Infrastructure important to national security
POPULARITY
In this episode of 'Cybersecurity Today', host Jim Love is joined by panelists Laura Payne from White Tuque and David Shipley from Beauceron Security to review significant cybersecurity events over the past month. The discussion covers various impactful stories such as the disappearance of a professor, a data breach at Hertz, and government officials using a commercial app during a conflict. They dive deep into the ransomware attack on PowerSchool and its implications for K-12 schools in North America. The conversation also highlights the vulnerability of critical infrastructures, including the food supply chain and the importance of robust cybersecurity measures. Finally, the panel touches upon the progression towards post-quantum encryption by major tech companies like AWS and Google, signaling advancements in securing future technologies. 00:00 Introduction and Panelist Welcome 00:20 Major Cybersecurity Incidents of the Month 02:04 PowerSchool Data Breach Analysis 04:11 Ransomware and Double Extortion Tactics 12:20 4chan Security Breach and Its Implications 16:31 Hertz Data Loss and Retail Cybersecurity 17:44 Critical Infrastructure and Cyber Regulation 27:03 The Importance of CVE Database 27:54 Debate on Vulnerability Scoring 30:17 Open Source Software and Geopolitical Risks 31:43 The Evolution and Challenges of Open Source 37:17 The Need for Software Regulation 46:50 Signal Gate and Compliance Issues 54:08 Post-Quantum Cryptography 56:10 Conclusion and Final Thoughts
This week on Caveat, Dave and Ben welcome back N2K's own Ethan Cook for our latest policy deep dive segment. As a trusted expert in law, privacy, and surveillance, Ethan is joining the show regularly to provide in-depth analysis on the latest policy developments shaping the cybersecurity and legal landscape. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney. Please take a moment to fill out an audience survey! Let us know how we are doing! Policy Deep Dive In this Caveat Policy Deep Dive, our conversation and analysis revolve around critical infrastructure policy. Throughout this conversation, we break down how critical infrastructure policy has evolved over the past fifteen years and what policies have been behind some of these advancements. Some key topics focused on during this conversation center on some of the centralization of infrastructure management policies, the creation of CISA, and how the second Trump administration is changing the federal government's approach when managing critical infrastructure. Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our Caveat Briefing, a weekly newsletter available exclusively to N2K Pro members on N2K CyberWire's website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week's Caveat Briefing a new bill that is gaining traction in Congress where Senators Merkley and Kennedy are looking to limit the TSA's facial scanning program. This law comes after the DHS announced an audit regarding how the TSA has used this technology. Curious about the details? Head over to the Caveat Briefing for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices
On this episode of Banking on KC, Joe Kessinger, CEO of HCI Energy, joins host Kelly Scanlon to discuss how the Kansas City-based company is revolutionizing energy delivery for telecom, public safety and underserved areas through sustainable hybrid power systems. Tune in to discover:How HCI Energy's technology provides reliable, renewable energy for mission-critical infrastructureThe environmental and economic benefits of hybrid power in remote and disaster-prone areasHow HCI Energy is contributing to social equity through energy access in underserved communitiesCountry Club Bank – Member FDIC
Software Engineering Radio - The Podcast for Professional Software Developers
Steve Summers speaks with SE Radio host Sam Taggart about securing test and measurement equipment. They start by differentiating between IT and OT (Operational Technology) and then discuss the threat model and how security has evolved in the OT space, including a look some of the key drivers. They then examine security challenges associated with a specific device called a CompactRIO, which combines a Linux real-time CPU with a field programmable gate array (FPGA) and some analog hardware for capturing signals and interacting with real-world devices. Brought to you by IEEE Computer Society and IEEE Software magazine.
Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Danielle Jablanski on Critical Infrastructure ProtectionPub date: 2025-05-11Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationDanielle Jablanski, Industrial Control Systems Strategist & Subject Matter Expert at CISA, joins the Nexus podcast to discuss her perspectives on critical infrastructure protection and government's role as a cybersecurity partner on implementation guidance and enablement. Danielle touches on a number of areas of CI security and protection, ranging from the challenges arising from the high percentage of private sector ownership of critical infrastructure, to the assistance available from CISA and other agencies to lesser-resourced entities in the 16 CI sectors. Listen and subscribe to the Nexus Podcast on your favorite platform.The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
In this episode of Cybersecurity Today, host David Shipley covers a range of cyber threats including the Venom Spider malware targeting HR professionals, the emergence of the Noodlofile info stealer disguised as an AI video generator, and misinformation campaigns amid the India-Pakistan conflict. Additionally, the episode discusses warnings from U.S. agencies about cyberattacks on the oil and gas sector, and highlights a recent interview with whistleblower Daniel Brules about security lapses at the National Labor Relations Board. 00:00 Introduction and Overview 00:33 Venom Spider Targets HR Professionals 02:12 Fake AI Video Generators and Noodlofile Malware 03:41 Misinformation Amid India-Pakistan Conflict 05:40 US Oil and Gas Infrastructure Under Threat 07:22 Conclusion and Final Thoughts
Danielle Jablanski, Industrial Control Systems Strategist & Subject Matter Expert at CISA, joins the Nexus podcast to discuss her perspectives on critical infrastructure protection and government's role as a cybersecurity partner on implementation guidance and enablement. Danielle touches on a number of areas of CI security and protection, ranging from the challenges arising from the high percentage of private sector ownership of critical infrastructure, to the assistance available from CISA and other agencies to lesser-resourced entities in the 16 CI sectors. Listen and subscribe to the Nexus Podcast on your favorite platform.
How prepared is your business for a ransomware attack? Not just to prevent it, but to continue operating when it happens. In this episode, I sit down with Trevor Dearing, Director of Critical Infrastructure at Illumio, to discuss the latest findings from their global ransomware report and what they reveal about cyber resilience. Trevor shares insight from a survey of more than 3,000 organisations across multiple sectors. The most concerning figure is that 58 percent of those impacted by ransomware were forced to halt operations. That number has risen sharply from 43 percent just two years ago. Despite this, many businesses in the UK still avoid reporting attacks, often due to fears around reputational damage or potential retaliation. Trevor explains why that reluctance is misguided and how public support, improved infrastructure, and more explicit government guidance could encourage more transparency. We also explore the rise of containment as a more practical and cost-effective approach than prevention alone. Rather than trying to stop every attack at the perimeter, organisations are learning how to isolate and limit damage quickly. Trevor explains how zero trust architecture, microsegmentation, and one-click containment tools are being used to keep systems operational even during an incident. Only 13 percent of organisations believe their cyber resilience exceeds what is required. Trevor helps us understand why this number remains low and where organisations should focus to shift from vulnerability to resilience. From evolving regulations to future applications of AI in security, this conversation covers what leaders need to know if they prepare for the next generation of cyber threats. To access Illumio's full ransomware report, visit illumio.com. Is your cyber resilience strategy built for recovery, or just defense?
