post-sale support.What the CRA RequiresThe CRA introduces mandatory cybersecurity standards across the product lifecycle. Manufacturers will need to:Ensure products are free from known, exploitable vulnerabilities at the time of release.Implement security by design, considering cybersecurity from the earliest stages of product development.Provide security patches for the product's defined lifecycle, with a minimum of five years unless justified otherwise.Maintain a vulnerability disclosure process, ensuring consumers and authorities are informed of security risks.Include cybersecurity documentation, requiring manufacturers to provide detailed security instructions to users.Fluchs notes that these requirements align with established security best practices. For businesses already committed to cybersecurity, the CRA should feel like a structured extension of what they are already doing, rather than a disruptive change.Compliance Challenges: No Detailed Checklist YetOne of the biggest concerns among manufacturers is the lack of detailed compliance guidance. While other EU regulations provide extensive technical specifications, the CRA's security requirements span just one and a half pages. This ambiguity is intentional—it allows flexibility across different industries—but it also creates uncertainty.To address this, the EU will introduce harmonized standards to help manufacturers interpret the CRA. However, with tight deadlines, many of these standards may not be ready before enforcement begins. As a result, companies will need to conduct their own cybersecurity risk assessments and demonstrate due diligence in securing their products.The Impact on Critical Infrastructure and Industrial SystemsWhile the CRA is not specifically a critical infrastructure regulation, it has major implications for industrial environments. Operators of critical systems, such as utilities and manufacturing plants, will benefit from stronger security in the components they rely on.Fluchs highlights that many security gaps in industrial environments stem from weak product security. The CRA aims to fix this by ensuring that manufacturers, rather than operators, bear the responsibility for secure-by-design components. This shift could significantly reduce cybersecurity risks for organizations that rely on complex supply chains.A Security Milestone: Holding Manufacturers AccountableThe CRA represents a fundamental shift in cybersecurity responsibility. For the first time, manufacturers, importers, and retailers must guarantee the security of their products or risk being banned from selling in the EU.Fluchs points out that while the burden of compliance is significant, the benefits for consumers and businesses will be substantial. Security-conscious companies may even gain a competitive advantage, as customers start to prioritize products that meet CRA security standards.For those in the industry wondering how strictly the EU will enforce compliance, Fluchs reassures that the goal is not to punish manufacturers for small mistakes. Instead, the EU Commission aims to improve cybersecurity without unnecessary bureaucracy.The Bottom LineThe Cyber Resilience Act is set to reshape cybersecurity expectations for digital products. While manufacturers face new compliance challenges, consumers and businesses will benefit from stronger security measures, better vulnerability management, and increased transparency.Want to learn more? Listen to the full episode of Redefining CyberSecurity with Sean Martin and Sarah Fluchs to hear more insights into the CRA and what it means for the future of cybersecurity.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/sarah-fluchs_aaand-its-official-the-cyber-resilience-activity-7250162223493300224-zECA/Adopted CRA text: https://data.consilium.europa.eu/doc/document/PE-100-2023-INIT/en/pdfA list of Sarah's blog posts to get your CRA knowledge up to speed:1️⃣ Introduction to the CRA, the CE marking, and the regulatory ecosystem around it: https://fluchsfriction.medium.com/eu-cyber-resilience-act-9e092fffbd732️⃣ Explanation how the standards ("harmonised European norms, hEN") are defined that will detail the actual cybersecurity requirements in the CRA (2023): https://fluchsfriction.medium.com/what-cybersecurity-standards-will-products-in-the-eu-soon-have-to-meet-590854ba3c8c3️⃣ Overview of the essential requirements outlined in the CRA (2024): https://fluchsfriction.medium.com/what-the-cyber-resilience-act-requires-from-manufacturers-0ee0b917d2094️⃣ Overview of the global product security regulation landscape and how the CRA fits into it (2024): https://fluchsfriction.medium.com/product-security-regulation-in-2024-93ddc6dd89005️⃣ Good-practice example for the "information and instructions to the user," one of the central documentations that need to be written for CRA compliance and the only one that must be provided to the product's users (2024): https://fluchsfriction.medium.com/how-to-be-cra-compliant-and-make-your-critical-infrastructure-clients-happy-441ecd859f52⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity: 

Daniel M. Gerstein is a senior policy researcher at RAND and a professor of policy analysis at Pardee RAND Graduate School. Previously, he served at the U.S. Department of Homeland Security (DHS) as under secretary (acting) and deputy under secretary in the Science & Technology Directorate. Emerging Technology and risk Assessment: The Space Domain and Critical Infrastructure

A look at industrial cybersecurity, and why it matters, in the latest installment of our oral history project.We Meet: Ian Bramson, Vice President of Global Industrial Cybersecurity at Black & VeatchCredits:This episode of SHIFT was produced by Jennifer Strong with help from Emma Cillekens. It was mixed by Garret Lang, with original music from him and Jacob Gorski. Art by Meg Marco.

"PREVIEW: PANAMA CANAL: Colleague Joseph Humire outlines the national security concerns of leaving Panama in the hands of those who have sold critical infrastructure to U.S. adversaries, chiefly the PRC. More to follow." 1910 Panama Canal Zone

The Rich Zeoli Show- Hour 1: 3:05pm- F.A.A. Finally Bans Drones from Flying Near Critical Infrastructure in NJ. Tracey Tull of The New York Times reports: “The Federal Aviation Administration has issued a monthlong ban on drone flights over a large swath of New Jersey, the first broad prohibition of its kind since the authorities began investigating a spate of sightings last month that set off fear and speculation. The ban began late on Wednesday and will continue through Jan. 17, according to an F.A.A. alert. The notification cited ‘special security reasons' for prohibiting flights in airspace near 22 New Jersey communities, including three of the state's largest cities, Camden, Elizabeth and Jersey City.” You can read the full article here: https://www.nytimes.com/2024/12/19/nyregion/faa-bans-drone-flights-new-jersey.html 3:10pm- Rich wonders: why did the F.A.A. decide to ban drones from flying near critical infrastructure all of a sudden? And why didn't they do this weeks ago when New Jersey residents first started reporting sightings of mysterious drones? Rich suspects the ban will do absolutely nothing to prevent drones from pestering NJ residents. 3:20pm- After pressure from Donald Trump, J.D. Vance, and Elon Musk, the massive 1,547-page stopgap spending bill was pulled from the House floor. With the proposed bipartisan continuing resolution bill seemingly shelved, Congress will need to craft a new piece of legislation in order to avoid a government shutdown at midnight on Friday. 3:40pm- Late night host Jimmy Kimmel proudly declared he has “Trump Derangement Syndrome”—and wonders why more people don't have “TDS.” No wonder his ratings aren't impressive. When will Jimmy Failla get his own weekday late night show? Will it be Spring—early Spring? mid-Spring? late-Spring???