POPULARITY
In this week's Security Sprint Andy and Hunter talk about the following topics:Warm Open:• How Healthcare Facilities Can Be Truly Disaster-Resilient. Healthcare Facilities Today spoke with Jon Crosson, director of health sector resilience at Health-ISAC, on what makes a solid resiliency program for healthcare facilities, the importance of real-time information sharing and how healthcare facility managers can use partnerships to improve response and recovery efforts. • Healthcare cybersecurity needs a total overhaul, by Errol Weiss, Chief Security Officer, Health-ISAC• Addressing Risks from Chris Krebs and Government Censorshipo Fact Sheet: President Donald J. Trump Addresses Risks from Chris Krebs and Government Censorshipo Trump Revenge Tour Targets Cyber Leaders, Electionso Gate 15: Cybersecurity & Infrastructure Security: Time to Make This Happen, December 15, 2017 Following the House of Representatives, the US Senate needs to approve the re-designation of DHS's National Protection and Programs Directorate (NPPD) to become the Cybersecurity and Infrastructure Security Agency (CISA); The President should nominate, and the Senate should confirm, Christopher Krebs as Under Secretary for NPPD and then as the first Director of National Cybersecurity and Infrastructure Security.Main Topics: Hacktivism & Nation-State Influence• CyberAv3ngers: The Iranian Saboteurs Hacking Water and Gas Systems Worldwide• IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including US Water and Wastewater Systems Facilities• Top 10 Advanced Persistent Threat (APT) Groups That Dominated 2024• The rising tide: A 2024 retrospective of hacktivismPolitical Violence, Executive Protection• ‘Save the white race': Teen who gunned down his parents was plotting a ‘political revolution' that included ‘getting rid of' President Trump, police say• Pennsylvania Man Charged with Making Threats to Assault and Murder President Donald J. Trump, Other U.S. Officials, and Immigration and Customs Enforcement Agents & ‘Going to assassinate him myself': Man ‘buying 1 gun a month since the election' threatened to kill Trump in multiple YouTube comments under name ‘Mr Satan,' FBI says• Suspect in custody after overnight arson at Pennsylvania Gov. Josh Shapiro's residenceo Was Cody Balmer 'Upset' With Gov Josh Shapiro Over Property Seizure? o Harrisburg man to be charged with attempted murder of Gov. Josh Shapiro for setting fire to official residenceo Suspect in arson at Pennsylvania Gov. Josh Shapiro's residence planned to beat him, documents sayo Suspected arsonist Cody Balmer accused of firebombing Gov. Shapiro's home shared disturbing photos onlineo Cody Balmer's Social Media Reveals Anti-Joe Biden Posts• Protect Democracy: How does Gen Z really feel about democracy? 11% believe that it political violence is sometimes necessary to achieve progress.• Arrest made at UnitedHealthcare headquarters after reports of an intruder Quick Hits:• Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit• 8 April 2025 NCSC, FBI, DCSA bulletin – Online Targeting of Current & Former U.S. Government Employees. • FAA Drone Detection Testing. The FAA will conduct drone-detection testing in Cape May, New Jersey, between April 14-25. • Top homeland security lawmaker calls for cautious cuts to CISA• CISA cuts: ‘Open season' for US? • Senator puts hold on Trump's nominee for CISA director, citing telco security ‘cover up' • OCC Notifies Congress of Incident Involving Email Systemo Treasury bureau notifies Congress that email hack was a ‘major' cybersecurity incidento Hackers lurked in Treasury OCC's systems since June 2023 breach• US Cyber Command: Posture Statement of Lieutenant General William J. Hartman
China has prepositioned destructive cyber capabilities in U.S. energy and transportation infrastructure. Russia has capabilities to disrupt undersea cables and industrial control systems. Iran has exploited unprotected networks to deface machines monitoring water systems. The Cybersecurity and Infrastructure Agency (CISA) at the Department of Homeland Security is charged with collaborating with the private sector to secure critical systems. Since its creation in 2018, CISA has led federal efforts to understand and mitigate systemic cyber risk. How vulnerable is America in cyberspace? How has public-private cyber collaboration changed over the past six years? And, as U.S. adversaries become more aggressive in cyberspace, how can CISA bolster national cyber resilience?FDD's Center on Cyber and Technology Innovation hosts a fireside chat with CISA Director Jen Easterly on protecting critical infrastructure in the cyber age. The conversation will be moderated by RADM (Ret.) Mark Montgomery, CCTI senior director and former executive director of the congressionally mandated Cyberspace Solarium Commission.For more, check out: https://www.fdd.org/events/2024/01/15/infrastructure-security-in-the-cyber-age-a-conversation-with-cisa-director-jen-easterly/
Podcast: IoT Security PodcastEpisode: Critical Infrastructure Security: From Awareness to Action with Khris WoodringPub date: 2024-11-19Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationRecent years have seen a growing awareness of the vulnerabilities in our critical infrastructure to cyberattacks, particularly from nation-states like Russia, Iran, and China. In this episode of the IoT Security Podcast, host John Vecchi welcomes Khris Woodring, Senior Cybersecurity Architect at Syngenta, to explore the evolving challenges and opportunities in securing critical infrastructure. From his serendipitous journey into the field to actionable insights on workforce development, Khris shares how industries can overcome the persistent talent gap and drive proactive change in OT security.Key topics include:The unique challenges of bridging IT and OT security.Why workforce shortages hinder progress and how industry and academia can collaborate.The importance of standardizing roles, frameworks, and terminology.Stories of how early curiosity sparked a career in cybersecurity.Tune in for a passionate discussion on how to protect the systems that make modern life possible—and the steps we can take to secure a resilient future. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcastThe podcast and artwork embedded on this page are from Phosphorus Cybersecurity, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Recent years have seen a growing awareness of the vulnerabilities in our critical infrastructure to cyberattacks, particularly from nation-states like Russia, Iran, and China. In this episode of the IoT Security Podcast, host John Vecchi welcomes Khris Woodring, Senior Cybersecurity Architect at Syngenta, to explore the evolving challenges and opportunities in securing critical infrastructure. From his serendipitous journey into the field to actionable insights on workforce development, Khris shares how industries can overcome the persistent talent gap and drive proactive change in OT security.Key topics include:The unique challenges of bridging IT and OT security.Why workforce shortages hinder progress and how industry and academia can collaborate.The importance of standardizing roles, frameworks, and terminology.Stories of how early curiosity sparked a career in cybersecurity.Tune in for a passionate discussion on how to protect the systems that make modern life possible—and the steps we can take to secure a resilient future. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast
The Cyber Security and Infrastructure Security Agency (CISA) has been in the news for its work on election security. CISA this month, though, is also highlighting the need for security and resilience across the rest of the nation's critical infrastructure, you know, power grids, water utilities. CISA is drafting a list of organizations that are considered what it calls systemically important. For more Federal News Network's Justin Doubleday spoke with the executive assistant director of CISA's Infrastructure Security division, David Mussington. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
The Cyber Security and Infrastructure Security Agency (CISA) has been in the news for its work on election security. CISA this month, though, is also highlighting the need for security and resilience across the rest of the nation's critical infrastructure, you know, power grids, water utilities. CISA is drafting a list of organizations that are considered what it calls systemically important. For more Federal News Network's Justin Doubleday spoke with the executive assistant director of CISA's Infrastructure Security division, David Mussington. Learn more about your ad choices. Visit podcastchoices.com/adchoices
Steven Singer Steven Singer serves as the CIO at Julius Silvert, Inc and is an adjunct professor of computer science at Rowan University. With a background in IT infrastructure and security, Steven brings a unique perspective to technology leadership. He is passionate about bridging the gap between academic knowledge and real-world applications in IT. Outside...