Joshua Steinman is the co-founder and CEO of Galvanick, a cybersecurity company building tools to secure industrial infrastructure and AI systems.In this episode of World of DaaS, Joshua and Auren discuss:Foreign spies in tech companiesVulnerabilities in critical infrastructureLessons from Stuxnet and UkraineBuilding resilience against cyber threatsLooking for more tech, data and venture capital intel? Head to worldofdaas.com for our podcast, newsletter and events, and follow us on X @worldofdaas. You can find Auren Hoffman on X at @auren and Josh Steinman on X at @JoshuaSteinman. Editing and post-production work for this episode was provided by The Podcast Consultant (https://thepodcastconsultant.com)
Submarine cables are a hidden wonder. These fiber optic bundles carry data and voice traffic around the world and serve as critical global links for communication and commerce. Today on Packet Protector, guest Andy Champagne dives into the history of submarine cables, the technological and operational advancements that allow voice and data to travel hundreds... Read more »
Submarine cables are a hidden wonder. These fiber optic bundles carry data and voice traffic around the world and serve as critical global links for communication and commerce. Today on Packet Protector, guest Andy Champagne dives into the history of submarine cables, the technological and operational advancements that allow voice and data to travel hundreds... Read more »
During RSAC Conference 2025, Andrew Carney, Program Manager at DARPA, and (remotely via video) Dr. Kathleen Fisher, Professor at Tufts University and Program Manager for the AI Cyber Challenge (AIxCC), guide attendees through an immersive experience called Northbridge—a fictional city designed to showcase the critical role of AI in securing infrastructure through the DARPA-led AI Cyber Challenge.Inside Northbridge: The Stakes Are RealNorthbridge simulates the future of cybersecurity, blending AI, infrastructure, and human collaboration. It's not just a walkthrough — it's a call to action. Through simulated attacks on water systems, healthcare networks, and cyber operations, visitors witness firsthand the tangible impacts of vulnerabilities in critical systems. Dr. Fisher emphasizes that the AI Cyber Challenge isn't theoretical: the vulnerabilities competitors find and fix directly apply to real open-source software relied on by society today.The AI Cyber Challenge: Pairing Generative AI with Cyber ReasoningThe AI Cyber Challenge (AIxCC) invites teams from universities, small businesses, and consortiums to create cyber reasoning systems capable of autonomously identifying and fixing vulnerabilities. Leveraging leading foundation models from Anthropic, Google, Microsoft, and OpenAI, the teams operate with tight constraints—working with limited time, compute, and LLM credits—to uncover and patch vulnerabilities at scale. Remarkably, during semifinals, teams found and fixed nearly half of the synthetic vulnerabilities, and even discovered a real-world zero-day in SQLite.Building Toward DEFCON Finals and BeyondThe journey doesn't end at RSA. As the teams prepare for the AIxCC finals at DEFCON 2025, DARPA is increasing the complexity of the challenge—and the available resources. Beyond the competition, a core goal is public benefit: all cyber reasoning systems developed through AIxCC will be open-sourced under permissive licenses, encouraging widespread adoption across industries and government sectors.From Competition to CollaborationCarney and Fisher stress that the ultimate victory isn't in individual wins, but in strengthening cybersecurity collectively. Whether securing hospitals, water plants, or financial institutions, the future demands cooperation across public and private sectors.The Northbridge experience offers a powerful reminder: resilience in cybersecurity is built not through fear, but through innovation, collaboration, and a relentless drive to secure the systems we all depend on.___________Guest: Andrew Carney, AI Cyber Challenge Program Manager, Defense Advanced Research Projects Agency (DARPA) | https://www.linkedin.com/in/andrew-carney-945458a6/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com______________________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________ResourcesThe DARPA AIxCC Experience at RSAC 2025 Innovation Sandbox: https://www.rsaconference.com/usa/programs/sandbox/darpaLearn more and catch more stories from RSAC Conference 2025 coverage: https://www.itspmagazine.com/rsac25___________KEYWORDSandrew carney, kathleen fisher, marco ciappelli, sean martin, darpa, aixcc, cybersecurity, rsac 2025, defcon, ai cybersecurity, event coverage, on location, conference______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
During RSAC Conference 2025, Andrew Carney, Program Manager at DARPA, and (remotely via video) Dr. Kathleen Fisher, Professor at Tufts University and Program Manager for the AI Cyber Challenge (AIxCC), guide attendees through an immersive experience called Northbridge—a fictional city designed to showcase the critical role of AI in securing infrastructure through the DARPA-led AI Cyber Challenge.Inside Northbridge: The Stakes Are RealNorthbridge simulates the future of cybersecurity, blending AI, infrastructure, and human collaboration. It's not just a walkthrough — it's a call to action. Through simulated attacks on water systems, healthcare networks, and cyber operations, visitors witness firsthand the tangible impacts of vulnerabilities in critical systems. Dr. Fisher emphasizes that the AI Cyber Challenge isn't theoretical: the vulnerabilities competitors find and fix directly apply to real open-source software relied on by society today.The AI Cyber Challenge: Pairing Generative AI with Cyber ReasoningThe AI Cyber Challenge (AIxCC) invites teams from universities, small businesses, and consortiums to create cyber reasoning systems capable of autonomously identifying and fixing vulnerabilities. Leveraging leading foundation models from Anthropic, Google, Microsoft, and OpenAI, the teams operate with tight constraints—working with limited time, compute, and LLM credits—to uncover and patch vulnerabilities at scale. Remarkably, during semifinals, teams found and fixed nearly half of the synthetic vulnerabilities, and even discovered a real-world zero-day in SQLite.Building Toward DEFCON Finals and BeyondThe journey doesn't end at RSA. As the teams prepare for the AIxCC finals at DEFCON 2025, DARPA is increasing the complexity of the challenge—and the available resources. Beyond the competition, a core goal is public benefit: all cyber reasoning systems developed through AIxCC will be open-sourced under permissive licenses, encouraging widespread adoption across industries and government sectors.From Competition to CollaborationCarney and Fisher stress that the ultimate victory isn't in individual wins, but in strengthening cybersecurity collectively. Whether securing hospitals, water plants, or financial institutions, the future demands cooperation across public and private sectors.The Northbridge experience offers a powerful reminder: resilience in cybersecurity is built not through fear, but through innovation, collaboration, and a relentless drive to secure the systems we all depend on.___________Guest: Andrew Carney, AI Cyber Challenge Program Manager, Defense Advanced Research Projects Agency (DARPA) | https://www.linkedin.com/in/andrew-carney-945458a6/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com______________________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________ResourcesThe DARPA AIxCC Experience at RSAC 2025 Innovation Sandbox: https://www.rsaconference.com/usa/programs/sandbox/darpaLearn more and catch more stories from RSAC Conference 2025 coverage: https://www.itspmagazine.com/rsac25___________KEYWORDSandrew carney, kathleen fisher, marco ciappelli, sean martin, darpa, aixcc, cybersecurity, rsac 2025, defcon, ai cybersecurity, event coverage, on location, conference______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
The world is becoming, if not a more dangerous place, then perhaps a testier one. Over the past decade or so, we've seen an intensifying staccato of cyber attacks against critical infrastructure and other large facilities, which can, of course, bring with it huge financial and operational problems. It is increasingly not just a problem for individual companies, but for nations as a whole. Private companies may own energy assets, for example, but an attack that disrupts that energy supply is a national security issue. What we have seen in response to this is a strengthened focus on cybersecurity that focuses on operational technology – the physical realm – not just the digital IT side of the ledger. More and more investors are looking to back startups that protect not just data and digital systems, but physical systems that people depend on for their daily lives. Joining me today is Stephen Hurford, who sits in the host seat to ask me about it for a change. The post Protecting critical infrastructure is big business appeared first on CVC Unplugged.
