POPULARITY
Mandana White, CEO of Smart Grid Forums, talks about the rise of insider threats to a company's cybersecurity and what it has to do with the cost-of-living crisis as well as the Western Robin Hood mentality. Diving a bit into societal psychology and politics there might even be a bit to learn from – of all places – Dubai to get IT and OT cybersecurity working in both companies and society.
Podcast: Industrial Cybersecurity InsiderEpisode: OT Security in Hindsight: Visibility, Authority, and the Executive DisconnectPub date: 2025-05-27Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this special rewind edition of Industrial Cybersecurity Insider, we revisit some of the most powerful insights shared on how to elevate OT cybersecurity across complex, distributed environments. From budget allocation strategies to disaster recovery frameworks and the nuances of executive engagement, this episode distills frontline lessons into a compact, high-impact listen. Whether you're navigating remote access risks, managing hybrid architectures, or striving to align plant managers with corporate cybersecurity goals, these reflections are a roadmap for driving resilience and maturity in your OT security strategy.Chapters:00:00:00 - Rewind Kickoff: From Blind Spots to Bold Predictions00:00:46 - The A-Z of Industrial Cybersecurity for OT Environments with Industry Expert Bryson Bort00:10:57 - Gartner, DOGE, and the Future of OT Cybersecurity Policy00:21:38 - Uncovering Blind Spots in OT CybersecurityLinks And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: PrOTect It All (LS 25 · TOP 10% what is this?)Episode: From Plant Operator to OT Security: Stories of Failures and BreakthroughsPub date: 2025-05-26Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow dives deep into the intersection of IT and OT cybersecurity with special guest Gavin Dilworth—a plant operator turned automation engineer and cybersecurity expert. Listen in as Gavin shares his candid and often humorous journey from factory floors to global consulting, including how a workplace near-miss sparked his “lightbulb moment” about the similarities between health and safety and cybersecurity. Aaron and Gavin discuss everything from operators' creative workarounds on the plant floor, to the importance of trust and rapport between IT and OT teams, and why having hands-on experience is key to building effective cybersecurity programs in critical infrastructure environments. You'll also hear real-world stories of technology mishaps, the critical role of plant culture, and the practical challenges organizations face in securing legacy systems while keeping operations running. If you want honest, relatable insights and actionable advice on bridging the IT-OT divide—and a few laughs along the way—this episode is for you. Key Moments: 10:12 Operator Rounds and RFID Challenges 12:56 Operators' Ingenuity and Knowledge 21:29 IT vs. OT: Firmware Update Challenges 26:49 Understanding and Accepting Risk 28:12 Standards, Frameworks, and Continuity 33:08 High Voltage Safety Precautions 40:41 Bridging OT and IT Skills 43:46 Cybersecurity Cross-Training Surge 52:38 CISO Knowledge Gap in OT Security 54:32 "Experience: Essential for Understanding" 01:03:34 DCS System Configuration Challenges 01:06:52 Neglecting Redundancy Risks Operations 01:11:00 Optimizing Underutilized IT Resources 01:20:04 "Understanding Systems Before Advice" 01:22:06 Old Cables Remain Untouched About the guest : Gavin Dilworth's career took an unconventional path. As a plant operator, he was tasked with keeping production running smoothly and monitoring sensor readings, both on the computer and around the factory. However, Gavin was never quite the model operator—rather than dutifully making rounds and comparing readings, he often found himself absorbed in books, dreaming of a future in IT. Though he laughs about being a “pretty terrible operator,” Gavin's story reflects his early drive to pursue his true interests in technology, even when duty called elsewhere. How to connect Gavin : Linkedin : https://www.linkedin.com/in/gavin-dilworth/ Website: https://assessmentplus.co.nz/ Connect With Aaron Crow: Website: www.corvosec.com LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co Website: https://protectitall.co/ X: https://twitter.com/protectitall YouTube: https://www.youtube.com/@PrOTectITAll FaceBook: https://facebook.com/protectitallpodcast To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: OT Security Made SimpleEpisode: How to build a SIEM SOC in OT? | OT Security Made SimplePub date: 2025-05-22Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationZeek Muratovic, Director of Security Operations at Landis+Gyr talks about the first steps to build a SIEM SOC in OT environments. Being a pragmatist, he proposes a step-by-step approach that prevents OT operators from overkilling their budget AND workload.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Zeek Muratovic, Director of Security Operations at Landis+Gyr talks about the first steps to build a SIEM SOC in OT environments. Being a pragmatist, he proposes a step-by-step approach that prevents OT operators from overkilling their budget AND workload.
In deze aflevering gaat Dave Maasland in gesprek met de CISO van IG&H Sam van Rooij. Vergeet het stereotype van de hacker op zolder: Sam is net zo gepassioneerd over fotografie en kunst als over OT-omgevingen en securityprotocollen.Met een indrukwekkende loopbaan waarin hij meerdere rollen vervulde o.a. bij Volkers Wessels, weet Sam als geen ander hoe belangrijk het is om de mens achter de techniek centraal te stellen. Hij vertelt open over zijn drijfveren, hoe hij het gesprek aangaat binnen organisaties én waarom hij uren kan praten over operationele technologie zonder zijn publiek kwijt te raken.