There's substantial cybersecurity risk in critical infrastructure and addressing it is a complex problem that involves regulatory and private sector efforts. Joshua Corman, founder of I am the Cavalry and the CyberMed Summit, and Rob Knake, cybersecurity expert and former federal cybersecurity official, join host Eric Hanselman to explore the nature of the problems and the challenges we face in addressing them. This is a conversation that continues from their session at the America's Growth Capital's annual West Coast Cybersecurity Conference that ran alongside the RSA Conference. One of the challenges in securing critical infrastructure, is that it's often addressed as independent activities. That can miss the impact of cascading failures that can occur, given the interdependencies that exist across utilities and the social services that depend on them. Ransomware attacks on hospitals have taken weeks to resolve, rather than days. The Colonial pipeline attack shutdown services for a week. Behind this is a set of challenges that need to be addressed on the scale of the Y2K crisis at the start of the century, but that lack a hard deadline. There is progress being made, but there is much more to do. Host: https://www.spglobal.com/marketintelligence/contributors/1535668/eric-hanselman https://www.linkedin.com/in/erichanselman/ Guests: https://www.linkedin.com/in/joshcorman/ https://www.linkedin.com/in/rknake/ Links to show content: https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf https://youtu.be/dhJvslRRlFc?si=TmNbbRuh4MeSu0BO https://www.rsaconference.com/library/presentation/usa/2024/getting%20serious%20critical%20disruptionsthinkingresponses%20%20rumors%20of%20war https://www.cisa.gov/resources-tools/programs/chemical-facility-anti-terrorism-standards-cfats
The National Health Laboratory Service says its systems have not yet been fully restored, following a security breach that compromised its information technology infrastructure last Saturday. The NHLS is the country's diagnostic pathology service for public healthcare facilities and comprises a network of two hundred and sixty-five laboratories. For more on this we are joined on the line by Professor Koleka Mlisana, National Health Laboratory Service Chief Executive Officer
Send Bidemi a Text Message!In this episode, host Bidemi Ologunde spoke with Rocco D'Amico, the Founder/CEO of Brass Valley, a company that helps keep some of the world's largest organizations safe from data breaches when retiring computer systems. Rocco has extensive data security experience and built his company to be the safest IT asset disposition (ITAD) provider in the United States, with ZERO data breaches and NO environmental issues since it began operations over 20 years ago.Support the Show.
In the dynamic and ever-changing world of cybersecurity, it is crucial to remain at the forefront of addressing vulnerabilities, implementing innovative solutions, and getting to know companies that are making a differences in this industry. At Infosecurity Europe 2024 in London, Sean Martin sits down with Francesco Cipollone, co-founder of Phoenix Security, to discuss the company's journey, achievements, and unique value propositions, highlighting their significant impact within the cybersecurity community.Setting the StageThe bustling environment of Infosecurity Europe 2024 serves as the backdrop for an engaging conversation about the latest cybersecurity trends. Martin and Cipollone delve into Phoenix Security's origins as an internal project at HSBC, aimed at addressing engineer burnout by improving communication and prioritization in vulnerability management.Phoenix Security's Journey and VisionCipollone explains how Phoenix Security was created to help engineers avoid burnout, originally focusing on solving communication and prioritization challenges in vulnerability management. This initiative quickly evolved into a comprehensive solution that bridges the gap between security and engineering teams by providing actionable risk assessments and automating decision-making processes.Innovative Solutions for Modern Cybersecurity ChallengesPhoenix Security stands out by offering powerful tools that streamline vulnerability management across enterprise systems. Their platform allows for better scheduling of workloads and prioritization of tasks, significantly reducing the time it takes to address vulnerabilities from hours to just minutes. This efficiency not only prevents engineer burnout but also ensures that security measures are implemented effectively.Success Stories and Client FeedbackCipollone shares success stories from clients like ClearBank, who have benefited from real-time, up-to-date asset inventory and operational insights. By using Phoenix Security, these organizations can engage in informed risk-based decision-making, enabling security teams to focus on high-impact vulnerabilities and maximize risk reduction.Expanding Reach Through Strategic PartnershipsHighlighting the importance of collaboration, Cipollone mentions Phoenix Security's recent partnership with Booncheck. This partnership integrates advanced threat intelligence into the Phoenix platform, offering clients access to a wealth of vulnerability data and enabling more effective risk management strategies.ConclusionThe conversation concludes with insights into future security trends and Phoenix Security's commitment to innovation and community-driven solutions. Cipollone emphasizes that Phoenix Security aims to simplify decision-making processes, giving engineers and security professionals more time to focus on what truly matters.We encourage all ITSPmagazine viewers and listeners to connect with the Phoenix team, download their new book, and stay tuned for more updates from Infosecurity Europe 2024.Learn more about Phoenix Security: https://itspm.ag/phoenix-security-sx8vNote: This story contains promotional content. Learn more.Guest: Francesco Cipollone, CEO & Founder at Phoenix Security [@sec_phoenix]On LinkedIn | https://www.linkedin.com/in/fracipo/On Twitter | https://twitter.com/FrankSEC42ResourcesLearn more and catch more stories from Phoenix Security: https://www.itspmagazine.com/directory/phoenix-securityView all of our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
In the dynamic and ever-changing world of cybersecurity, it is crucial to remain at the forefront of addressing vulnerabilities, implementing innovative solutions, and getting to know companies that are making a differences in this industry. At Infosecurity Europe 2024 in London, Sean Martin sits down with Francesco Cipollone, co-founder of Phoenix Security, to discuss the company's journey, achievements, and unique value propositions, highlighting their significant impact within the cybersecurity community.Setting the StageThe bustling environment of Infosecurity Europe 2024 serves as the backdrop for an engaging conversation about the latest cybersecurity trends. Martin and Cipollone delve into Phoenix Security's origins as an internal project at HSBC, aimed at addressing engineer burnout by improving communication and prioritization in vulnerability management.Phoenix Security's Journey and VisionCipollone explains how Phoenix Security was created to help engineers avoid burnout, originally focusing on solving communication and prioritization challenges in vulnerability management. This initiative quickly evolved into a comprehensive solution that bridges the gap between security and engineering teams by providing actionable risk assessments and automating decision-making processes.Innovative Solutions for Modern Cybersecurity ChallengesPhoenix Security stands out by offering powerful tools that streamline vulnerability management across enterprise systems. Their platform allows for better scheduling of workloads and prioritization of tasks, significantly reducing the time it takes to address vulnerabilities from hours to just minutes. This efficiency not only prevents engineer burnout but also ensures that security measures are implemented effectively.Success Stories and Client FeedbackCipollone shares success stories from clients like ClearBank, who have benefited from real-time, up-to-date asset inventory and operational insights. By using Phoenix Security, these organizations can engage in informed risk-based decision-making, enabling security teams to focus on high-impact vulnerabilities and maximize risk reduction.Expanding Reach Through Strategic PartnershipsHighlighting the importance of collaboration, Cipollone mentions Phoenix Security's recent partnership with Booncheck. This partnership integrates advanced threat intelligence into the Phoenix platform, offering clients access to a wealth of vulnerability data and enabling more effective risk management strategies.ConclusionThe conversation concludes with insights into future security trends and Phoenix Security's commitment to innovation and community-driven solutions. Cipollone emphasizes that Phoenix Security aims to simplify decision-making processes, giving engineers and security professionals more time to focus on what truly matters.We encourage all ITSPmagazine viewers and listeners to connect with the Phoenix team, download their new book, and stay tuned for more updates from Infosecurity Europe 2024.Learn more about Phoenix Security: https://itspm.ag/phoenix-security-sx8vNote: This story contains promotional content. Learn more.Guest: Francesco Cipollone, CEO & Founder at Phoenix Security [@sec_phoenix]On LinkedIn | https://www.linkedin.com/in/fracipo/On Twitter | https://twitter.com/FrankSEC42ResourcesLearn more and catch more stories from Phoenix Security: https://www.itspmagazine.com/directory/phoenix-securityView all of our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
This week, the White House released a new National Security Memorandum on Critical Infrastructure Security and Resilience. The Attorney General recommended reducing restrictions on marijuana. Global Financial Integrity and several other organizations released a report identifying 25 cases in which illegal, allegedly illicit, or suspicious funds were funneled into commercial property in the US. John and Elliot discuss these and other events of the week that are important to members of the global financial crime prevention community.