Transcend is fundamentally changing how engineers design our world's essential infrastructure through their generative design platform. With $35 million in funding, including investment from industry giant Autodesk, Transcend is automating and optimizing the planning and conceptual design phases for infrastructure projects that typically cost tens to hundreds of millions of dollars. In this episode of Category Visionaries, we spoke with Adam Tank about how Transcend is creating an entirely new category while helping societies build more sustainable, efficient infrastructure from wastewater treatment plants to power systems. Topics Discussed: How Transcend's platform automates preliminary infrastructure design that traditionally requires months of manual work The shift from a consumption-based pricing model to a flat-rate subscription that accelerated user adoption Building a brand in a highly technical, conservative engineering market Leveraging trade partnerships and owned media to educate potential customers The importance of creating a category around "Generative Design for Critical Infrastructure" How strategic investment from Autodesk removed concerns about startup viability The challenge of selling to technical stakeholders who are resistant to change GTM Lessons For B2B Founders: Validate before building: Adam emphasizes trying to sell your solution before building it. "A lot of entrepreneurs fall into this mindset of 'if you build it, they will come'... Selling it, marketing it, is substantially harder in most cases than building the actual product itself." Education-first marketing for technical buyers: When selling to engineers, plan for 10x more educational content than you might expect. "If I thought we needed to spend four hours a week doing it, we're spending 40 hours a week doing it across both sales and marketing teams." Create webinars, case studies, and detailed content that helps your technical audience understand and trust your solution. Invest in owned media channels: Don't rely solely on platforms you don't control. Transcend created a newsletter reaching 16,000 engineers worldwide that isn't directly branded as Transcend but provides immense value and establishes authority. "If you rely on SEO only, or LinkedIn only... anything can change overnight." Leverage trade partners for amplified reach: Instead of building everything yourself, tap into established networks in your industry. "We'll spend upwards of $5,000 to tap into someone else's network... and we'll get a thousand or more registrants and we've had half or more show up to the webinar, which is almost unheard of." Challenge assumptions with data: Events are often assumed to be critical for relationship-based B2B sales, but Transcend found that "online events, webinars, our newsletters, our social media even, are far more consistent generator of high quality leads than events are for the spend." Rethink pricing to encourage adoption: For complex products requiring significant user education, consumption-based pricing can unintentionally discourage exploration. "We made a big change about a year and a half or so into the company to move away from that consumption based pricing into just a flat rate model... We just want them in the tool, we just want them playing around with it." Balance founder personal brand with company visibility: Adam maintains what he calls a "70-20-10" approach—70% water industry focus, 20% Transcend, and 10% personal. "People like to buy from people. They don't buy from companies. So the extent that a company can have a face that's out front that they can get to know and trust... is super important." // Sponsors: Front Lines — We help B2B tech companies launch, manage, and grow podcasts that drive demand, awareness, and thought leadership. www.FrontLines.io The Global Talent Co. — We help tech startups find, vet, hire, pay, and retain amazing marketing talent that costs 50-70% less than the US & Europe. www.GlobalTalent.co
About the speaker: Recorded: 04/23/2025 CERIAS Security Seminar at Purdue University Using Side-Channels for Critical Infrastructure Protection Tristen Mullins, ORNL Dr. Tristen Mullins is a cybersecurity professional specializing in side-channel analysis, cyber-physical systems security, and supply chain integrity. Currently an R&D Associate and Signal Processing Engineer at Oak Ridge National Laboratory (ORNL), she conducts innovative research at the intersection of hardware security and national security. Dr.Mullins earned her Ph.D. in Computing from the University of South Alabama in2022, where she focused on developing novel defense mechanisms against side-channel attacks and made significant contributions to adaptive security architectures. At ORNL, she leads initiatives in critical infrastructure protection and cyber resilience while actively mentoring students and promoting cybersecurity education. Additionally, Dr. Mullins plays a vital role in the National Security Sciences Academy and has founded the IEEE East Tennessee Section Young Professionals Affiliate Group to support emerging engineers.Honored with multiple awards for her contributions and leadership, she remains dedicated to enhancing the security of next-generation computing systems through collaboration with both federal agencies and industry leaders.
Government attention to the security and resilience of subsea telecommunications cables has intensified in recent years. While largely owned and operated by private companies, a growing number of states now qualify or designate the systems as critical, if not strategic infrastructure, the security and resilience of which are vital to economic and societal well-being, national security and much else. In her address to the IIEA, Dr Camino Kavanagh discusses government efforts to protect the infrastructure in the current geopolitical context, examining how such efforts - and the different challenges that emerge - contribute to the global telecommunications systems' core resilience capacities. About the Speaker: Dr. Camino Kavanagh is a Senior Fellow with the UN Institute for Disarmament Research (UNIDIR) and a Visiting Senior Fellow with the Dept. of War Studies, King's College London. Her current research focuses on international security, conflict and technology as well as emerging issues relevant to critical subsea infrastructure. Camino is also Senior Digital Advisor to the UN Department of Political Affairs' Policy and Mediation Division. She served as advisor/rapporteur to the 2019-2021 and 2016-2017 UN negotiating processes on cyber/ICT and international security (UNGGE and UNOEWG). Over the past decade she has also advised and consulted with the UN Secretary-General's office, the UN Office for Disarmament Affairs (UNODA), the UN Office on Drugs and Crime (UNODC), the European Commission, the Organization for Security and Cooperation in Europe, the Organization of American States, as well as with government departments and agencies on issues pertaining to national/international security, conflict and diplomacy. Prior to this, Camino spent over a decade working in conflict and post-conflict contexts, including with UN peacekeeping operations and political missions.
Two widespread communications failures in the Northland storm and Otago-Southland within two days last week have again exposed the vulnerability of critical infrastructure. Phil Pennington spoke to Ingrid Hipkiss.
Podcast: PrOTect It All (LS 25 · TOP 10% what is this?)Episode: Simplifying OT Cybersecurity: Tools and Strategies for Non-Experts in Critical Infrastructure with Steve KissPub date: 2025-04-21Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of Protect It All, host Aaron Crow sits down with Steve Kiss, founder and CEO of IPMeter, for an eye-opening discussion on the future of OT (Operational Technology) and IT cybersecurity. With over 25 years of hands-on experience, Steve shares his journey from network engineering to designing practical cybersecurity tools for real-world OT environments. They dive into the unique challenges faced by operators in sectors like wastewater treatment, building management, and power utilities—where frontline professionals often shoulder critical cybersecurity responsibilities without formal training or extensive resources. Steve and Aaron emphasize the urgent need for simple, scalable, and reliable tools that empower these “full stack” operators to secure critical infrastructure effectively. From bridging the IT-OT divide to managing legacy system risks and improving procurement practices, this conversation offers actionable insights for municipalities, utilities, and smaller organizations aiming to take greater ownership of their cyber defenses. Packed with real-world examples, strategic advice, and a touch of industry humor, this episode is essential listening for anyone focused on protecting essential services and strengthening community resilience. Key Moments: 10:40 Understanding Factory Acceptance Test (FAT) 16:41 Transitioning to Local Water Management 19:52 Compliance and Cybersecurity Standards 25:03 "Digital Spins on Security Concepts" 32:30 Standardizing Power Systems Configurations 35:00 Basic Security Steps for Operators 40:28 Balancing IoT Features and Control 45:01 Durability and Setup for Rail Tech 48:58 "Basic Network Foundations Needed" 54:35 Wastewater's Overlooked Importance About the guest: Steve Kiss is a seasoned cybersecurity leader with over two decades of experience in engineering, infrastructure security, and strategic leadership. As the inventor of IPMeter™ and a contributor to the NIST 800-53 SP2 standards, he has played a pivotal role in advancing vulnerability management practices. Throughout his career, Steve has been deeply involved in the design, construction, and security of critical infrastructure across sectors such as aviation, defense, data centers, and utilities. His expertise uniquely bridges the worlds of operational technology (OT) and information technology (IT), addressing the evolving challenges of modern network environments. In addition to founding multiple companies focused on infrastructure security, Steve regularly shares his insights at industry events, including the IMRON Security & Safety Summit at SoFi Stadium. He also publishes a weekly newsletter, HOTw (Hack of the Week), spotlighting trends and incidents in OT cybersecurity. Through his latest venture, IPMeter, Steve continues to drive innovation in cybersecurity testing and resilience. How to connect Steve : Website for IPMeter www.ipmeter.net LinkedIn https://www.linkedin.com/in/stevekiss/ Blog (once to twice a month- includes HOTw (IoT hack of the week) https://www.ipmeter.net/blog Contact for IPMeter demos sales@ipmeter.net Connect With Aaron Crow: Website: www.corvosec.com LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co Website: https://protectitall.co/ X: https://twitter.com/protectitall YouTube: https://www.youtube.com/@PrOTectITAll FaceBook: https://facebook.com/protectitallpodcast To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Join The Audit as we dive into the high-stakes intersection of critical infrastructure and cybersecurity with Tim Herman, President of InfraGard Minnesota. InfraGard is a unique public-private partnership with the FBI designed to protect the 85% of America's essential systems owned by the private sector. From power grids to transportation, the vulnerabilities are real—and increasingly complex. In this episode, we discuss: How joystick-operated tugboats on the Mississippi reveal hidden cyber risks Why tabletop exercises are vital for incident readiness Common mistakes in organizational response plans (and how to fix them) The importance of physical backups and redundant communication systems Actionable steps to bridge the gap between planning and execution Cybersecurity isn't just an IT issue—it's national security. Don't miss this compelling conversation on how InfraGard is helping organizations build resilience before the next breach hits. Like, share, and subscribe for more expert insights from the frontlines of cybersecurity.