Podcast: HOU.SEC.CAST.Episode: OT Security with Watch Mr. Wizard Star Sean CurryPub date: 2025-05-14Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationMichael and Sam are catching up with Principal Consultant and Co-Founder at Cavalry Solutions, Sean Curry! Sean talks about his transition from the military to the private sector, the importance of standards like IEC 62443 for OT security, and the best way to align IT and OT teams.Things Mentioned:· New study reveals 92% of industrial sites at risk from unsecured remote access - https://www.securityinfowatch.com/critical-infrastructure/press-release/55262827/new-study-reveals-92-of-industrial-sites-at-risk-from-unsecured-remote-access?utm_campaign=4532845-%5BSocial%5D+News+Mentions,+Articles,+and+Bylines&utm_content=323098968&utm_medium=social&utm_source=linkedin&hss_channel=lcp-12898104· Sean's Talk: https://youtu.be/Lv6ppq6ZaBs?si=IlBtkFJSEuDshGwF Do you have a question for the hosts? Reach out to us at podcast@houstonseccon.com Keep up with HOU.SEC.CON:· LinkedIn· Twitter· Facebook· Instagram· YouTube· Bluesky Check out our other show:· CyberSundayCheck out our Conferences and Events:· HOU.SEC.CON.· OT.SEC.CON.· EXEC.SEC.CON.· HSC User GroupSupport or apply to our Scholarship Program:· TAB Cyber FoundationIn this episode:· Host: Michael Farnum· Host: Sam Van Ryder· Guest: Sean Curry· Production and editing: Lauren Lynch· Music by: August HoneyThe podcast and artwork embedded on this page are from Michael Farnum and Sam Van Ryder, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 62: Defending the Unknown in OT SecurityPub date: 2025-05-13Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationROI is always a tricky subject in cybersecurity. If you're paying millions of dollars in securing your OT networks, you'd want to be able to show that it was worth it. Andrew Hural of UnderDefense talks about the need for continuous vigilance, risk management, and proactive defense, acknowledging both the human and technological elements in cybersecurity and how just because something didn't happen doesn't mean that it didn't.The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
ROI is always a tricky subject in cybersecurity. If you're paying millions of dollars in securing your OT networks, you'd want to be able to show that it was worth it. Andrew Hural of UnderDefense talks about the need for continuous vigilance, risk management, and proactive defense, acknowledging both the human and technological elements in cybersecurity and how just because something didn't happen doesn't mean that it didn't.
Podcast: OT Security Made SimpleEpisode: How to implement Zero Trust in OT environments? | OT Security Made SimplePub date: 2025-05-06Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationZero Trust expert Stefan Sebastian talks us through the process of Zero Trust in critical OT networks like substations - and explains why this will be the make segmentation obsolete.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Zero Trust expert Stefan Sebastian talks us through the process of Zero Trust in critical OT networks like substations - and explains why this will be the make segmentation obsolete.
Podcast: OT Security Made SimpleEpisode: The State of Smart Grid Cybersecurity | OT Security Made SimplePub date: 2025-04-24Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationTodd Wiedman, CISO von Landis+Gyr, spricht über staatliche Bedrohungsakteure, die Gefährdung der Lieferkette und darüber, was die Verlagerung der Gesetzgebungsbefugnis in den USA von der Bundes- auf die Landesebene für die Cybersicherheit intelligenter Stromnetze bedeutet.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Todd Wiedman, CISO von Landis+Gyr, spricht über staatliche Bedrohungsakteure, die Gefährdung der Lieferkette und darüber, was die Verlagerung der Gesetzgebungsbefugnis in den USA von der Bundes- auf die Landesebene für die Cybersicherheit intelligenter Stromnetze bedeutet.
Podcast: Critical Assets PodcastEpisode: From CISO to Startup: OT Security, Leadership, and Lessons from the FieldPub date: 2025-04-13Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of the Critical Assets Podcast, Patrick Miller interviews Darren Highfill, former CISO of Norfolk Southern, for a candid look behind the curtain of life as a security executive. Darren shares hard-won lessons from building and leading a cybersecurity program in a critical infrastructure environment, including how to gain executive buy-in, scale a team, and align security with business priorities. He reflects on the challenges of translating cyber risk into business risk, managing real-world incidents, and the evolving expectations of the CISO role. Whether you're in the chair now or working toward it, this conversation is packed with practical insights for anyone navigating cybersecurity leadership.Show links:Darren Highfill LinkedIn Profile - https://www.linkedin.com/in/darrenhighfill/NIST Cyber Security Framework (CSF) - https://www.nist.gov/cyberframeworkAnkrd website - https://www.ankrd.com/The podcast and artwork embedded on this page are from Patrick Miller, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: OT Security Made SimpleEpisode: Die Rolle des CISO in der OT | OT Security Made SimplePub date: 2025-04-08Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationEileen Walther, General Manager von Northwave Cyber Security, und Klaus Mochalski gehen der Frage auf den Grund, wie sich die Rolle des CISO in der OT-Security verändert hat und was KMUs daraus lernen können. The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: Industrial Cybersecurity InsiderEpisode: Cybersecurity by Design: Building OT Security Into Your Manufacturing Plant FloorPub date: 2025-04-08Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Dino and Craig address the practicalities of building cyber resilience directly into manufacturing environments - rather than after the fact. Using real-world analogies and field-tested insights, they break down why treating OT security like physical safety is crucial. They challenge the outdated mindset of retrofitting cybersecurity protection after deployment of industrial plant floor equipment.This episode covers all the key elements of protecting your plant floor. From the importance of designing cybersecurity upfront, to implementing the SANS 5 Critical Controls, specific to cybersecurity in operational technology (OT) environments. Whether you're planning a greenfield build or managing legacy systems, this episode equips mid-to-senior leaders with actionable strategies to align IT and OT teams, boost visibility across XIoT assets, and future-proof operational environments in high-risk industries.Chapters:00:00:00 - Kicking Off: Why Cybersecurity Can't Be an Afterthought in Manufacturing00:01:52 - Dino's Five Must-Have OT Security Controls You Should Already Be Using00:03:45 - When IT and OT Collide: Real Talk on Silos, Strategy, and Responsibility00:06:08 - You Can't Protect What You Can't See: The Visibility Wake-Up Call00:11:24 - Build It In, Don't Bolt It On: Making Cybersecurity Part of the Machine00:19:26 - Lost Docs and Retiring Experts: Managing Risk Across the Lifecycle00:20:41 - Dino and Craig's Final Word: Start Now, Start Smart—Security Is the New SafetyLinks And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity Insider NewsletterDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Eileen Walther, General Manager von Northwave Cyber Security, und Klaus Mochalski gehen der Frage auf den Grund, wie sich die Rolle des CISO in der OT-Security verändert hat und was KMUs daraus lernen können.