A lot is happening in our world that can inspire fear and anxiety if we let it. God calls us to understand that not only is He holding us all in His hands, but that He calls each one of us to cooperate with His grace and take part in being the solution to the world's problems. Tommy Waller, former Marine Lt. Colonel and member of the EMP Commission gives us powerful insight into the current threats against our power grid and other areas of our society that we face, and the things that we can do to be better prepared to respond BOTH spiritually and naturally for the sake of ourselves, our loved ones and the common good. ------------------------------- Order the new "Sacred Heart Dog Tag and American Flag Cross" today! The Sacred Heart Dog Tag that qualifies as a "Scapular Medal". Wear this "Catholic Dog Tag" proudly to identify your devotion to the Sacred Heart and strong commitment to bringing love and peace to our great nation. Order HERE: https://romancatholicgear.com/ ------------------------------ Support our Veterans! Many of our Veterans lack access to dental care through the VA. Enjoy premium coffee while backing Objective Veterans Smile, a nonprofit dedicated to providing essential dental services to our servicemen and women. Get your bag here https://romancatholicgear.com/ Learn more about Objective Veterans Smile HERE. https://romancatholicgear.com/ ------------------------------ More information on Tommy Waller: CENTER FOR SECURITY POLICY: - https://centerforsecuritypolicy.org/ INFRASTRUCTURE SECURITY: - https://centerforsecuritypolicy.org/infrastructure-security/ SCHEDULE A BRIEFING: - https://centerforsecuritypolicy.org/elected-officials-emergency-manager-briefings/ FOOD SECURITY REPORT: - https://centerforsecuritypolicy.org/report-food-security-is-national-security/ FOOD SECURITY SOLUTIONS: - https://foodsecurity.solutions/ DONATE TO HELP THE CENTER FOR SECURITY POLICY: - https://centerforsecuritypolicy.org/support-us/ --------------------------------- PATREON - Help support this podcast by becoming a US Grace Force PATRON here: https://www.patreon.com/user?u=25398590 --------------------------------- Visit our sponsor and get yourself some amazing, healthy soap HERE: https://www.wildcardusa.com/ --------------------------------- WITH THE BARRYS Family Friendly Adventures HERE: https://www.youtube.com/@withthebarrys/videos --------------------------------- PRAY THE ROSARY: The Joyful Mysteries: https://www.youtube.com/watch?v=aMAR9MEN1pE&t=656s --------------------------------- The Sorrowful Mysteries: https://www.youtube.com/watch?v=XHUkx66oAxE&t=311s -------------------------------- The Glorious Mysteries: https://www.youtube.com/watch?v=Pg_JWsxS6EA&t=207s --------------------------------- The Luminous Mysteries: https://www.youtube.com/watch?v=PVL5CqBr3CA&t=198s --------------------------------- The Full Rosary: https://www.youtube.com/watch?v=44zL1kFIvP8&t=1765s --------------------------------- Join our US Grace Force Facebook group: https://usgraceforce.com/ --------------------------------- Be Ready Emergency Preparedness Course: Be prepared to Care for and Protect your Family in times of Natural Disasters, Emergencies, Civil Unrest, Economic Collapse, and more. Sign up for the course HERE: https://brcoalition.com/ --------------------------------- Go HERE to check out the BR Coalition and get great training Body, Mind & Soul! https://brcoalition.com/ Become part of one of the fastest growing online Catholic Membership sites. --------------------------------- Get your hands on some great US Grace Force T-shirts! https://us-grace-force.creator-spring.com/ --------------------------------- The seven promises given to St Bridget of Sweden for those who devote themselves to her Seven Sorrows. 1. I will grant peace to their families. 2. They will be enlightened about the Divine Mysteries. 3. I will console them in their pains, and I will accompany them in their work. 4. I will give them as much as they ask for as long as it does not oppose the adorable will of my Divine Son or the sanctification of their souls. 5. I will defend them in their spiritual battles with the infernal enemy and I will protect them at every instant of their lives. 6. I will visibly help them at the moment of their death—they will see the face of their mother. 7. I have obtained this grace from my divine Son, that those who propagate this devotion to my tears and dolors will be taken directly from this earthly life to eternal happiness, since all their sins will be forgiven and my Son and I will be their eternal consolation and joy.
Guest: Cassie Crossley, VP, Supply Chain Security, Schneider Electric [@SchneiderElec]On LinkedIn | https://www.linkedin.com/in/cassiecrossley/On Twitter | https://twitter.com/Cassie_CrossleyOn Mastodon | https://mastodon.social/@Cassie_Crossley____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, host Sean Martin chats with Cassie Crossley, Vice President for Supply Chain Security at Schneider Electric, and author of the book "Software Supply Chain Security". Crossley emphasizes the need for increased awareness and understanding of software supply chain security, not just among technology companies but also in the broader business sector including procurement, legal, and MBA graduates.Crossley highlights the intricate complexities involved in securing IT, OT and IoT ecosystems. These include dealing with decades-old equipment that can't easily be upgraded, and accounting for the constantly evolving nature of cybersecurity threats, which she likens to a 'Wild West' environment.Crossley brings attention to the importance of businesses understanding the risks and impacts associated with cyber vulnerabilities in their supply chain. She touches on the potential vulnerabilities of pre-installed apps on iPhones, the need for more memory-safe languages, and the complexities of patch management in OT environments.Additionally, Crossley talks about the potential for cyber disasters and the importance of robust disaster recovery processes. Discussing the EU Cyber Resilience Act, she raises an important issue about the lifespan of tech devices and the potential impact on the security status of older devices.To help businesses navigate these challenges, Crossley's book provides a holistic overview of securing end-to-end supply chains for software, hardware, firmware, and hardware; it is designed to serve as a practical guide for anyone from app developers to procurement professionals. She aims to enlighten and equip businesses to proactively address supply chain security, rather than treating it as an afterthought.Key Questions Addressed:What is the importance of software supply chain security in businesses?What are the challenges presented by OT environments when implementing cybersecurity measures?How can businesses proactively navigate these challenges and strengthen their supply chain security?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
In this series, we will explore all things cyber, including the legal, regulatory and policy developments that impact corporate Australia. We will do this by speaking to those people who are shaping the Australian legal and regulatory environment. Those who are on the front line of protecting Australian companies from cyber incidents. In our inaugural podcast, we are joined by Hamish Hansford, Deputy Secretary Cyber & Infrastructure Security, Home Affairs.
Guest: Cassie Crossley, VP, Supply Chain Security, Schneider Electric [@SchneiderElec]On LinkedIn | https://www.linkedin.com/in/cassiecrossley/On Twitter | https://twitter.com/Cassie_CrossleyOn Mastodon | https://mastodon.social/@Cassie_Crossley____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, host Sean Martin chats with Cassie Crossley, Vice President for Supply Chain Security at Schneider Electric, and author of the book "Software Supply Chain Security". Crossley emphasizes the need for increased awareness and understanding of software supply chain security, not just among technology companies but also in the broader business sector including procurement, legal, and MBA graduates.Crossley highlights the intricate complexities involved in securing IT, OT and IoT ecosystems. These include dealing with decades-old equipment that can't easily be upgraded, and accounting for the constantly evolving nature of cybersecurity threats, which she likens to a 'Wild West' environment.Crossley brings attention to the importance of businesses understanding the risks and impacts associated with cyber vulnerabilities in their supply chain. She touches on the potential vulnerabilities of pre-installed apps on iPhones, the need for more memory-safe languages, and the complexities of patch management in OT environments.Additionally, Crossley talks about the potential for cyber disasters and the importance of robust disaster recovery processes. Discussing the EU Cyber Resilience Act, she raises an important issue about the lifespan of tech devices and the potential impact on the security status of older devices.To help businesses navigate these challenges, Crossley's book provides a holistic overview of securing end-to-end supply chains for software, hardware, firmware, and hardware; it is designed to serve as a practical guide for anyone from app developers to procurement professionals. She aims to enlighten and equip businesses to proactively address supply chain security, rather than treating it as an afterthought.Key Questions Addressed:What is the importance of software supply chain security in businesses?What are the challenges presented by OT environments when implementing cybersecurity measures?How can businesses proactively navigate these challenges and strengthen their supply chain security?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
When if comes to the Cybersecurity and Infrastructure Security Agency (CISA), people sometimes forget that "I" word. Cyber topics seem to consume all of the oxygen these days. But physical infrastructure threats are also real and often connected to the cyber side. For more, Federal Drive Host Tom Temin spoke with CISA's Executive Assistant Director for Infrastructure Security, David Mussington. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
When if comes to the Cybersecurity and Infrastructure Security Agency (CISA), people sometimes forget that "I" word. Cyber topics seem to consume all of the oxygen these days. But physical infrastructure threats are also real and often connected to the cyber side. For more, Federal Drive Host Tom Temin spoke with CISA's Executive Assistant Director for Infrastructure Security, David Mussington. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode, host Bidemi Ologunde discussed recent political and security developments in Peru.Support the show
Our guest todays is Marc Woolward, CTO and CISO at vArmour We discussed the following topics among others. What critical infrastructure entails and why it is essential for the functioning of businesses and societies today? With the rapid advancement of technology, how do emerging technologies both contribute to and pose challenges for the security of critical infrastructure? In the realm of critical infrastructure security, what are some of the major challenges and threats that organizations face today, particularly concerning the information they rely on? and more... If you want to be our guest, or you know some one who would be a great guest on our show, just send your email to info@globalriskconsult.com with a subject line “Global Risk Community Show” and give a brief explanation of what topic you would like to to talk about and we will be in touch with you asap.