In this episode of Audience 1st Podcast, Dani sits down with Kristin Demoranville, CEO of Anzen Sage and host of the Bites & Bytes podcast, to uncover the hidden vulnerabilities in one of the world's most overlooked critical infrastructure sectors: food and agriculture. From insider threats in peanut processing to cyber attacks that disrupt egg supply chains, Kristin breaks down why OT security in food systems isn't just about uptime, it's about human lives, brand trust, and national resilience. She pulls no punches, sharing raw stories from the frontlines: Why cybersecurity leaders in food facilities are flying blind What happened when nobody spoke up at Boar's Head How misinformation campaigns are now a cyber risk vector Why “brown cows make chocolate milk” isn't just a joke—it's a symptom of a dangerous knowledge gap We also unpack: The behavioral blind spots holding back executive buy-in Why empathy, not just engineering, is the key to securing food systems What must change in the next 5 years to avoid preventable tragedies
EDITORIAL: PH must redefine critical infrastructure | Apr. 19, 2025Subscribe to The Manila Times Channel - https://tmt.ph/YTSubscribe Visit our website at https://www.manilatimes.net Follow us: Facebook - https://tmt.ph/facebook Instagram - https://tmt.ph/instagram Twitter - https://tmt.ph/twitter DailyMotion - https://tmt.ph/dailymotion Subscribe to our Digital Edition - https://tmt.ph/digital Check out our Podcasts: Spotify - https://tmt.ph/spotify Apple Podcasts - https://tmt.ph/applepodcasts Amazon Music - https://tmt.ph/amazonmusic Deezer: https://tmt.ph/deezer Stitcher: https://tmt.ph/stitcherTune In: https://tmt.ph/tunein #TheManilaTimes#VoiceOfTheTimes Hosted on Acast. See acast.com/privacy for more information.
In this edition of Between Two Nerds Tom Uren and The Grugq look at the idea of global critical infrastructure. One common example is submarine cables, which are globally important but are vulnerable because they are hard to defend. But what about services from tech giants? Are they global critical infrastructure? This episode is also available on Youtube. Show notes
In this episode of the cybersecurity month-end review, host Jim Love is joined by Daina Proctor from IBM in Ottawa, Randy Rose from The Center for Internet Security from Saratoga Springs, and David Shipley, CEO of Beauceron Security from Fredericton. The panel discusses major cybersecurity stories from the past month, including the Oracle Cloud breach and its communication failures, the misuse of Signal by U.S. government officials, and global cybersecurity regulation efforts such as the UK's new critical infrastructure laws. They also cover notable incidents like the Kuala Lumpur International Airport ransomware attack and the NHS Scotland cyberattack, the continuous challenges of EDR bypasses, and the importance of fusing anti-fraud and cybersecurity efforts. The discussion emphasizes the need for effective communication and stringent security protocols amidst increasing cyber threats. 00:00 Introduction and Panelist Introductions 01:25 Oracle Cloud Breach: A Case Study in Incident Communication 10:13 Signal Group Chat Controversy 20:16 Leadership and Cybersecurity Legislation 23:30 Cybersecurity Certification Program Overview 24:27 Challenges in Cybersecurity Leadership 24:59 Importance of Data Centers and MSPs 26:53 UK Cybersecurity Bill and MSP Standards 28:09 Cyber Essentials and CMMC Standards 32:47 EDR Bypasses and Small Business Security 39:32 Ransomware Attacks on Critical Infrastructure 43:34 Law Enforcement and Cybercrime 47:24 Conclusion and Final Thoughts
Researchers at the Pacific Northwest National Laboratory have found a new element in critical infrastructure protection. They've discovered how the algorithms that rank pages in internet searches also can help planners better understand how to prevent cascading failures in electrical or water systems. Here with how it all works, PNNL mathematician Bill Kay. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
Researchers at the Pacific Northwest National Laboratory have found a new element in critical infrastructure protection. They've discovered how the algorithms that rank pages in internet searches also can help planners better understand how to prevent cascading failures in electrical or water systems. Here with how it all works, PNNL mathematician Bill Kay. Learn more about your ad choices. Visit podcastchoices.com/adchoices
Should space be designated as critical infrastructure? What are the threats we're facing in space for cybersecurity? We tackle these questions with our guest Jake Braun, former White House Principal Deputy National Cyber Director and chairman of DEF CON Franklin. You can connect with Jake on LinkedIn. Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey. It'll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Roman Arutyunov is the Co-founder and SVP of Products at Xage Security, a Series B startup focused on protecting critical infrastructure—including energy systems—from cyber threats. Xage is backed by investors like Chevron Technology Ventures, Aramco, Piva Capital, Valor Equity Partners, and Overture.Cybersecurity is a growing concern as our energy systems become more distributed, electrified, and digitally connected. We spoke with Roman about the vulnerabilities in today's infrastructure, the motivations behind cyberattacks, and how the rise of AI is changing the cybersecurity landscape.In this episode, we cover: [2:11] Introduction to Xage Security[3:12] Cybersecurity 101: Ransomware, nation-state threats, and attacker motivations[7:10] Operational tech (OT) vs. information tech (IT)[13:29] Xage's Zero Trust security approach[15:45] Customer segments and differing security challenges[20:47] Navigating regulations vs. fast deployment timelines[23:40] How AI is shaping both threats and defenses[28:00] When multifactor authentication becomes a vulnerability[31:59] Real-world cyberattacks on energy systems[34:10] Xage's funding history and growth trajectoryEpisode recorded on Feb 20, 2025 (Published on Mar 26, 2025) Enjoyed this episode? Please leave us a review! Share feedback or suggest future topics and guests at info@mcj.vc.Connect with MCJ:Cody Simms on LinkedInVisit mcj.vcSubscribe to the MCJ Newsletter*Editing and post-production work for this episode was provided by The Podcast Consultant
From energy and wastewater treatment to communications, banking, and beyond, critical infrastructure are those assets, systems, and networks that support our daily lives. Any compromise to these resources, whether malicious or unintended, could have debilitating national security, economic, and public safety consequences. Yet, our critical infrastructure remains vulnerable. And in an era of rising geopolitical tensions, it is also an easy and attractive target for nation state attackers. Solar Winds and more recently Salt Typhoon are two of many examples. In this podcast, we explore the where's and why's of critical infrastructure vulnerability and associated compliance concerns, along with some strategies and best practices to improve critical infrastructure security and resilience.
Michael Lucci is the founder, CEO, and chairman of State Armor. He helps states enact policies and solutions that protect their assets from foreign adversaries like communist China.“They're trying to invade our homeland, and they likely have developed the capacity to make life very difficult, to create crises within the United States—whether it's power, whether it's wastewater treatment, whether it's telecommunications,” he says. “They have laws that require those companies to engage in espionage. So why are we letting them sell connected devices of any type into the United States?”In this episode, we dive deep into how the Chinese regime has managed to infiltrate our critical infrastructure and communications systems at the local, state, and federal levels.“It's the largest military buildup since World War Two is what China is doing right now,” says Lucci. “If they're just in our back doors, listening, reading, following everything we're doing, following the pattern of life for important officials across the country, that's a pretty deep problem.”Views expressed in this video are opinions of the host and the guest, and do not necessarily reflect the views of The Epoch Times.