Podcast: OT Security Made SimpleEpisode: ISO 27001 für OT: Mehrwert oder Overhead? | OT Security Made SimplePub date: 2025-03-27Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationKlaus Kilvinger, Managing Director bei den Sicherheitsexperten von Opexa Advisory, berichtet aus seinen vielfältigen Erfahrungen zur ISO 27001. Während diese in der IT bereits ein alter Hut ist, wird sie in industriellen Umgebungen - der OT - häufig mit einer Mischung aus Argwohn und Überforderungen begrüßt. Im Podcast kommen wir dem Mehrwert auf die Spur. The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Klaus Kilvinger, Managing Director bei den Sicherheitsexperten von Opexa Advisory, berichtet aus seinen vielfältigen Erfahrungen zur ISO 27001. Während diese in der IT bereits ein alter Hut ist, wird sie in industriellen Umgebungen - der OT - häufig mit einer Mischung aus Argwohn und Überforderungen begrüßt. Im Podcast kommen wir dem Mehrwert auf die Spur.
Podcast: Bites & Bytes PodcastEpisode: Cybersecurity Shouldn't Suck: Fixing the Real Problems with Tom SegoPub date: 2025-03-18Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWhat happens when cyber threats hit critical infrastructure? In this episode of the Bites and Bytes Podcast, host Kristin Demoranville sits down with Tom Sego, a cybersecurity leader with a fascinating background from chemical engineering to Apple to professional poker, now focused on making security simpler and more effective for critical infrastructure as CEO at Blastwave. Cyber risks in critical industries are real, but so are the solutions. Kristin and Tom discuss why current security models create more problems than they solve, how the human element is often overlooked, and what needs to change to make security actually work for the people keeping our systems running.
Dale Peterson discusses with Maggie how she got into OT security, her recent move to the Financial Sector, women in ICS security, and more.
Podcast: OT Security Made SimpleEpisode: Aus dem Tagebuch eines OT-Pentesters | OT Security Made SimplePub date: 2025-03-11Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationPatrick Latus berichtet als passionierter Pentester von vorderster Front der OT-Sicherheit. Von fehlendem Bewusstsein und Expertise bei Herstellern, Anwendenden und Auditor:innen bis zur Frage, ob OT-Sicherheitsvorfälle nur deshalb nicht publik werden, weil sie schlichtweg nicht gesehen werden. The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
OT security is commonly used to protect Industrial Systems and networks from attacks. Operational technology security is used to protect and control critical infrastructures such as power stations, transportation networks and smart city appliances.Thank you for watching this video, For more details or free demo with out expert write into us at sales@infosectrain.comSubscribe to our channel to get video updates. Hit the subscribe button above.Facebook: https://www.facebook.com/Infosectrain/Twitter: https://twitter.com/Infosec_TrainLinkedIn: https://www.linkedin.com/company/infosec-train/Instagram: https://www.instagram.com/infosectrain/Telegram: https://t.me/infosectrains
Patrick Latus berichtet als passionierter Pentester von vorderster Front der OT-Sicherheit. Von fehlendem Bewusstsein und Expertise bei Herstellern, Anwendenden und Auditor:innen bis zur Frage, ob OT-Sicherheitsvorfälle nur deshalb nicht publik werden, weil sie schlichtweg nicht gesehen werden.
Podcast: OT Security Made SimpleEpisode: How do you secure the smart grid infrastructure? | OT Security Made SimplePub date: 2025-02-27Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of OT Security Made Simple, Zeek Muratovic, Director of Security Solutions for the Landis+Gyr group talks about the challenges and shortcomings of energy distributors, and the first steps to secure the growing and ever more complex smart grid infrastructure from the distribution network to the edge like smart meters and EV charging stations.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Please enjoy this encore episode of Word Notes. Hardware and software designed to detect and prevent cyber adversary campaigns that target industrial operations.