NJOHSP's Intelligence. Unclassified. podcast provides unclassified information about current trends in homeland security as well as educational information and resources.This episode, published November 29, 2023, features experts from NJOHSP, NJSP and local government who provide an overview of critical infrastructure security plans and initiatives in New jersey, as well as insight into a path forward.
In this week's Security Sprint, Dave and Andy talked about the following topics: Physical Security. Increasing acceptance of threats of violence MAGA Commentator Wants People to Shoot Charity Workers Assisting Migrants 'Be looking over your shoulder': MAGA man arrested for threats against Fani Willis Threats to U.S. senator amid spike in anti-Jewish, anti-Muslim activity; U.S. officials say they are responding to a rise in threats against Arab, Jewish and Muslim communities as Gaza war intensifies DOJ: Nevada Man Arrested And Charged For Making Threats To United States Senator Vehicle Ramming. Nuclear Power Plant. https://www.nbcnews.com/news/us-news/police-searching-suspect-drove-fence-south-carolina-nuclear-station-at-rcna123489 CISA Security Planning Workbook. https://www.cisa.gov/sites/default/files/2023-10/CISA_AASB_Security_Planning_Workbook_508_Compliant_20230929.pdf US Senate Hearing: Threats to the Homeland Secretary Mayorkas Testimony to Committee on Homeland Security & Governmental Affairs FBI Director Wray: Threats to the Homeland Cybersecurity. CISA Launches Critical Infrastructure Security and Resilience Month 2023. The Cybersecurity and Infrastructure Security Agency (CISA) announced the kickoff of Critical Infrastructure Security and Resilience Month. Yesterday, the White House issued a Presidential Proclamation to commemorate November as Critical Infrastructure Security and Resilience Month and called on Americans to recognize the importance of this month to enhance our collective national security and resilience… This November, CISA is asking everyone to Resolve to be Resilient by preparing and investing in resilience today, so that, as a nation, we can recover quickly in the event of an incident tomorrow. We are highlighting practices critical infrastructure organizations can implement to recover rapidly in the aftermath of any significant disruption: Assess Your Risk. Make a Plan and Exercise It. Continuously Improve and Adapt. NCSC. https://www.ncsc.govt.nz/news/record-high-financially-motivated-cyber-activity/ Zero-Day. https://cyberscoop.com/cisa-zero-day-ransomware/ Quick Hits Maine gunman's family contacted police months before massacre, sheriff says NIJ: Five Things About Protecting Against Mass Attacks FACT SHEET: Biden-Harris Administration Convenes Third Global Gathering to Counter Ransomware 2022 RTF Global Ransomware Incident Map: Attacks continue worldwide, groups splinter, education sector hit hard w reference to our good friends at eCrime – the single best source for ransomware information U.S. officials hold their breath for Iranian cyberattacks Man Armed with Weapons Found Dead at Colorado Amusement Park, Investigation Underway; Authorities said that the 22-year-old suspect wore body armor and had with him a semi-automatic rifle and IEDs FIRST has officially published the latest version of the Common Vulnerability Scoring System (CVSS v4.0) FBI Tech Tuesday: Beware of Scams on Popular Peer-to-Peer Payment Apps SEC Charges SolarWinds and Chief Information Security Officer with Fraud, Internal Control Failures Citrix Bleed: Two ransomware groups now exploiting bug for initial access “This vulnerability is now under mass exploitation.” Citrix Bleed bug bites hard; By some estimates, 20,000 devices have already been hacked. Unveiling Socks5Systemz: The Rise of a New Proxy Service via PrivateLoader and Amadey GCA Launches a User-friendly Cybersecurity Tools Wiki NZ NCSC: The NCSC announces record-high financially motivated cyber activity
Technovation with Peter High (CIO, CTO, CDO, CXO Interviews)
815: Papi Menon, Vice President and Chief Product Officer of Cisco's incubation engine Outshift, discusses the innovation he is leading at the company and the process by which his team is scaling that innovation. He explains the skills he has on his team at Outshift and how he is developing that talent internally. Papi also describes the focus on cloud security, the platforms his team has built to help companies secure their cloud infrastructure, and the core pillars of these products. Finally, Papi touches on the cultural component of innovation, exploring use cases for artificial intelligence, and the secrets to his career success.
Technovation with Peter High (CIO, CTO, CDO, CXO Interviews)
815: Papi Menon, Vice President and Chief Product Officer of Cisco's incubation engine Outshift, discusses the innovation he is leading at the company and the process by which his team is scaling that innovation. He explains the skills he has on his team at Outshift and how he is developing that talent internally. Papi also describes the focus on cloud security, the platforms his team has built to help companies secure their cloud infrastructure, and the core pillars of these products. Finally, Papi touches on the cultural component of innovation, exploring use cases for artificial intelligence, and the secrets to his career success.
ICAS is a global leader in IT infrastructure deployment, offering a suite of services, including structured cabling, technology consulting, project management, network infrastructure, security, and surveillance solutions, and more. ICAS serves a diverse client base, including Fortune 500 companies and institutional and municipal entities. “You're in good hands,” says Mirko Notarangelo, Director of Marketing of ICAS. In this podcast we learn about the importance of operating at the best practices and meeting all industry standards. Mirko offers us a look inside the world of infrastructure and how the best plans can be upended by infrastructure deployment. ICAS makes those investments work by meeting the precise standard and procedures called for. Visit https://www.icascorp.com/
ICAS is a global leader in IT infrastructure deployment, offering a suite of services, including structured cabling, technology consulting, project management, network infrastructure, security, and surveillance solutions, and more. ICAS serves a diverse client base, including Fortune 500 companies and institutional and municipal entities. Mirko Notarangelo, Director of Marketing of ICAS, sat down with Doug Green at MWC Las Vegas 2023 to discuss the company's offerings and to offer some ideas for enterprises navigating deployment of new technologies. We look at best practices and considerations before undertaking moves, adds and changes, either big or modest. We also learn about special indicatives ICAS is offering the education community such as vape detection. We hear about Juno AI a privacy-aware advanced video analytics platform that provides schools and campus administrators with improved awareness of students' behavior and emotional states to help them better assess student mental health needs, and at times prevent violent or dangerous behaviors. We also hear about the Sely Program. Visit https://www.icascorp.com/
This week, ASPI's Director of Cyber, Technology and Security Dr Alex Caples speaks to Hamish Hansford, who was recently appointed Deputy Secretary of Cyber and Infrastructure Security at the Department of Home Affairs. They discuss the links between cyber security, supply chain security and critical infrastructure, as well as the rise in ransomware attacks, including on hospitals, and lessons learned from the Colonial Pipeline attack. Alex asks Hamish about the amendments to the Security of Critical Infrastructure Act, what they mean for industry and the role that government and industry need to play in securing Australia's critical infrastructure. Guests: Dr Alex Caples: https://www.aspi.org.au/bio/alex-caples Hamish Hansford: https://www.homeaffairs.gov.au/about-us/who-we-are/our-senior-staff/hamish-hansford Music: "Just wondering" by Maarten Schellekens. Via: https://www.tribeofnoise.com/