Podcast: RSA ConferenceEpisode: Unpacking the Critical Infrastructure Track: A Committee PerspectivePub date: 2025-03-07Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this Podcast, we're joined by the Critical Infrastructure Program Committees to discuss the exciting submissions they've received for RSAC 2025. We'll delve into the key trends they observed, what submissions stood out to them, and what they're most looking forward to experiencing at Conference. Tune in to hear valuable insights and reflections from these industry experts. Speakers: Dawn Cappelli, Director, OT-CERT, Dragos Patrick Miller, CEO, Ampyx Cyber John Johnson, CISO, Docent Institute, & Founder/CEO, Aligned Security Tatyana Sanchez, Content & Program Coordinator, RSAC Kacy Zurkus, Director, Content, RSACThe podcast and artwork embedded on this page are from RSA Conference, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
⬥GUEST⬥Sarah Fluchs, CTO at admeritia | CRA Expert Group at EU Commission | On LinkedIn: https://www.linkedin.com/in/sarah-fluchs/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin⬥EPISODE NOTES⬥The European Commission's Cyber Resilience Act (CRA) introduces a regulatory framework designed to improve the security of digital products sold within the European Union. In a recent episode of Redefining CyberSecurity, host Sean Martin spoke with Sarah Fluchs, Chief Technology Officer at admeritia and a member of the CRA expert group at the EU Commission. Fluchs, who has spent her career in industrial control system cybersecurity, offers critical insights into what the CRA means for manufacturers, retailers, and consumers.A Broad Scope: More Than Just Industrial AutomationUnlike previous security regulations that focused on specific sectors, the CRA applies to virtually all digital products. Fluchs emphasizes that if a device is digital and sold in the EU, it likely falls under the CRA's requirements. From smartwatches and baby monitors to firewalls and industrial control systems, the regulation covers a wide array of consumer and business-facing products.The CRA also extends beyond just hardware—software and services required for product functionality (such as cloud-based components) are also in scope. This broad application is part of what makes the regulation so impactful. Manufacturers now face mandatory cybersecurity requirements that will shape product design, development, and post-sale support.What the CRA RequiresThe CRA introduces mandatory cybersecurity standards across the product lifecycle. Manufacturers will need to:Ensure products are free from known, exploitable vulnerabilities at the time of release.Implement security by design, considering cybersecurity from the earliest stages of product development.Provide security patches for the product's defined lifecycle, with a minimum of five years unless justified otherwise.Maintain a vulnerability disclosure process, ensuring consumers and authorities are informed of security risks.Include cybersecurity documentation, requiring manufacturers to provide detailed security instructions to users.Fluchs notes that these requirements align with established security best practices. For businesses already committed to cybersecurity, the CRA should feel like a structured extension of what they are already doing, rather than a disruptive change.Compliance Challenges: No Detailed Checklist YetOne of the biggest concerns among manufacturers is the lack of detailed compliance guidance. While other EU regulations provide extensive technical specifications, the CRA's security requirements span just one and a half pages. This ambiguity is intentional—it allows flexibility across different industries—but it also creates uncertainty.To address this, the EU will introduce harmonized standards to help manufacturers interpret the CRA. However, with tight deadlines, many of these standards may not be ready before enforcement begins. As a result, companies will need to conduct their own cybersecurity risk assessments and demonstrate due diligence in securing their products.The Impact on Critical Infrastructure and Industrial SystemsWhile the CRA is not specifically a critical infrastructure regulation, it has major implications for industrial environments. Operators of critical systems, such as utilities and manufacturing plants, will benefit from stronger security in the components they rely on.Fluchs highlights that many security gaps in industrial environments stem from weak product security. The CRA aims to fix this by ensuring that manufacturers, rather than operators, bear the responsibility for secure-by-design components. This shift could significantly reduce cybersecurity risks for organizations that rely on complex supply chains.A Security Milestone: Holding Manufacturers AccountableThe CRA represents a fundamental shift in cybersecurity responsibility. For the first time, manufacturers, importers, and retailers must guarantee the security of their products or risk being banned from selling in the EU.Fluchs points out that while the burden of compliance is significant, the benefits for consumers and businesses will be substantial. Security-conscious companies may even gain a competitive advantage, as customers start to prioritize products that meet CRA security standards.For those in the industry wondering how strictly the EU will enforce compliance, Fluchs reassures that the goal is not to punish manufacturers for small mistakes. Instead, the EU Commission aims to improve cybersecurity without unnecessary bureaucracy.The Bottom LineThe Cyber Resilience Act is set to reshape cybersecurity expectations for digital products. While manufacturers face new compliance challenges, consumers and businesses will benefit from stronger security measures, better vulnerability management, and increased transparency.Want to learn more? Listen to the full episode of Redefining CyberSecurity with Sean Martin and Sarah Fluchs to hear more insights into the CRA and what it means for the future of cybersecurity.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/sarah-fluchs_aaand-its-official-the-cyber-resilience-activity-7250162223493300224-zECA/Adopted CRA text: https://data.consilium.europa.eu/doc/document/PE-100-2023-INIT/en/pdfA list of Sarah's blog posts to get your CRA knowledge up to speed:1️⃣ Introduction to the CRA, the CE marking, and the regulatory ecosystem around it: https://fluchsfriction.medium.com/eu-cyber-resilience-act-9e092fffbd732️⃣ Explanation how the standards ("harmonised European norms, hEN") are defined that will detail the actual cybersecurity requirements in the CRA (2023): https://fluchsfriction.medium.com/what-cybersecurity-standards-will-products-in-the-eu-soon-have-to-meet-590854ba3c8c3️⃣ Overview of the essential requirements outlined in the CRA (2024): https://fluchsfriction.medium.com/what-the-cyber-resilience-act-requires-from-manufacturers-0ee0b917d2094️⃣ Overview of the global product security regulation landscape and how the CRA fits into it (2024): https://fluchsfriction.medium.com/product-security-regulation-in-2024-93ddc6dd89005️⃣ Good-practice example for the "information and instructions to the user," one of the central documentations that need to be written for CRA compliance and the only one that must be provided to the product's users (2024): https://fluchsfriction.medium.com/how-to-be-cra-compliant-and-make-your-critical-infrastructure-clients-happy-441ecd859f52⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity:
⬥GUEST⬥Sarah Fluchs, CTO at admeritia | CRA Expert Group at EU Commission | On LinkedIn: https://www.linkedin.com/in/sarah-fluchs/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin⬥EPISODE NOTES⬥The European Commission's Cyber Resilience Act (CRA) introduces a regulatory framework designed to improve the security of digital products sold within the European Union. In a recent episode of Redefining CyberSecurity, host Sean Martin spoke with Sarah Fluchs, Chief Technology Officer at admeritia and a member of the CRA expert group at the EU Commission. Fluchs, who has spent her career in industrial control system cybersecurity, offers critical insights into what the CRA means for manufacturers, retailers, and consumers.A Broad Scope: More Than Just Industrial AutomationUnlike previous security regulations that focused on specific sectors, the CRA applies to virtually all digital products. Fluchs emphasizes that if a device is digital and sold in the EU, it likely falls under the CRA's requirements. From smartwatches and baby monitors to firewalls and industrial control systems, the regulation covers a wide array of consumer and business-facing products.The CRA also extends beyond just hardware—software and services required for product functionality (such as cloud-based components) are also in scope. This broad application is part of what makes the regulation so impactful. Manufacturers now face mandatory cybersecurity requirements that will shape product design, development, and post-sale support.What the CRA RequiresThe CRA introduces mandatory cybersecurity standards across the product lifecycle. Manufacturers will need to:Ensure products are free from known, exploitable vulnerabilities at the time of release.Implement security by design, considering cybersecurity from the earliest stages of product development.Provide security patches for the product's defined lifecycle, with a minimum of five years unless justified otherwise.Maintain a vulnerability disclosure