Please enjoy this encore of Word Notes. Hardware and software designed to detect and prevent cyber adversary campaigns that target industrial operations. Learn more about your ad choices. Visit megaphone.fm/adchoices
Podcast: OT Security Made Simple PodcastEpisode: OT Security Made Simple | How to secure the smart metering infrastructure?Pub date: 2025-02-13Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationOT Security Made Simple welcomes Kenneth Lampinen, Head of Global Security Operations at energy management system provider Landis+Gyr. Kenneth talks about the threats targeting the smart metering infrastructure and why the starting point of cybersecurity is always knowing your turf.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: Bites & Bytes PodcastEpisode: ICS/OT Trends and the Food We Eat: A Conversation with Mike HolcombPub date: 2025-01-28Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWelcome to the first episode of the second season of the Award-Winning Bites and Bytes Podcast! In this episode, host Kristin Demoranville sits down with Mike Holcomb, Fellow of Cybersecurity and ICS/OT Cybersecurity Global Lead for Fluor. With decades of experience, Mike secures some of the world's largest and most complex ICS/OT environments, from power plants and rail systems to manufacturing and refineries. A passionate advocate for education and community, Mike has built cybersecurity programs, founded the Upstate SC ISSA Chapter, awarded the CyberSC'sC's MG Lester D. Eisner Award for Cyber Excellence in Leadership for the State of South Carolina, and leads the BSides Greenville & BSides ICS conferences. Join Kristin and Mike as they discuss the evolving ICS/OT cybersecurity landscape, Mike's journey as a leader in the field, and the unique challenges facing critical infrastructure, including food and agriculture. Mike also shares personal insights, including his favorite food memories and how cybersecurity connects to everyday systems like agriculture and transportation. Where to find Mike Holcomb: LinkedIn Website Youtube Github Newsletter _______________________________________________ Episode Key Highlights: (0:00:09) - Welcome and Introduction to Mike Holcomb (0:03:10) - Unique Food Combinations and Fun Food Memories (0:07:12) - Highlighting Food and Agriculture in OT Security (0:12:10) - Protecting Critical Infrastructure Systems Impacting Lives (0:17:18) - Food and Agriculture as Complex Critical Systems (0:23:13) - Behind the Scenes of Food Production and Transport (0:24:02) - Cyber Incidents Impacting Grocery Supply Chains (0:30:01) - Regional Food Safety Regulations and Challenges (0:35:10) - Educating Consumers About Food Systems (0:47:25) - Reflections on Community Building in Cybersecurity (0:53:37) - Final ThoughtsMike'ss Personal Message _______________________________________________ Upcoming Conferences:
Guest: Fahad Mughal, Senior Cyber Solutions Architect - SecurityOn LinkedIn | https://www.linkedin.com/in/fahadmughal/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesModern railway systems are increasingly digital, integrating operational technology (OT) to enhance efficiency, reliability, and safety. However, as railways adopt automated and interconnected systems, they also become more vulnerable to cyber threats. In this episode of Redefining Cybersecurity on ITSP Magazine, host Sean Martin speaks with Fahad Ali Mughal, a cybersecurity professional with extensive experience in OT security architecture, about the challenges and priorities of securing railway infrastructure.The Growing Role of Cybersecurity in RailwaysRailway systems have evolved from steam-powered locomotives to autonomous, driverless trains that rely on sophisticated digital controls. OT now plays a crucial role in managing train operations, signaling, interlocking, and trackside equipment. These advancements improve efficiency but also expose railway networks to cyber threats that can disrupt service, compromise safety, and even impact national security. Unlike traditional IT environments, where the focus is on confidentiality, integrity, and availability (CIA), OT in railways prioritizes reliability, availability, and public safety. Ensuring the safe movement of trains requires a cybersecurity strategy tailored to the unique needs of railway infrastructure.Critical OT Systems in RailwaysMughal highlights key OT components in railways that require cybersecurity protection:• Signaling Systems: These function like traffic lights for trains, ensuring safe distances between locomotives. Modern communication-based train control (CBTC) and European Rail Traffic Management Systems (ERTMS) are vulnerable to cyber intrusions.• Interlocking Systems: These systems prevent conflicting train movements, ensuring safe operations. As they become digitized, cyber risks increase.• Onboard OT Systems: Automatic Train Control (ATC) regulates speed and ensures compliance with signaling instructions. A cyberattack could manipulate these controls.• SCADA Systems: Supervisory Control and Data Acquisition (SCADA) systems oversee infrastructure operations. Any compromise here can impact an entire railway network.• Safety-Critical Systems: Fail-safe mechanisms like automatic braking and failover controls are vital in preventing catastrophic accidents.The increasing digitization and interconnection of these systems expand the attack surface, making cybersecurity a top priority for railway operators.Real-World Cyber Threats in RailwaysMughal discusses several significant cyber incidents that highlight vulnerabilities in railway cybersecurity:• 2023 Poland Attack: Nation-state actors exploited vulnerabilities in railway radio communication systems to send unauthorized emergency stop commands, halting trains across the country. The attack exposed weaknesses in authentication and encryption within OT communication protocols.• 2021 Iran Railway Incident: Hackers breached Iran's railway scheduling and digital message board systems, displaying fake messages and causing widespread confusion. While safety-critical OT systems remained unaffected, the attack disrupted operations and damaged public trust.• 2016 San Francisco Muni Ransomware Attack: A ransomware attack crippled the fare and scheduling system, leading to free rides for passengers and operational delays. Though IT systems were the primary target, the impact on OT operations was evident.These incidents underscore the urgent need for stronger authentication, encryption, and IT-OT segmentation to protect railway infrastructure.Cybersecurity Standards and Best Practices for Railways (links to resources below)To build resilient railway cybersecurity, Mughal emphasizes the importance of international standards:• IEC 62443: A globally recognized framework for securing industrial control systems, widely applied to OT environments, including railways. It introduces concepts such as network segmentation, risk assessment, and security levels.