In the latest episode of the Weekly Security Sprint, Dave and Andy covered the following topics: Infrastructure Security. Idaho Power Plant. https://www.ktvb.com/article/news/crime/man-shooting-at-idaho-power-equipment-hells-canyon-brownlee/277-27bfdfd6-9718-4497-979d-7ac51ce2f7e1 I-95 Bridge Collapse. https://www.phila.gov/2023-06-11-updates-on-the-i-95-fire-and-partial-highway-collapse/ Trump Indictment Special Counsel Jack Smith Delivers Statement House Judiciary Committee: Testimony Reveals Senior FBI Official Expressed Concerns about Trump Raid Trump will face judge in historic court appearance over charges he mishandled secret documents. Miami officials stress 'law and order' in preparation for Trump's indictment hearing BBC LIVE - Miami ready for protests before Trump court appearance Journalists barred from using cameras, cellphones in courthouse during Trump arraignment Fears that Republicans' rhetoric after Trump indictment could spark violence Trump's Miami court date brings fears of violence, rally plans ‘I Want Blood': Heavily-Armed Trump Supporters Say They'll Protest Trump's Indictment Trump Supporters' Violent Rhetoric in His Defense Disturbs Experts Trump Extremists Demand Civil War, Mass Murder After New Indictment Kari Lake Warns Biden, DOJ Will Have to Go Through ‘Card-Carrying Members of the NRA' to Get to Trump Heat injuries links Heat Injuries for Organizers. https://www.multco.us/help-when-its-hot/tips-summer-event-organizers CDC. https://www.cdc.gov/niosh/topics/heatstress/heatrelillness.html CSC 2.0. CSC 2.0 offers recommendations for enhancing private-public collaboration with an eye to the pending PPD-21 update. Overall, good recommendations, with some notable misses. CSC 2.0. Revising Public-Private Collaboration to Protect U.S. Critical Infrastructure FB Security CNN. One of the most dangerous hours in America is now 11 o'clock on Sunday morning Secretary Mayorkas Brings Together Faith Leaders to Discuss Efforts to Enhance DHS's Work to Protect Houses of Worship. Planning and Armed Congregants Top Church Security Measures; Pastors' Views on Church Security: A Survey of American Protestant Pastors (PDF) Quick Hits The Light: Inside the UK's conspiracy theory newspaper that shares violence and hate San Francisco 49ers to recruit IT staff and overhaul cybersecurity processes after data breach; Ransomware attack saw personal data of more than 20,000 people exposed to criminals. Gate 15's ~ Ransomware Resilience ~ Security Summer Sale! NWS: Poor Air Quality Persists. Read More FBI IC3 - Business Email Compromise: The $50 Billion Scam FBI IC3-Malicious Actors Manipulating Photos and Videos to Create Explicit Content and Sextortion Schemes. T Seven key insights from the 2023 Verizon Data Breach Investigations Report AI's Growth Threatens to Flood 2024 Campaigns With Fake Videos Blended Threats - Hacks Against Ukraine's Emergency Response Services Rise During Bombings Human Rights Campaign declares a national state of emergency for LGBTQ+ people Cuba to Host Secret Chinese Spy Base Focusing on U.S. The Bold Plan to Create Cyber 311 Hotline CIA And Mossad-Linked Surveillance System Quietly Being Installed Throughout The United States: Report CISA and Partners Release Joint Guide to Securing Remote Access Software SPLC: The Year in Hate & Extremism 2022 CISA and FBI Release #StopRansomware: CL0P Ransomware Gang Exploits MOVEit Vulnerability. Ransomware group Clop issues extortion notice to ‘hundreds' of victims MOVEit Transfer and MOVEit Cloud Vulnerability New MOVEit Transfer critical flaws found after security audit, patch now Canadian Centre for Cyber Security - MOVEit Transfer security advisory (AV23-322) MOVEit: BBC and British Airways affected by data breach at payroll company Zellis Microsoft says Clop ransomware gang is behind MOVEit mass-hacks, as first victims come forward CrowdStrike: Movin' Out: Identifying Data Exfiltration in MOVEit Transfer Investigations
In this episode Roshmik Saha, Head of Engineering at Skyflow, dives into the fascinating realm of data privacy and security solutions. Whether you're considering building your own privacy solution or seeking insights into the infrastructure requirements for handling credit card data securely, this episode has you covered. One important aspect that often goes underestimated is the maintenance costs associated with data privacy solutions. Roshmik emphasizes the significance of factoring in long-term maintenance expenses, as these solutions require ongoing updates, monitoring, and enhancements to adapt to evolving threats and regulations. It's crucial to recognize that compliance is merely a baseline and that solely building for compliance may not offer state-of-the-art security. Roshmik shares his expertise on how to go beyond compliance and implement robust security measures to protect sensitive data effectively. During the conversation, Roshmik highlights key considerations and features when building a data privacy solution to securely store and govern access to data. From encryption techniques and access control mechanisms to comprehensive auditing capabilities, he offers insights into the foundational elements required for a robust privacy solution. Additionally, he emphasizes the importance of incorporating state-of-the-art security technologies and features to reduce the risk of data breaches and potential reputational damage. Scalability is another critical aspect to address when developing a data privacy solution. Roshmik sheds light on the challenges faced by engineering teams in ensuring that the solution can meet the needs of a growing organization. He discusses strategies for building a scalable architecture that can handle increasing data volumes, user demands, and operational complexities. Throughout the episode, Roshmik provides practical advice and shares his thoughts on various topics, including the future of data privacy and security technologies. By drawing from his vast experience and expertise, you'll gain valuable insights into building a data privacy solution that not only meets regulatory requirements but also ensures resilience against cyber attacks. Topics: If I told you I was starting a B2C company and I was going to build my own privacy and security solution, what would your advice be Considering just credit card data, what would I need from an infrastructure standpoint to securely store, handle, and process credit card data? Beyond infrastructure costs, what other types of costs would I need to think through? What are the types of features or technologies I'd need to build to meet existing privacy requirements but also reduce the risk that I end up in the news for a data breach? What are the key considerations or features when building a data privacy solution to securely store data and govern access? What's the engineering cost to build and maintain these? What kind of expertise does an engineering team require to build something that you think not only meets regulatory requirements, but also is resilient to cyber attacks? What are the most important security measures that need to be put in place to protect data privacy? How do you test and evaluate the effectiveness of the data privacy solution? How do you ensure that the data privacy solution remains up-to-date with evolving data privacy regulations and best practices? What are the biggest challenges that engineering teams face when building a data privacy solution? How do you ensure that the data privacy solution is scalable to meet the needs of a growing organization? Why do you think companies try to do this themselves? How do you ensure that the Skyflow is resilient to cyber attacks and other security threats? What advice would you give to other engineering teams building a data privacy solution for their organization? Are there any future data privacy or security technologies you're excited about?