process, ensuring consumers and authorities are informed of security risks.Include cybersecurity documentation, requiring manufacturers to provide detailed security instructions to users.Fluchs notes that these requirements align with established security best practices. For businesses already committed to cybersecurity, the CRA should feel like a structured extension of what they are already doing, rather than a disruptive change.Compliance Challenges: No Detailed Checklist YetOne of the biggest concerns among manufacturers is the lack of detailed compliance guidance. While other EU regulations provide extensive technical specifications, the CRA's security requirements span just one and a half pages. This ambiguity is intentional—it allows flexibility across different industries—but it also creates uncertainty.To address this, the EU will introduce harmonized standards to help manufacturers interpret the CRA. However, with tight deadlines, many of these standards may not be ready before enforcement begins. As a result, companies will need to conduct their own cybersecurity risk assessments and demonstrate due diligence in securing their products.The Impact on Critical Infrastructure and Industrial SystemsWhile the CRA is not specifically a critical infrastructure regulation, it has major implications for industrial environments. Operators of critical systems, such as utilities and manufacturing plants, will benefit from stronger security in the components they rely on.Fluchs highlights that many security gaps in industrial environments stem from weak product security. The CRA aims to fix this by ensuring that manufacturers, rather than operators, bear the responsibility for secure-by-design components. This shift could significantly reduce cybersecurity risks for organizations that rely on complex supply chains.A Security Milestone: Holding Manufacturers AccountableThe CRA represents a fundamental shift in cybersecurity responsibility. For the first time, manufacturers, importers, and retailers must guarantee the security of their products or risk being banned from selling in the EU.Fluchs points out that while the burden of compliance is significant, the benefits for consumers and businesses will be substantial. Security-conscious companies may even gain a competitive advantage, as customers start to prioritize products that meet CRA security standards.For those in the industry wondering how strictly the EU will enforce compliance, Fluchs reassures that the goal is not to punish manufacturers for small mistakes. Instead, the EU Commission aims to improve cybersecurity without unnecessary bureaucracy.The Bottom LineThe Cyber Resilience Act is set to reshape cybersecurity expectations for digital products. While manufacturers face new compliance challenges, consumers and businesses will benefit from stronger security measures, better vulnerability management, and increased transparency.Want to learn more? Listen to the full episode of Redefining CyberSecurity with Sean Martin and Sarah Fluchs to hear more insights into the CRA and what it means for the future of cybersecurity.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/sarah-fluchs_aaand-its-official-the-cyber-resilience-activity-7250162223493300224-zECA/Adopted CRA text: https://data.consilium.europa.eu/doc/document/PE-100-2023-INIT/en/pdfA list of Sarah's blog posts to get your CRA knowledge up to speed:1️⃣ Introduction to the CRA, the CE marking, and the regulatory ecosystem around it: https://fluchsfriction.medium.com/eu-cyber-resilience-act-9e092fffbd732️⃣ Explanation how the standards ("harmonised European norms, hEN") are defined that will detail the actual cybersecurity requirements in the CRA (2023): https://fluchsfriction.medium.com/what-cybersecurity-standards-will-products-in-the-eu-soon-have-to-meet-590854ba3c8c3️⃣ Overview of the essential requirements outlined in the CRA (2024): https://fluchsfriction.medium.com/what-the-cyber-resilience-act-requires-from-manufacturers-0ee0b917d2094️⃣ Overview of the global product security regulation landscape and how the CRA fits into it (2024): https://fluchsfriction.medium.com/product-security-regulation-in-2024-93ddc6dd89005️⃣ Good-practice example for the "information and instructions to the user," one of the central documentations that need to be written for CRA compliance and the only one that must be provided to the product's users (2024): https://fluchsfriction.medium.com/how-to-be-cra-compliant-and-make-your-critical-infrastructure-clients-happy-441ecd859f52⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity:
Daniel M. Gerstein is a senior policy researcher at RAND and a professor of policy analysis at Pardee RAND Graduate School. Previously, he served at the U.S. Department of Homeland Security (DHS) as under secretary (acting) and deputy under secretary in the Science & Technology Directorate. Emerging Technology and risk Assessment: The Space Domain and Critical Infrastructure
Andy goes solo this week, providing some initial updates relating to the ISAC community and last week's Security Sprint focus on government transition and related concerns, then diving into a quick rundown of enduring threats and issuessecurity leaders may want to think about as part of their broader security and resilience efforts. · Crypto ISAC! FBI PSA - North Korea Responsible for $1.5 Billion Bybit Hack· Insider Threats: US intel shows Russia and China are attempting to recruit disgruntled federal employees, sources say· US – Russia Cyber Operations:· CISA on X: “CISA's mission is to defend against all cyber threats to U.S. Critical Infrastructure, including from Russia. There has been no change in our posture. Any reporting to the contrary is fake and undermines our national security.”· Exclusive: Hegseth orders Cyber Command tostand down on Russia planning· Trump administration retreats in fight against Russian cyber threats· Risky Bulletin: Trump administration stops treating Russian hackers as a threat· Ranking Member Thompson: Trump Weakens National Security and Puts Our Critical Infrastructure at Risk as He Capitulates to Russia Main Topics The Physical and Cyber Supply chain!Manmade Threats Terrorismo Minneapolis Man Arrested for Attempting toProvide Material Support to ISISo One dead after car drives into crowd in German city of Mannheimo Tajik National Arrested in Brooklyn for Conspiring to Provide Material Support to ISISProtests, Anger, Targeted Threatso Tesla Takedown and other political protestso Police Investigate Shooting at InsuranceCEO's Oregon Home: Reportso State Accident Insurance Fund CEO targeted interrifying attack by hooded gunman at his Oregon homeo Chairmen Gimenez, Green Introduce Bill To Address Vehicular Terrorism As Threat Grows Weather, Climate & Environmento Hurricane Season is coming, and the USG may be less prepared and less able to respondo Wildfires scorch the Carolinas, SC Governor McMaster declares state of emergencyo Wildfires Break Out in the Carolinas, Prompting Evacuationso Carolina Fire Maps Show Where Blazes Burning in North, South Carolina Health preparednesso Texas measles outbreak rises to 146 caseso Texas Official Warns Against ‘MeaslesParties' Amid Growing Outbreako RFK Jr. urges people to get vaccinated amiddeadly Texas outbreako NewsGuard: Vaccines Falsely Blamed for Measles Outbreak Cyber Threats:o BEC & ransomwareo Blended Threats: Modat - Doors Wide Open: hundreds of thousands of employees exposed & related: Over 49,000 misconfigured building access systems exposed online.o Critical dependencieso Info Ops: Russian propaganda may be flooding AI models Quick Hits Take9!!! A Disney Worker Downloaded an AI Tool. It Ledto a Hack That Ruined His Life
Podcast: Hack the Plant (LS 35 · TOP 3% what is this?)Episode: From the ArchivesPub date: 2025-02-28Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationFor the final episode of the season, our host Bryson Bort reflects on four years and forty episodes of Hack the Plan[e]t, and picks a few favorites. Episode 8, DoD and Critical Infrastructure: https://hack-the-plant.simplecast.com/episodes/dod-and-critical-infrastructureEpisode 10, The Congressman, The Commission and Our Critical Infrastructure: https://hack-the-plant.simplecast.com/episodes/the-congressman-the-commission-and-our-critical-infrastructureEpisode 27, Managing Incident Responses to Critical Infrastructure Attacks: https://hack-the-plant.simplecast.com/episodes/managing-incident-responses-to-critical-infrastructure-attacksEpisode 28, Cyber Threat Intelligence Over the Past 25 Years: https://hack-the-plant.simplecast.com/episodes/cyber-threat-intelligence-over-the-past-25-yearsEpisode 36, Supporting Ukrainian Electrical Grid Resilience in Wartime: https://hack-the-plant.simplecast.com/episodes/supporting-ukrainian-electrical-grid-resilience-in-wartime-mxxhn2g3Hack the Plant is brought to you by ICS Village and the Institute for Security and Technology. The podcast and artwork embedded on this page are from Bryson Bort, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
In the first of a two-part series focused on NCITE's cyber threats research, Erin sits down with Deanna House, Ph.D., head of NCITE's Cyber Threat Analysis Lab and UNO assistant professor in the College of Information Science and Technology. House discusses her team's research on how deepfakes could be used to undermine a critical infrastructure sector's organizational reputation, financial health, and data security.