• TS 50701: A European standard specifically designed for railway cybersecurity, expanding on IEC 62443 with guidance for securing signaling, interlocking, and control systems.• EN 50126 (RAMS Standard): A safety-focused standard that integrates reliability, availability, maintainability, and safety (RAMS) into railway operations.Adopting these standards helps railway operators establish secure-by-design architectures that mitigate cyber risks.Looking Ahead: Strengthening Railway CybersecurityAs railway systems become more automated and interconnected with smart cities, vehicle transportation, and supply chain networks, cyber threats will continue to grow. Mughal stresses the need for industry collaboration between railway engineers and cybersecurity professionals to ensure that security is integrated into every stage of railway system design.He also emphasizes the importance of real-time OT threat monitoring, anomaly detection, and Security Operations Centers (SOCs) that understand railway-specific cyber risks. The industry must stay ahead of adversaries by adopting proactive security measures before a large-scale cyber incident disrupts critical transportation networks.The conversation makes it clear: cybersecurity is now a fundamental part of railway safety and reliability. As Mughal warns, it's not a question of if railway cyber incidents will happen, but when.To hear the full discussion, including insights into OT vulnerabilities, real-world case studies, and cybersecurity best practices, listen to this episode of Redefining Cybersecurity on ITSP Magazine.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
Podcast: OT Security Made Simple PodcastEpisode: OT Security Made Simple | Looking at smart grid cybersecurity regulation under TrumpPub date: 2025-01-28Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationOT Security Made Simple welcomes Marguerite Behringer, Director of Regulatory Policy & Industry Relations at Landis+Gyr USA. She talks about the difficulty of US-wide cybersecurity regulation, the grind of redundant requirements and why smart meter cybersecurity needs more frameworks than laws.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Guest: Fahad Mughal, Senior Cyber Solutions Architect - SecurityOn LinkedIn | https://www.linkedin.com/in/fahadmughal/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesModern railway systems are increasingly digital, integrating operational technology (OT) to enhance efficiency, reliability, and safety. However, as railways adopt automated and interconnected systems, they also become more vulnerable to cyber threats. In this episode of Redefining Cybersecurity on ITSP Magazine, host Sean Martin speaks with Fahad Ali Mughal, a cybersecurity professional with extensive experience in OT security architecture, about the challenges and priorities of securing railway infrastructure.The Growing Role of Cybersecurity in RailwaysRailway systems have evolved from steam-powered locomotives to autonomous, driverless trains that rely on sophisticated digital controls. OT now plays a crucial role in managing train operations, signaling, interlocking, and trackside equipment. These advancements improve efficiency but also expose railway networks to cyber threats that can disrupt service, compromise safety, and even impact national security. Unlike traditional IT environments, where the focus is on confidentiality, integrity, and availability (CIA), OT in railways prioritizes reliability, availability, and public safety. Ensuring the safe movement of trains requires a cybersecurity strategy tailored to the unique needs of railway infrastructure.Critical OT Systems in RailwaysMughal highlights key OT components in railways that require cybersecurity protection:• Signaling Systems: These function like traffic lights for trains, ensuring safe distances between locomotives. Modern communication-based train control (CBTC) and European Rail Traffic Management Systems (ERTMS) are vulnerable to cyber intrusions.• Interlocking Systems: These systems prevent conflicting train movements, ensuring safe operations. As they become digitized, cyber risks increase.• Onboard OT Systems: Automatic Train Control (ATC) regulates speed and ensures compliance with signaling instructions. A cyberattack could manipulate these controls.• SCADA Systems: Supervisory Control and Data Acquisition (SCADA) systems oversee infrastructure operations. Any compromise here can impact an entire railway network.• Safety-Critical Systems: Fail-safe mechanisms like automatic braking and failover controls are vital in preventing catastrophic accidents.The increasing digitization and interconnection of these systems expand the attack surface, making cybersecurity a top priority for railway operators.Real-World Cyber Threats in RailwaysMughal discusses several significant cyber incidents that highlight vulnerabilities in railway cybersecurity:• 2023 Poland Attack: Nation-state actors exploited vulnerabilities in railway radio communication systems to send unauthorized emergency stop commands, halting trains across the country. The attack exposed weaknesses in authentication and encryption within OT communication protocols.• 2021 Iran Railway Incident: Hackers breached Iran's railway scheduling and digital message board systems, displaying fake messages and causing widespread confusion. While safety-critical OT systems remained unaffected, the attack disrupted operations and damaged public trust.• 2016 San Francisco Muni Ransomware Attack: A ransomware attack crippled the fare and scheduling system, leading to free rides for passengers and operational delays. Though IT systems were the primary target, the impact on OT operations was evident.These incidents underscore the urgent need for stronger authentication, encryption, and IT-OT segmentation to protect railway infrastructure.Cybersecurity Standards and Best Practices for Railways (links to resources below)To build resilient railway cybersecurity, Mughal emphasizes the importance of international standards:• IEC 62443: A globally recognized framework for securing industrial control systems, widely applied to OT environments, including railways. It introduces concepts such as network segmentation, risk assessment, and security levels.• TS 50701: A European standard specifically designed for railway cybersecurity, expanding on IEC 62443 with guidance for securing signaling, interlocking, and control systems.