On this episode of Tech Trek, Lisa Hall, Chief Information Security Officer, talks about her experiences building a security program at the genetic testing company. The program covers infrastructure security, application security, product security, governance, risk, and compliance. Lisa discusses the challenges and strategies in building and maintaining a security program in a constantly evolving landscape. Highlights [00:02:29] Building security strategies. [00:03:42] Adapting to different company cultures. [00:07:16] Engineering first organizations. [00:11:16] Finding security champions. [00:14:30] Celebrating quick wins. [00:17:25] Finding the right leadership voice. [00:20:49] Cybersecurity and Business Impact. [00:23:55] Productivity and motivation. [00:27:47] Call-to-action for engagement. With over 16 years of experience in information security, Lisa Hall has built security programs from the ground up and optimized existing security and compliance initiatives at scale. She focuses on building holistic security strategies and comprehensive information security management programs- ensuring products and business systems are developed with security in mind. Lisa has experience building and growing teams, leading companies through IPO, acquisitions & mergers, and leading Application/Product Security, Infrastructure Security, and Compliance programs (SOX, SOC2, ISO 27001, FISMA, FedRAMP, & HITRUST). She believes security should make it easy to do the right thing. Lisa has previously held Information Security roles at PagerDuty, Twilio, and EY. Lisa is a Venture Advisor at YL Ventures and an Advisory Board Member for Day of Shecurity. She is also a co-author in "Reinventing Cybersecurity"- A JupiterOne book authored by female and non-binary security practitioners. --- Thank you so much for checking out this episode of The Tech Trek, and we would appreciate it if you would take a minute to rate and review us on your favorite podcast player. Want to learn more about us? Head over at https://www.elevano.com Have questions or want to cover specific topics with our future guests? Please message me at https://www.linkedin.com/in/amirbormand (Amir Bormand)
Podcast: Hack the Plant (LS 33 · TOP 5% what is this?)Episode: Idaho National Labs and the Next Generation of Critical Infrastructure SecurityPub date: 2023-03-06For today's episode, I'm joined by Zach Tudor, the Associate Laboratory Director at Idaho National Laboratory (INL). INL is a Department of Energy national laboratory, is the nation's leading center for nuclear energy research and development. Zach is responsible for INL's Nuclear Nonproliferation, Critical Infrastructure Protection and Defense Systems missions.We discuss how INL partners with the private sector to test challenges to critical infrastructure, and the cutting edge work INL is doing to secure the next generation of critical infrastructure."Honeywell has been one of the big players that has been working with us for quite a while. And Hitashi. Schneider Electric. They will provide us some of their systems that are critical in energy critical infrastructure, industrial control systems, and we will tear it down in a methodological process that we have developed here…[to] start building an understanding of where the risks are and the supply chain of our critical energy infrastructure." - Zach TudorOther topics we cover: What work is INL doing to secure the next generation of critical infrastructure? How can we make our critical infrastructure systems more resilient? How is data security managed with emerging technologies such as 5G, or self-driving cars? What strategies should the government and private industry use to categorize risk and mitigate it in a way that actually has measurable impact? Join us to learn more.The podcast and artwork embedded on this page are from Bryson Bort, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
ISACA's Chris Dimitriadis and the US GAO's Nick Marinos discuss the current state of critical infrastructure security, escalating threats and how to better prepare. For more information check out www.isaca.org/heightened-threats
Communications form the critical backbone of the modern world, connecting more people and more devices more completely than ever before. The benefits of this hyper-connected society drive ever-increasing reliance on secure, reliable, and resilient communications. Potential adversaries to the North Atlantic Treaty Organization certainly understand the importance of communications—those they seek to target and those they use themselves—so it is critical to fully understand the sector, the risks it faces, and the best ways to mitigate those risks. This podcast based on Chapter 9 in Enabling NATO's Collective Defense: Critical Infrastructure Security and Resiliency (NATO COE-DAT Handbook 1) provides a foundation from which to better understand the criticality of communications for national security and emergency preparedness and common important characteristics of the sector and their implications for security and resilience. Click here to read the book. Click here to watch the webinar. Keywords: critical infrastructure, communications, cyber threats, security risk assessment, crisis management Episode transcript "Communications Resilience" from Enabling NATO's Collective Defense: Critical Infrastructure Security and Resiliency (NATO COE-DAT Handbook 1) Stephanie Crider (Host) You're listening to Conversations on Strategy. The views and opinions expressed in this podcast are those of the authors and are not necessarily those of the Department of the Army, the US Army War College, or any other agency of the US government. Conversations on Strategy welcomes Chris Anderson, author of “Communications Resilience.” Anderson's, an incident management and infrastructure protection expert with three decades of government, military, and private-sector experience. He's currently the principal advisor for national security and emergency preparedness at Lumen. Welcome to Conversations on Strategy, Chris. I'm glad you're here. Chris Anderson Thanks for having me. Host You recently contributed a chapter to Enabling NATO's Collective Defense: Critical Infrastructure Security and Resiliency. Your chapter talks about communications resilience, the backbone of the modern world, in your words. Give us an overview of the communication sector, please. Anderson It's really hard to overstate how important commercial communications is to government and military communications of all kinds. So, sort of the traditional national security kinds of things—command-and-control networks, intelligence sharing. Even highly classified information typically travels over commercial networks for a big part of its lifespan. But then as you start thinking even in more detail, things like civil preparedness, police, fire, EMS discussions, how you issue civil defense alerts to the civilian population, et cetera. On top of all that, communications is critical to economies and the citizenry in general. In the US, we've started this concept called national critical functions, which sort of distinguishes the inherently governmental functions from the other things the nation needs to be able to do in order to have a vibrant economy and support the government and keep citizens safe, et cetera. And comms is really central to a lot of those national critical functions. The sector itself is incredibly diverse. So when we talk about communications, and in the book chapter I talk about sort of the breadth of communications as encompassing sort of the traditional wireline services. You know, twisted pair copper and fiber optic cables that make up the old, you know, Bell telephone kind of networks that have now become the broadband connections that we all use in homes and businesses throughout the world. It also includes wireless communications. So wireless, you know, everyone thinks of 4G point-to-point5G cellular communications, but wireless also includes things like point-to-point, microwave and other uses of the radio frequency spe...
Released 6 January 2023 This podcast based on Chapter 1 in Enabling NATO's Collective Defense: Critical Infrastructure Security and Resiliency (NATO COE-DAT Handbook 1 answers the questions: What is critical infrastructure? Why is it important? What is the difference between critical infrastructure protection (CIP) and critical infrastructure security and resilience (CISR)? What are some of the key terms defined in national CISR policy? What are the core areas of activity or work streams involved in implementing CISR policy in and across the North Atlantic Treaty Organization nations? The answers to these specific questions provide the contextual basis for understanding why CISR is a quintessential societal task for maintaining national security, economic vitality, and public health and safety in a world filled with increasing levels of risk. For NATO member states, building and enhancing CISR at the national level is necessary to safeguard societies, people, and shared values and also provide the foundation for credible deterrence and defense and the Alliance's ability to fulfill its core tasks of collective defense, crisis management, and cooperative security. Click here to read the book. Click here to watch the webinar. Keywords: critical infrastructure, CIP, CISR, CBRNE, cyber threats, security risk assessment, crisis management Episode transcript "Understanding Critical Infrastructure" from Enabling NATO's Collective Defense: Critical Infrastructure Security and Resiliency (NATO COE-DAT Handbook 1) Stephanie Crider (Host) You're listening to Conversations on Strategy. The views and opinions expressed in this podcast are those of the authors and are not necessarily those of the Department of the Army, the US Army War College, or any other agency of the US government. Conversations on Strategy welcomes Ronald Bearse, author of “Understanding Critical Infrastructure,” featured in Enabling NATO's Collective Defense: Critical Infrastructure and Resiliency. Bearse is an expert in critical infrastructure protection and national preparedness, with more than 23 years of experience in the US Department of Defense, Homeland Security, and Treasury. Ron, welcome to Conversations on Strategy. You recently contributed to a book, Enabling NATO's Collective Defense: Critical Infrastructure Security and Resiliency. I'm looking forward to hearing about your chapter, but first, thank you for being here. Ronald Bearse Well thanks Steph. Yeah, I'm happy to discuss that with you today. Host What is critical infrastructure? Bearse Although there's no real global or standard or universal definition of critical infrastructure, most, if not all, European and NATO nations, which have a national CIP or CISR policy or national plan, define critical infrastructure as those physical and cyber systems, facilities, and assets that are so vital that their incapacity or their destruction would have a debilitating impact on a nation's national security, economic security, or national public health and safety. We kind of understand them (and most people do) as those facilities and services that are so vital to the basic operations of a given society 9like the one we live in) or those without which the functioning of a given society would be greatly impaired. In our book, for example, we talk about critical infrastructure sectors. Here in the United States, for example, we have 16 critical infrastructure sectors where assets and systems and networks, whether they're physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on our national economic security or public health and safety. Those sectors include, here in the United States, and for most Western nations, the same types and same sectors, such as the chemical sector or the dam sector, commercial facilities. Communications sector. Critical manufacturing.