In the second episode of a two-part series on NCITE's cyber threats research, Erin sits down with NCITE researchers and political scientists Ryan Shandler, Ph.D., and Jon Lindsay, Ph.D., both of the Georgia Tech School of Cybersecurity and Privacy. They discuss their research on the level of risk posed to each of the nation's 16 critical infrastructure sectors and their effort to model which sectors would be most attractive to malevolent actors.
What if the moments we consider mundane or accidental hold the power to reshape our lives? In this week's Scaling UP! H2O Podcast, we welcome back Adam Tank, water industry leader and author of Luck by Design. Known for his thought-provoking insights and transformational ideas, Adam takes us on a journey to uncover how intentionality and awareness can turn everyday moments into catalysts for success. Whether you're navigating career choices or striving for personal growth, this episode is your roadmap to designing the life you've always wanted. In this candid and engaging conversation, Adam shares the inspiration behind Luck by Design, a book that reveals how seemingly small moments—what he calls “catalyst moments”—can create a ripple effect of positive change. He opens up about his own transformative experiences, including a fateful missed bus stop in Rio that changed his career path forever. Through his stories, Adam challenges us to look closer at our own lives and recognize the opportunities hiding in plain sight. This episode reminds us that success isn't a matter of chance—it's a matter of choice. Whether it's writing a life-changing postcard, stepping out of your comfort zone, or simply taking a moment to reflect, small, intentional actions can create lasting impact. And as Adam's journey shows, the connections we nurture and the opportunities we embrace shape not just our lives, but the lives of those around us. Your next big opportunity might already be in front of you—it's up to you to see it, seize it, and act on it. In this episode, Adam Tank proves that designing your own success is less about waiting for luck and more about creating it. Are you ready to take charge of your moments? Stay engaged, keep learning, and continue scaling up your knowledge! Timestamps 01:36 - Trace Blackmore shares Valentine's Day origin and learning takeaway 03:03 - Upcoming Events for Water Treatment Professionals 07:09 - Interview with Adam Tank, co-founder and chief customer officer at Transcend, water industry leader and author of Luck by Design 27:16 - Adam discusses the "chapstick moment" and how small moments can lead to life-changing decisions 55:10 - Water You Know with James McDonald Quotes "These catalyst moments have tremendous power to help you achieve remarkable things in life." – Adam Tank "The sum of your life is the quality of the relationships you build." – Adam Tank "It's not about what happens to you, but what you choose to do with it." – Adam Tank "A small act, like sending a postcard, can have ripple effects beyond what you can imagine." – Trace Blackmore Connect with Adam Tank Phone: 913-940-4381 Email: atank@transcendinfra.com Website: Transcend | Design Automation Software for Critical Infrastructure ThinkTank | Adam Tank LinkedIn: https://www.linkedin.com/in/adamtank/ Click HERE to Download Episode's Discussion Guide Guest Resources Mentioned Luck By Design: The Science And Serendipity Of A Well-Lived Life by Adam Tank Think And Grow Rich: The Secret To Wealth Updated For The 21st Century by Napoleon Hill Scaling UP! H2O Resources Mentioned AWT (Association of Water Technologies) Scaling UP! H2O Academy video courses Submit a Show Idea The Rising Tide Mastermind 001 A New Podcast for Water Treaters 181 The One Where Water Geeks Talk About Social Media 279 The One With the ‘Water We Talking About?' Hosts 343 Master Water Marketing with Adam Tank Water You Know with James McDonald Question: What is the proper regeneration sequence of operation for a co-current regenerated sodium zeolite softener system? 2025 Events for Water Professionals Check out our Scaling UP! H2O Events Calendar where we've listed every event Water Treaters should be aware of by clicking HERE.
Podcast: Bites & Bytes PodcastEpisode: Pathogens and Hackers: A New Perspective with David HatchPub date: 2025-02-11Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this thought-provoking episode of the award-winning Bites and Bytes Podcast, host Kristin Demoranville welcomes David Hatch, Vice President of Digital Solutions Marketing at Neogen®. David brings a wealth of experience, blending decades in data analytics, business intelligence, and information security with his work in food safety at Neogen. David shares surprising similarities between pathogens and hackers, both of which exploit vulnerabilities with ever-evolving methods. Together, they discuss the future of food safety and cybersecurity, emphasizing the importance of digital transformation, cloud technology, and proactive solutions in protecting food systems and critical infrastructure. Join Kristin and David as they explore how food safety professionals and technologists can collaborate to safeguard the systems that feed the world. Neogen®, a global leader in food safety testing solutions, empowers industries to address sustainability, supply chain integrity, and emerging threats through innovative products and cutting-edge digitization. _______________________________________________ Episode Key Highlights: (0:03:25) - Exploring Variety in Food and Wine (0:14:43) - Pathogens as Hackers: An Analogy (0:21:57) - Cloud Technology in Food Safety (0:27:25) - Digital Transformation in Food Labs (0:32:01) - Cybersecurity and Critical Infrastructure (0:50:53) - The Future of Hybrid Roles in Food and Tech (0:55:19) - Food Safety Data as an Opportunity Center _______________________________________________ Wicked6 is about women coming together to play cyber games and learn about careers in cybersecurity.
In this episode of Risk Management Show, we explore the top cybersecurity trends shaping critical infrastructure in 2025 with Benny Czarny, Founder and CEO of OPSWAT. With over 25 years of experience in critical infrastructure protection and cybersecurity solutions, Benny shares his expert insights on safeguarding critical systems, staying ahead of emerging threats, and implementing cutting-edge technologies like Content Disarm and Reconstruction (CDR) and network segregation. We discussed proactive measures to combat state-sponsored cyberattacks, supply chain vulnerabilities, AI-powered threats, and insider risks, along with the ROI of adopting advanced solutions like CDR. Benny also debunks misconceptions about CDR, emphasizing its speed, accuracy, and transformative potential in achieving near 100% protection. If you want to be our guest or suggest a guest, send your email to info@globalriskconsult.com with the subject line "Podcast Guest Inquiry." Join us as we bring expert discussions on risk management, cybersecurity, and sustainability to a wider audience. Don't miss this invaluable conversation with Benny Charney on the future of critical infrastructure cybersecurity! CHAPTERS: 00:00 - Intro 02:14 - Benny Czarny's Journey 05:31 - Content Disarm and Reconstruction (CDR) Explained 07:01 - CDR and High ROI Benefits 10:39 - Successful Implementation of CDR 16:11 - Emerging Cybersecurity Trends and Threats 21:10 - Proactive Cybersecurity Measures for Organizations 23:19 - Future of Cybersecurity Landscape 25:08 - Common Misconceptions about CDR 26:07 - Key Takeaways from the Discussion 26:28 - Closing Remarks
Guest: Fahad Mughal, Senior Cyber Solutions Architect - SecurityOn LinkedIn | https://www.linkedin.com/in/fahadmughal/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesModern railway systems are increasingly digital, integrating operational technology (OT) to enhance efficiency, reliability, and safety. However, as railways adopt automated and interconnected systems, they also become more vulnerable to cyber threats. In this episode of Redefining Cybersecurity on ITSP Magazine, host Sean Martin speaks with Fahad Ali Mughal, a cybersecurity professional with extensive experience in OT security architecture, about the challenges and priorities of securing railway infrastructure.The Growing Role of Cybersecurity in RailwaysRailway systems have evolved from steam-powered locomotives to autonomous, driverless trains that rely on sophisticated digital controls. OT now plays a crucial role in managing train operations, signaling, interlocking, and trackside equipment. These advancements improve efficiency but also expose railway networks to cyber threats that can disrupt service, compromise safety, and even impact national security. Unlike traditional IT environments, where the focus is on confidentiality, integrity, and availability (CIA), OT in railways prioritizes reliability, availability, and public safety. Ensuring the safe movement of trains requires a cybersecurity strategy tailored to the unique needs of railway infrastructure.Critical OT Systems in RailwaysMughal highlights key OT components in railways that require cybersecurity protection:• Signaling Systems: These function like traffic lights for trains, ensuring safe distances between locomotives. Modern communication-based train control (CBTC) and European Rail Traffic Management Systems (ERTMS) are vulnerable to cyber intrusions.