• EN 50126 (RAMS Standard): A safety-focused standard that integrates reliability, availability, maintainability, and safety (RAMS) into railway operations.Adopting these standards helps railway operators establish secure-by-design architectures that mitigate cyber risks.Looking Ahead: Strengthening Railway CybersecurityAs railway systems become more automated and interconnected with smart cities, vehicle transportation, and supply chain networks, cyber threats will continue to grow. Mughal stresses the need for industry collaboration between railway engineers and cybersecurity professionals to ensure that security is integrated into every stage of railway system design.He also emphasizes the importance of real-time OT threat monitoring, anomaly detection, and Security Operations Centers (SOCs) that understand railway-specific cyber risks. The industry must stay ahead of adversaries by adopting proactive security measures before a large-scale cyber incident disrupts critical transportation networks.The conversation makes it clear: cybersecurity is now a fundamental part of railway safety and reliability. As Mughal warns, it's not a question of if railway cyber incidents will happen, but when.To hear the full discussion, including insights into OT vulnerabilities, real-world case studies, and cybersecurity best practices, listen to this episode of Redefining Cybersecurity on ITSP Magazine.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
Podcast: OT Security Made Simple PodcastEpisode: OT Security Made Simple | How to translate IT in OT securityPub date: 2025-01-16Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationOT Security Made Simple welcomes senior OT cyber security expert Mohammed Saad, who spent twelve years developing security solutions at Honeywell. He talks about his experiences with customers, successful attacks and how the communication gap between IT and OT in companies needs to be bridged.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: KBKAST (LS 31 · TOP 5% what is this?)Episode: Episode 286 Deep Dive: Dean Frye | IT, IoT And OT Security As A Business Continuity ProblemPub date: 2024-12-18Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, we sit down with Dean Frye, Solutions Architect at Nozomi Networks, as he discusses the complex landscape of IT, IoT, and OT security challenges. Dean delves into the critical importance of avoiding an “us vs. them” mentality between IT and OT teams, and how security interruptions can severely impact business continuity. We explore industry-specific vulnerabilities, such as those in factory chicken farming and Tasmanian salmon farming, and emphasize the necessity for executives to have a deeper technical understanding of cybersecurity. Dean also highlights the value of telemetry and real-time reporting, the evolving role of cloud solutions in OT environments, and the importance of a well-integrated, multidisciplinary team to effectively manage cyber risks. Dean Frye is a Solutions Architect for Nozomi Networks in Australia and New Zealand. Dean is an experienced security professional with a demonstrated history of providing compliance strategy, pragmatic risk mitigation, security project delivery, threat abatement and vendor interface solutions with a significant commercial background. Covering more than twenty years, his previous roles span consulting and senior leadership, including a stint at Armis as solutions architect, and another tenure at Cisco as director of security for the APJ region.The podcast and artwork embedded on this page are from KBI.Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: OT Security Made Simple PodcastEpisode: OT Security Made Simple | Warum es sich lohnt, bei Use Cases über den Tellerrand zu schauenPub date: 2024-12-12Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationOT Security Made Simple trifft IoT Use Cases. Klaus Mochalski spricht mit Madeleine Mickeleit, Geschäftsführerin von IoT Use Cases. Gemeinsam beleuchten sie die Macht von Use Cases anderer bei der Realisierung eigener Projekte, dem Mehrwert von Security-Lösungen in völlig fachfremden Use Cases und den (auch monetären) Vorteilen, die sich aus dem Austausch mit der Community ergeben.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: (CS)²AI Podcast Show: Control System Cyber SecurityEpisode: Rapid7's Approach to ICS and OT Security: Lessons from the FieldPub date: 2024-12-03Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationJoin Derek Harp and his guests from Rapid7—Lonnie Best, William Price, and Nicholas Butcher—as they delve into the critical challenges and exciting opportunities within the Operational Technology (OT) and Industrial Control Systems (ICS) cybersecurity landscape. Recorded live at Hack the Capitol 7.0, this episode highlights the growing demand for OT cybersecurity, innovative approaches to managing threats, and the evolving dynamics between IT and OT professionals.In this episode, the panel discusses real-world examples of managing ICS threats, the nuances of integrating OT into traditional IT security frameworks, and the importance of trust and communication in bridging gaps between teams. Learn how managed security services are adapting to meet the unique demands of OT environments and why collaboration across roles and expertise is essential.Whether you're a seasoned professional or new to the field, this episode offers actionable insights and inspiring stories that highlight the importance of securing critical infrastructure in today's evolving threat landscape. Visit cs2ai.org to learn more about resources, events, and professional development opportunities in OT and ICS cybersecurity.The podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Control System Cyber Security Association International: (CS)²AI
Join Derek Harp and his guests from Rapid7—Lonnie Best, William Price, and Nicholas Butcher—as they delve into the critical challenges and exciting opportunities within the Operational Technology (OT) and Industrial Control Systems (ICS) cybersecurity landscape. Recorded live at Hack the Capitol 7.0, this episode highlights the growing demand for OT cybersecurity, innovative approaches to managing threats, and the evolving dynamics between IT and OT professionals.In this episode, the panel discusses real-world examples of managing ICS threats, the nuances of integrating OT into traditional IT security frameworks, and the importance of trust and communication in bridging gaps between teams. Learn how managed security services are adapting to meet the unique demands of OT environments and why collaboration across roles and expertise is essential.Whether you're a seasoned professional or new to the field, this episode offers actionable insights and inspiring stories that highlight the importance of securing critical infrastructure in today's evolving threat landscape. Visit cs2ai.org to learn more about resources, events, and professional development opportunities in OT and ICS cybersecurity.