In this episode of The Gate 15 Interview, Andy Jabbour visits with Brian Harrell, Vice President and Chief Security Officer (CSO) at AVANGRID. Brian currently serves as the Vice President and Chief Security Officer (CSO) at AVANGRID, an energy company with assets and operations in 24 states. He is responsible for the company's cybersecurity, privacy, physical security, threat management, and business continuity. In 2018, Brian was appointed by the President of the United States to serve as the sixth Assistant Secretary for Infrastructure Protection at the U.S. Department of Homeland Security. He was also the first Assistant Director for Infrastructure Security at the Cybersecurity and Infrastructure Security Agency (CISA). He has spent time during his career in the US Marine Corps and various private sector agencies with the goal of protecting the United States from security threats. Brian is a Board Member and Strategic Advisor to many great companies. Brian on Twitter: @gridsecure In the discussion we address: Brian's background and path from law enforcement to infrastructure, CISA to AVANGRID Information Sharing Preparedness and Best Practices Evolving threats to energy and infrastructure, including hostile events, insider threats, cyberattacks and nation state threats, 3rd party risk and more We talk baseball, burgers, and boating, plus shoutouts to some valued friends and partners! A few references mentioned in or relevant to our discussion include: AVANGRID. “AVANGRID is a leading sustainable energy company transitioning America toward a clean and connected future headquartered in Orange, CT, and has a footprint in 24 states with $40 billion in assets. Our primary businesses are Avangrid Networks, which serves 3.3 million electric and natural gas customers in the Northeast, and Avangrid Renewables, the third-largest renewable energy company in the U.S. with a diverse onshore and offshore renewable energy portfolio.” WSJ Pro Research Survey: Preparedness Results, 29 Nov 2022 The Cybersecurity and Infrastructure Security Agency (CISA) release of the Resilient Power Best Practices for Critical Facilities and Sites. This document supports emergency and continuity managers with guidelines, analysis, background material, and references to increase the resilience of backup and emergency power systems during all durations of power outages. Improving power resilience can help the nation withstand and recover rapidly from deliberate attacks, accidents, natural disasters, as well as unconventional stresses, shocks, and threats to our economy and democratic system. The Electricity Information Sharing and Analysis Center (E-ISAC) GridEx VII – November 14-15, 2023 Space ISAC DHS CISA on Cyber-Physical Convergence Gate 15: Blended Threats (update 1.1): Understanding an Evolving Threat Environment (and numerous other blog posts, papers and exercises)
Podcast: The Gate 15 Podcast ChannelEpisode: The Gate 15 Interview EP30: Brian Harrell on Energy & Infrastructure Security, plus baseball, boating & burgers!Pub date: 2022-12-26In this episode of The Gate 15 Interview, Andy Jabbour visits with Brian Harrell, Vice President and Chief Security Officer (CSO) at AVANGRID. Brian currently serves as the Vice President and Chief Security Officer (CSO) at AVANGRID, an energy company with assets and operations in 24 states. He is responsible for the company's cybersecurity, privacy, physical security, threat management, and business continuity. In 2018, Brian was appointed by the President of the United States to serve as the sixth Assistant Secretary for Infrastructure Protection at the U.S. Department of Homeland Security. He was also the first Assistant Director for Infrastructure Security at the Cybersecurity and Infrastructure Security Agency (CISA). He has spent time during his career in the US Marine Corps and various private sector agencies with the goal of protecting the United States from security threats. Brian is a Board Member and Strategic Advisor to many great companies. Brian on Twitter: @gridsecure In the discussion we address: Brian's background and path from law enforcement to infrastructure, CISA to AVANGRID Information Sharing Preparedness and Best Practices Evolving threats to energy and infrastructure, including hostile events, insider threats, cyberattacks and nation state threats, 3rd party risk and more We talk baseball, burgers, and boating, plus shoutouts to some valued friends and partners! A few references mentioned in or relevant to our discussion include: AVANGRID. “AVANGRID is a leading sustainable energy company transitioning America toward a clean and connected future headquartered in Orange, CT, and has a footprint in 24 states with $40 billion in assets. Our primary businesses are Avangrid Networks, which serves 3.3 million electric and natural gas customers in the Northeast, and Avangrid Renewables, the third-largest renewable energy company in the U.S. with a diverse onshore and offshore renewable energy portfolio.” WSJ Pro Research Survey: Preparedness Results, 29 Nov 2022 The Cybersecurity and Infrastructure Security Agency (CISA) release of the Resilient Power Best Practices for Critical Facilities and Sites. This document supports emergency and continuity managers with guidelines, analysis, background material, and references to increase the resilience of backup and emergency power systems during all durations of power outages. Improving power resilience can help the nation withstand and recover rapidly from deliberate attacks, accidents, natural disasters, as well as unconventional stresses, shocks, and threats to our economy and democratic system. The Electricity Information Sharing and Analysis Center (E-ISAC) GridEx VII – November 14-15, 2023 Space ISAC DHS CISA on Cyber-Physical Convergence Gate 15: Blended Threats (update 1.1): Understanding an Evolving Threat Environment (and numerous other blog posts, papers and exercises)The podcast and artwork embedded on this page are from Gate 15, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Released 19 December, 2022 In 2014 NATO's Centre of Excellence-Defence Against Terrorism (COE-DAT) launched the inaugural course on “Critical Infrastructure Protection Against Terrorist Attacks.” As this course garnered increased attendance and interest, the core lecturer team felt the need to update the course in critical infrastructure (CI) taking into account the shift from an emphasis on “protection” of CI assets to “security and resiliency.” What was lacking in the fields of academe, emergency management, and the industry practitioner community was a handbook that leveraged the collective subject matter expertise of the core lecturer team, a handbook that could serve to educate government leaders, state and private-sector owners and operators of critical infrastructure, academicians, and policymakers in NATO and partner countries. Enabling NATO's Collective Defense: Critical Infrastructure Security and Resiliency is the culmination of such an effort, the first major collaborative research project under a Memorandum of Understanding between the US Army War College Strategic Studies Institute (SSI), and NATO COE-DAT. The research project began in October 2020 with a series of four workshops hosted by SSI. The draft chapters for the book were completed in late January 2022. Little did the research team envision the Russian invasion of Ukraine in February this year. The Russian occupation of the Zaporizhzhya nuclear power plant, successive missile attacks against Ukraine's electric generation and distribution facilities, rail transport, and cyberattacks against almost every sector of the country's critical infrastructure have been on world display. Russian use of its gas supplies as a means of economic warfare against Europe—designed to undermine NATO unity and support for Ukraine—is another timely example of why adversaries, nation-states, and terrorists alike target critical infrastructure. Hence, the need for public-private sector partnerships to secure that infrastructure and build the resiliency to sustain it when attacked. Ukraine also highlights the need for NATO allies to understand where vulnerabilities exist in host nation infrastructure that will undermine collective defense and give more urgency to redressing and mitigating those fissures. Click here to read the book. Click here to watch the webinar. Keywords: critical infrastructure, CIP, CISR, CBRNE, cyber threats, weaponizing critical infrastructure, security risk assessment, crisis management Episode Transcript: Enabling NATO's Collective Defense: Critical Infrastructure Security and Resiliency (NATO COE-DAT Handbook 1) Stephanie Crider (Host) You're listening to Decisive Point, a US Army War College Press production focused on national security affairs. The views and opinions expressed in this podcast are those of the authors and are not necessarily those of the Department of the Army, the US Army War College, or any other agency of the US government. Decisive Point welcomes Dr. Carol V. Evans, editor of Enabling NATO's Collective Defense: Infrastructure Security and Resiliency, which was published by the US Army War College Press in November 2022. Evans is the director of the Strategic Studies Institute and the US Army War College Press. She brings 30 years of expertise in the areas of mission assurance, crisis and consequence management, asymmetric warfare, terrorism, maritime security, and homeland security. Since 2014, Evans has been a lecturer at the NATO Center of Excellence for the Defense Against Terrorism in Ankara, Turkey, where she teaches its Critical Infrastructure Protection Against Terrorist Attacks training program. She holds a Master of Science degree and a Doctor of Philosophy degree from the London School of Economics. Thanks so much for joining me. I'm really excited to talk with you today. You recently edited a book for NATO, Enabling NATO's Collective Defense: Critical Infrastructure Security and ...
In this episode, Darren talks about the convergence of OT and IT cybersecurity with security expert Steve Orrin (CTO of Intel Federal) and Industrial OT expert Dr. Anna Scott (Chief Edge Architect for Intel Public Sector). Blog: https://www.intel.com/content/www/us/en/government/podcasts/embracing-digital-transformation-episode116.html Video: https://youtu.be/DRGy_il_nUg
On November 1, the CSIS Strategic Technologies Program hosted Director of the Cybersecurity and Infrastructure Security Agency (CISA) Jen Easterly for a conversation on the future of U.S. cyber and infrastructure security, including CISA's Strategic Plan for 2023-2025. This conversation was moderated by Suzanne Spaulding, and Smart Women, Smart Power is delighted to share this timely and critical conversation with our audience.