• Interlocking Systems: These systems prevent conflicting train movements, ensuring safe operations. As they become digitized, cyber risks increase.• Onboard OT Systems: Automatic Train Control (ATC) regulates speed and ensures compliance with signaling instructions. A cyberattack could manipulate these controls.• SCADA Systems: Supervisory Control and Data Acquisition (SCADA) systems oversee infrastructure operations. Any compromise here can impact an entire railway network.• Safety-Critical Systems: Fail-safe mechanisms like automatic braking and failover controls are vital in preventing catastrophic accidents.The increasing digitization and interconnection of these systems expand the attack surface, making cybersecurity a top priority for railway operators.Real-World Cyber Threats in RailwaysMughal discusses several significant cyber incidents that highlight vulnerabilities in railway cybersecurity:• 2023 Poland Attack: Nation-state actors exploited vulnerabilities in railway radio communication systems to send unauthorized emergency stop commands, halting trains across the country. The attack exposed weaknesses in authentication and encryption within OT communication protocols.• 2021 Iran Railway Incident: Hackers breached Iran's railway scheduling and digital message board systems, displaying fake messages and causing widespread confusion. While safety-critical OT systems remained unaffected, the attack disrupted operations and damaged public trust.• 2016 San Francisco Muni Ransomware Attack: A ransomware attack crippled the fare and scheduling system, leading to free rides for passengers and operational delays. Though IT systems were the primary target, the impact on OT operations was evident.These incidents underscore the urgent need for stronger authentication, encryption, and IT-OT segmentation to protect railway infrastructure.Cybersecurity Standards and Best Practices for Railways (links to resources below)To build resilient railway cybersecurity, Mughal emphasizes the importance of international standards:• IEC 62443: A globally recognized framework for securing industrial control systems, widely applied to OT environments, including railways. It introduces concepts such as network segmentation, risk assessment, and security levels.• TS 50701: A European standard specifically designed for railway cybersecurity, expanding on IEC 62443 with guidance for securing signaling, interlocking, and control systems.• EN 50126 (RAMS Standard): A safety-focused standard that integrates reliability, availability, maintainability, and safety (RAMS) into railway operations.Adopting these standards helps railway operators establish secure-by-design architectures that mitigate cyber risks.Looking Ahead: Strengthening Railway CybersecurityAs railway systems become more automated and interconnected with smart cities, vehicle transportation, and supply chain networks, cyber threats will continue to grow. Mughal stresses the need for industry collaboration between railway engineers and cybersecurity professionals to ensure that security is integrated into every stage of railway system design.He also emphasizes the importance of real-time OT threat monitoring, anomaly detection, and Security Operations Centers (SOCs) that understand railway-specific cyber risks. The industry must stay ahead of adversaries by adopting proactive security measures before a large-scale cyber incident disrupts critical transportation networks.The conversation makes it clear: cybersecurity is now a fundamental part of railway safety and reliability. As Mughal warns, it's not a question of if railway cyber incidents will happen, but when.To hear the full discussion, including insights into OT vulnerabilities, real-world case studies, and cybersecurity best practices, listen to this episode of Redefining Cybersecurity on ITSP Magazine.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
Protecting operational technology (OT) environments is more complex than ever, requiring precise inventory, continuous monitoring, and strong IT-OT collaboration. This week on Feds At the Edge, our expert panel unpacks the key cybersecurity challenges operators face in securing their OT systems. Anthony J. DiPietro, Technical Director, Defense Critical Infrastructure Division for NSA, underscores the importance of maintaining an accurate inventory, especially in remote environments where “ghost” assets can appear unnoticed. We'll discuss how continuous monitoring helps mitigate these risks and why traditional IT security methods, like sandboxes and automatic updates, don't always work for OT systems. We also explore the evolving role of AI and Machine learning in OT security, workforce development, and the ever-growing threats posed by interconnected IoT and OT networks. Tune in on your favorite podcast platform for expert insights on fortifying OT environments against emerging cyber threats.
In this episode of Global Risk Community Chat, we uncover critical cyber threats targeting infrastructure sectors with Aviral Verma, Head of Research and Threat Intelligence at Securin. Aviral shares exclusive insights from a recent cybersecurity report analyzing over 1,700 attacks and 5,100 vulnerabilities affecting industries like energy, water, healthcare, and manufacturing. Discover how geopolitical tensions are driving these threats, why the average time to exploit vulnerabilities has drastically decreased, and how targeted sectors can proactively defend against spear phishing, misconfigurations, and more. We discussed practical strategies to prioritize vulnerabilities, build resilience, and implement effective tools such as attack surface management and email security. Aviral's expertise provides actionable steps for professionals in risk management and cybersecurity to secure critical systems and mitigate threats in an evolving landscape. A ccess the CISA Sectors Critical Infrastructure 2024 report here: https://www.securin.io/cisa-sectors-critical-infrastructure-2024-download/?_gl=1*p90qw6*_ga*NjI3Nzk4NDUwLjE3MzcwMzQ5Nzg.*_up*MQ..*_ga_31522S3THD*MTczNzAzNDk3OC4xLjEuMTczNzAzNDk4Ni4wLjAuMA. If you want to be our guest or suggest a guest, send your email to info@globalriskconsult.com with the subject line “Guest Proposal”. Stay tuned for more expert insights into risk management, cyber security, and sustainability from industry leaders like Aviral Verma.
A look at industrial cybersecurity, and why it matters, in the latest installment of our oral history project.We Meet: Ian Bramson, Vice President of Global Industrial Cybersecurity at Black & VeatchCredits:This episode of SHIFT was produced by Jennifer Strong with help from Emma Cillekens. It was mixed by Garret Lang, with original music from him and Jacob Gorski. Art by Meg Marco.
"PREVIEW: PANAMA CANAL: Colleague Joseph Humire outlines the national security concerns of leaving Panama in the hands of those who have sold critical infrastructure to U.S. adversaries, chiefly the PRC. More to follow." 1910 Panama Canal Zone
The Rich Zeoli Show- Hour 1: 3:05pm- F.A.A. Finally Bans Drones from Flying Near Critical Infrastructure in NJ. Tracey Tull of The New York Times reports: “The Federal Aviation Administration has issued a monthlong ban on drone flights over a large swath of New Jersey, the first broad prohibition of its kind since the authorities began investigating a spate of sightings last month that set off fear and speculation. The ban began late on Wednesday and will continue through Jan. 17, according to an F.A.A. alert. The notification cited ‘special security reasons' for prohibiting flights in airspace near 22 New Jersey communities, including three of the state's largest cities, Camden, Elizabeth and Jersey City.” You can read the full article here: https://www.nytimes.com/2024/12/19/nyregion/faa-bans-drone-flights-new-jersey.html 3:10pm- Rich wonders: why did the F.A.A. decide to ban drones from flying near critical infrastructure all of a sudden? And why didn't they do this weeks ago when New Jersey residents first started reporting sightings of mysterious drones? Rich suspects the ban will do absolutely nothing to prevent drones from pestering NJ residents. 3:20pm- After pressure from Donald Trump, J.D. Vance, and Elon Musk, the massive 1,547-page stopgap spending bill was pulled from the House floor. With the proposed bipartisan continuing resolution bill seemingly shelved, Congress will need to craft a new piece of legislation in order to avoid a government shutdown at midnight on Friday. 3:40pm- Late night host Jimmy Kimmel proudly declared he has “Trump Derangement Syndrome”—and wonders why more people don't have “TDS.” No wonder his ratings aren't impressive. When will Jimmy Failla get his own weekday late night show? Will it be Spring—early Spring? mid-Spring? late-Spring???