Podcast: OT Security Made Simple PodcastEpisode: OT Security Made Simple | Wer NIS2 aussitzt, spielt Russisches RoulettePub date: 2024-11-28Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn dieser Episode von OT Security Made Simple sprechen wir mit Gerald Krebs von TÜVIT über den Stand der NIS2-Umsetzung in Unternehmen. Gerald erläutert, warum Unternehmen Cybersicherheit gerade auf die lange Bank schieben und wie das Aussitzen schnell ein paar Millionen Euro kosten kann (nicht nur wegen der Strafen!). Viel wichtiger aber: Gerald gibt Tipps, wie Unternehmen die ersten Schritte nehmen können, ohne sich selbst zu überlasten.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Guest: Sian John, Chief Technology Officer, NCC GroupOn LinkedIn | https://www.linkedin.com/in/sian-john/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesDuring the recent AISA Cyber Conference 2024 in Melbourne, notable figures Sean Martin and Sian John engaged in a compelling conversation about emerging trends and significant topics within the cyber industry. The discussion covered a range of subjects from the importance of availability in operational technology (OT) security to the environmental implications of artificial intelligence (AI) and analytics. Sean Martin noted the communal focus of the conference, highlighting how initiatives driven by members of the industry, like those led by the AISA Perth chapter (as noted by Sian John), contribute significantly to the cybersecurity community.Sian John MBE provided an in-depth perspective on the global regulatory landscape, pointing out how digital disruption is driving an increase in regulations. She emphasized that privacy regulations now affect more people worldwide than ever before. John observes that while some regions might roll back regulations, the overall trend is increasing around regulatory scrutiny.Another key topic was the carbon impact of AI and analytics. Sian John pointed out the substantial environmental cost associated with training large language models, referencing research by PwC and Microsoft showcasing the significant carbon footprint involved. She argued for the need to integrate sustainability into technological advancements, coining it 'green by design.'The conversation also touched on the vital importance of OT security in the context of achieving net-zero carbon emissions and advancing renewable technology. John pointed out that while OT security has been a topic of discussion for some time, the urgency is now heightened as regulatory focus intensifies and renewable energy projects increase. When it comes to triggers that drive action, finance could win out over regulation in this case.The dialogue also explored the broader implications of security, extending beyond the traditional realms to incorporate business resilience. Martin stressed the necessity for organizations to adopt a risk-aware approach that encompasses both cyber and business risks. He posits that mature organizations, which effectively integrate resilience into their operations, are more adept at navigating regulatory changes and emerging threats.Finally, the cost of security and operational efficiency was discussed. Both speakers agreed that in a world with rising power costs, the drive towards efficient, sustainable practices is also economically motivated. This underscores the intersection of cost, regulation, and sustainability in today's business strategies. As the conversation drew to a close, the future-oriented outlook shared by both speakers reflected a pragmatic approach to the complexities of modern cybersecurity, emphasizing efficiency, regulatory compliance, and sustainability.____________________________This Episode's SponsorsThreatlocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australiaBe sure to share and subscribe!____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage?Learn More
Guest: Sian John, Chief Technology Officer, NCC GroupOn LinkedIn | https://www.linkedin.com/in/sian-john/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesDuring the recent AISA Cyber Conference 2024 in Melbourne, notable figures Sean Martin and Sian John engaged in a compelling conversation about emerging trends and significant topics within the cyber industry. The discussion covered a range of subjects from the importance of availability in operational technology (OT) security to the environmental implications of artificial intelligence (AI) and analytics. Sean Martin noted the communal focus of the conference, highlighting how initiatives driven by members of the industry, like those led by the AISA Perth chapter (as noted by Sian John), contribute significantly to the cybersecurity community.Sian John MBE provided an in-depth perspective on the global regulatory landscape, pointing out how digital disruption is driving an increase in regulations. She emphasized that privacy regulations now affect more people worldwide than ever before. John observes that while some regions might roll back regulations, the overall trend is increasing around regulatory scrutiny.Another key topic was the carbon impact of AI and analytics. Sian John pointed out the substantial environmental cost associated with training large language models, referencing research by PwC and Microsoft showcasing the significant carbon footprint involved. She argued for the need to integrate sustainability into technological advancements, coining it 'green by design.'The conversation also touched on the vital importance of OT security in the context of achieving net-zero carbon emissions and advancing renewable technology. John pointed out that while OT security has been a topic of discussion for some time, the urgency is now heightened as regulatory focus intensifies and renewable energy projects increase. When it comes to triggers that drive action, finance could win out over regulation in this case.The dialogue also explored the broader implications of security, extending beyond the traditional realms to incorporate business resilience. Martin stressed the necessity for organizations to adopt a risk-aware approach that encompasses both cyber and business risks. He posits that mature organizations, which effectively integrate resilience into their operations, are more adept at navigating regulatory changes and emerging threats.Finally, the cost of security and operational efficiency was discussed. Both speakers agreed that in a world with rising power costs, the drive towards efficient, sustainable practices is also economically motivated. This underscores the intersection of cost, regulation, and sustainability in today's business strategies. As the conversation drew to a close, the future-oriented outlook shared by both speakers reflected a pragmatic approach to the complexities of modern cybersecurity, emphasizing efficiency, regulatory compliance, and sustainability.____________________________This Episode's SponsorsThreatlocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australiaBe sure to share and subscribe!____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage?Learn More
Podcast: OT Security Made Simple PodcastEpisode: OT Security Made Simple | Wie funktioniert OT-Sicherheit im WassersektorPub date: 2024-11-21Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn dieser Episode von OT Security Made Simple begrüßen wir Rainer Stecken vom Deutschen Verein des Gas- und Wasserfaches. Rainer zeigt die Herausforderungen im Wassersektor auf und stellt das Konzept eines Sektor-SOCs vor, das seit Anfang 2024 die Cybersicherheit mehrerer Wasserunternehmen zusammenführt.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: The Industrial Security Podcast (LS 35 · TOP 3% what is this?)Episode: OT Security Data Science - A better vulnerability database [The Industrial Security Podcast]Pub date: 2024-11-20Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationSecurity automation needs a machine-readable vulnerability database. Carmit Yadin of Device Total joins us to look at limitations of the widely-used National Vulnerability Database (NVD), and explore a new "data science" alternative.The podcast and artwork embedded on this page are from PI Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Security automation needs a machine-readable vulnerability database. Carmit Yadin of Device Total joins us to look at limitations of the widely-used National Vulnerability Database (NVD), and explore a new "data science" alternative.