In episode 111 of our SAP on Azure video podcast we look at Cameron Gardiner "SAP on Azure General Update August 2022", see how the SAP BTP Destination Service can be used to connect to services from Azure, look at SAP Process Automation and how it can connect to Outlook and Excel and deep dive on some SAP related announcements done during the Power Platform Conference this week. The new SAP Connector that was announced there, not only comes with new capabilities, but also with a set of predefined templates for Power Apps and Power Automate which for example allow you to quickly create a Purchase Order app. Then we continue to talk about security. Going up the stack talking about physical security in our datacenters, we now look at way on how to protect the workload and infrastructure using Privileged Identity Management and Microsoft Defender for Cloud. Paul Edlund joins us again to walk us through whiteboards and demos. https://www.saponazurepodcast.de/episode111 Reach out to us for any feedback / questions: Robert Boban: https://www.linkedin.com/in/rboban/ Goran Condric: https://www.linkedin.com/in/gorancondric/ Holger Bruchelt: https://www.linkedin.com/in/holger-bruchelt/ #SAPonAzure
KYLE SHIDELER, Director/Senior Analyst for Homeland Security and Counterterrorism at Center for Security Policy: Assessing possible rioting following the SCOTUS ruling on Roe v. Wade What role will "Jane's Revenge" have in these riots if they take place? An update on the January 6 hearings TOMMY WALLER, Director of Infrastructure Security, Center for Security Policy, Lieutenant Colonel, US Marine Corps Reserves, Secure the Grid Coalition, Twitter: @Secure_the_Grid A recent sun spot that is pointed towards earth Is the U.S. federal government committed to protecting our electric grid? ROBERT CHARLES, Spokesman, Association of Mature American Citizens, Former Assistant Secretary, State at the State Department's Bureau of International Narcotics and Law Enforcement Affairs in the Bush Administration, Author, “Eagles and Evergreens,” @RCharles4USA An update on the SCOTUS Roe v. Wade ruling What is Carson v. Makin?
TOMMY WALLER, Director of Infrastructure Security, Center for Security Policy, Lieutenant Colonel, US Marine Corps Reserves, Secure the Grid Coalition, Twitter: @Secure_the_Grid Various accidents at food processing plants across the United States Downstream effects of food insecurity around the world Fertilizer shortages taking place in the U.S. DEDE LAUGESEN, Director, Save the Persecuted Christians Ongoing persecution of Christians taking place around the globe A recent attack at a Catholic church in Nigeria Why is this subject not getting the attention it deserves? VICTOR GONZALEZ, Spanish businessman and politician, Member of the Congress of Deputies China's influence in Latin America Is the Biden administration paying attention to Latin America?
ROBERT SPALDING, Senior Fellow at the Hudson Institute, Author of War Without Rules: China's Playbook for Global Domination and Stealth War: How China Took Over While America's Elite Slept, Former Special Assistant to the U.S. Air Force Vice Chief of Staff: The doctrine of "Unrestricted Warfare" used by the Chinese Communist Party Various ways in which the CCP wages this type of warfare against the United States A preview of General Spalding's new book, War Without Rules: China's Playbook for Global Domination TOMMY WALLER, Director of Infrastructure Security, Center for Security Policy, Lieutenant Colonel, US Marine Corps Reserves, Secure the Grid Coalition, Twitter: @Secure_the_Grid Recent activities of "space weather" that have taken place around the world How do "solar events" affect life on earth? What is the federal government doing to protect the electrical grid from solar events? ROBERT CHARLES, Spokesman, Association of Mature American Citizens, Former Assistant Secretary, State at the State Department's Bureau of International Narcotics and Law Enforcement Affairs in the Bush Administration, Author, “Eagles and Evergreens,” @RCharles4USA What role did Nancy Pelosi play in January 6? A history of various "boards of misinformation" What is the "digital gulag"?
Jim and Jeff talk with Dan Creed, Head of Infrastructure Security at Meta about the IAM challenges Meta faces on a daily basis and some of the identity risks to be solved for in the metaverse. Connect with Dan on LinkedIn: https://www.linkedin.com/in/daniel-creed-mba-ccsp-sscp-csis-cios-ecih-2947162/ Learn more about Meta: Meta.com Connect with Jim and Jeff on LinkedIn here: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show at www.IdentityAtTheCenter.com, follow @IDACPodcast on Twitter, and check out our live streams at www.idac.live --- Send in a voice message: https://anchor.fm/identity-at-the-center/message
Not so long ago security was 'more manual' and therefore, riskier. Important systems would drift in their configuration, people would go on and change things manually. Over the past decade, there has been a shift from tools that were doing infrastructure as code to immutable infrastructure. Technology now allows you to be updated, gives you the ability to retrain, and have a repeatable process. Gilbert Martin is the Head of Cloud Security at OutSystems and a big believer in taking a developer first approach to a lot of the things that we do in security. One of those is creating an image pipeline. In today's episode, Gilbert walks us through the idea of how using the right tools can help you promote better cloud infrastructure security. Topics discussed in this episode: Gilbert's background in security. What the cloud environment was when he started. How immutable infrastructure has helped remove unpredictability and insecurity. Why it's important for any organization to have a software asset inventory. Gilbert's approach to dealing with systems that he finds some issue/ violation. How he uses Kubernetes and Serverless: pros and cons. Why visibility is essential for doing security at scale. Keys to interact with instant response teams. How to succeed at applying cloud security at scale in the future.
On today's episode of The Daily Scoop Podcast, a push on Capitol Hill to send more funding and more responsibilities to the Cybersecurity and Infrastructure Security agency, including making it a hub for all American companies to report their cyber breaches. Larry Allen, President, Allen Federal Business Partners, forecasts what's down the pike for the federal procurement and contracting community as the end of the fiscal year comes to a close next week. Jonathan Alboum, Former Chief Information Officer, USDA and Federal CTO & Principal Data Strategist, ServiceNow, discusses current USDA Chief Data Officer Ted Kaouk's coming move to the Office of Personnel Management and how personnel data can help organization leaders more effectively manage their workforce. Sanjay Gupta, Chief Technology Officer, Small Business Administration and Member of the Technology Modernization Board, gives his insights on the projects the TMF Board receives well from agencies and the definition of “high-value” systems. The Daily Scoop Podcast is available everyday at 4 p.m. ET. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on Apple Podcasts, Google Podcasts, Spotify and Stitcher. And if you like what you hear, please let us know in the comments.
Today's guests are Tommy Waller, Director of Infrastructure Security and Kyle Shideler, Director of Counterterrorism and Homeland Security at the Center. We Discuss: Tommy's first-hand experience serving in Afghanistan, an ideological background of the Taliban, effects of the U.S. withdrawal from Afghanistan, and a history of U.S. negotiations with the Taliban. We want to hear from you! Contact us at questions@notcleared.org with any questions, comments or recommendations. Check out https://centerforsecuritypolicy.org/author/not-cleared/ (centerforsecuritypolicy.org/author/not-cleared) for show notes, links to articles mentioned, speaker bios, and much more!
Meet: Arkadiy is Head of Application & Infrastructure Security at Chime. He is passionate about all forms of digital harm reduction, ranging from technical, to policy & legal, to security management & leadership. What you'll learn: Establishing a security champion and culture Developers make for great security engineers Learning lessons from launching his own product If you would like to reach out to Arkadiy about anything he discussed on the podcast, please reach out to him via Twitter: https://twitter.com/arkadiyt
Days after yet another deadly school shooting, police in Santa Clarita, California are still trying to figure what motivated the teenage gunman. The U.S. Secret Service has researched a decade of similar attacks and recently released a study it says identifies some of the warning signs . Chief of the U.S. Secret Service Threat Assessment Center, Dr. Lina Alathari, joins the Rundown to discuss what they found and some of the traits these school shooters have in common. What would we do if our electrical grid was attacked? Is America ready? November is known as National Critical Infrastructure and Resilience Month, which shines a light on the role critical infrastructure systems play in keeping the nation and our communities safe. Assistant Director of Infrastructure Security at CISA (Critical Infrastructure Security Agency), Brian Harrell joins today's podcast to discuss how his agency prepares for cyber-attacks and how we can contribute to the security of our nation's cybersecurity. Plus, commentary by national press secretary for President Donald Trump's 2020 re-election campaign, Kayleigh McEnany. Learn more about your ad choices. Visit megaphone.fm/adchoices