Security automation needs a machine-readable vulnerability database. Carmit Yadin of Device Total joins us to look at limitations of the widely-used National Vulnerability Database (NVD), and explore a new "data science" alternative.
Podcast: Unsolicited Response (LS 33 · TOP 5% what is this?)Episode: Joel Langill On His New OT Security Training Class And MorePub date: 2024-11-13Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationDale Peterson speaks with Joel Langill, the SCADAHacker, about his new training course entitled Conducting Threat, Vulnerability, and Risk Assessments For ICS. A two day version of this course will be offered prior to S4x25. Of course Dale and Joel jump around a bit on training, the workforce and other items. Take a listen.The podcast and artwork embedded on this page are from Dale Peterson: ICS Security Catalyst and S4 Conference Chair, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Dale Peterson speaks with Joel Langill, the SCADAHacker, about his new training course entitled Conducting Threat, Vulnerability, and Risk Assessments For ICS. A two day version of this course will be offered prior to S4x25. Of course Dale and Joel jump around a bit on training, the workforce and other items. Take a listen.
Podcast: (CS)²AI Podcast Show: Control System Cyber SecurityEpisode: Shaping the Future of OT Security with Dale PetersonPub date: 2024-11-06Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, the conversation centers on the critical role of operational technology (OT) security and the unique contributions of the S4 Conference. Dale Peterson shares his journey and insights into the challenges of underrepresentation in cybersecurity, especially for women and other groups, and highlights innovative scholarship initiatives aimed at bridging this gap. The discussion also delves into the evolving landscape of AI in cybersecurity, addressing both its potential and the complexities it brings. Listeners will gain valuable perspectives on managing cybersecurity risks, prioritizing investments, and developing effective recovery strategies in OT environments. As we look forward to S4 2025 in Tampa, Florida, this episode offers a glimpse into the future of cybersecurity and the importance of resilience in our systemsThe podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Control System Cyber Security Association International: (CS)²AI
In this episode, the conversation centers on the critical role of operational technology (OT) security and the unique contributions of the S4 Conference. Dale Peterson shares his journey and insights into the challenges of underrepresentation in cybersecurity, especially for women and other groups, and highlights innovative scholarship initiatives aimed at bridging this gap. The discussion also delves into the evolving landscape of AI in cybersecurity, addressing both its potential and the complexities it brings. Listeners will gain valuable perspectives on managing cybersecurity risks, prioritizing investments, and developing effective recovery strategies in OT environments. As we look forward to S4 2025 in Tampa, Florida, this episode offers a glimpse into the future of cybersecurity and the importance of resilience in our systems
Podcast: OT Security Made Simple PodcastEpisode: OT Security Made Simple | Warum sich für OT-Sicherheit vor allem die IT-Abteilung ändern mussPub date: 2024-10-17Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn dieser Folge des Rhebo-Podcast „OT Security Made Simple“ sprechen Gastgeber Klaus und der OT-Cybersecurity-Experte Max Weidele von Sichere Industrie über die Notwendigkeit eines organisatorischen Wandels, um OT-Sicherheit zu erreichen. Was mit dem Asset Management als Grundlage beginnt, führt schnell zu der klaren Vision, dass die IT das Herzstück der OT-Sicherheitsorganisation sein wird.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Is your shop floor as secure as you think it is? Innovation in the manufacturing world has made IT-OT convergence much more commonplace today, but is the industry taking the potential risks seriously enough? In this episode, we hear from Fortinet's Director of Marketing for OT Solutions, Rich Springer, about the real threats facing manufacturers within OT networks, and why effective OT security is a non-negotiable today...Rich brings bags of experience to the table, from his early days in furniture and glass factories to his time as a Navy submarine officer and later as the global head of SCADA operations for a major wind turbine company. He shares how these experiences shaped his understanding of the unique cybersecurity challenges facing the manufacturing sector. Painting a picture of how an OT threat can bring production to a standstill, Rich recommends that manufacturers use tabletop exercises to assess risk points and their impact on the whole production line. Rich also explains that part of protecting your OT network is about getting IT and OT teams to work together, and he gives practical advice on how to bridge the gap.In this episode, find out:Rich explains Fortinet's position on OT network security We hear about Rich's diverse career background and how his previous roles prepared him for his role at Fortinet The current state of OT convergence and why companies are yet to take actionRich breaks the misconception that air gaps will protect manufacturers from digital threats Advice for better collaboration between IT and OT teams Rich explains why he's optimistic that manufacturers are paying attention to the right things in securityWhat the report says about manufacturers and their approach to OT systems todayWhat it takes for cybersecurity experts to get executives to pay attention to the threats facing OTHow to run a tabletop exercise to assess threat and impact on production What surprises Rich most about cybersecurity in manufacturing todayEnjoying the show? Please leave us a review here. Even one sentence helps. It's feedback from Manufacturing All-Stars like you that keeps us going!Tweetable Quotes:“The separation of duties should be decided on the tabletop exercise, not when the fire is burning.”“The technology has evolved. So therefore, it has made this air gap strategy a little less realistic over the years. And this is a common challenge.”“When the systems go down, they go to paper. So if the line hasn't stopped, what happens with our suppliers if we have to go paper? Take your tabletop exercise to that level.”Links & mentions:Advancing Digital Transformation in a Time of Unprecedented Cybersecurity Risk, a report on how digital transformation in manufacturing has driven a widespread need for cybersecurity awareness2024 State of Operational Technology and Cybersecurity Report, Fortinet's report on OT cybersecurity Make sure to visit http://manufacturinghappyhour.com for detailed show notes and a full list of resources mentioned in this episode. Stay Innovative, Stay Thirsty.