Podcasts about ot security

Podcast: Bites & Bytes PodcastEpisode: Cybersecurity Shouldn't Suck: Fixing the Real Problems with Tom SegoPub date: 2025-03-18Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWhat happens when cyber threats hit critical infrastructure? In this episode of the Bites and Bytes Podcast, host Kristin Demoranville sits down with Tom Sego, a cybersecurity leader with a fascinating background from chemical engineering to Apple to professional poker, now focused on making security simpler and more effective for critical infrastructure as CEO at Blastwave. Cyber risks in critical industries are real, but so are the solutions. Kristin and Tom discuss why current security models create more problems than they solve, how the human element is often overlooked, and what needs to change to make security actually work for the people keeping our systems running.

Dale Peterson discusses with Maggie how she got into OT security, her recent move to the Financial Sector, women in ICS security, and more.

Podcast: OT Security Made SimpleEpisode: Aus dem Tagebuch eines OT-Pentesters | OT Security Made SimplePub date: 2025-03-11Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationPatrick Latus berichtet als passionierter Pentester von vorderster Front der OT-Sicherheit. Von fehlendem Bewusstsein und Expertise bei Herstellern, Anwendenden und Auditor:innen bis zur Frage, ob OT-Sicherheitsvorfälle nur deshalb nicht publik werden, weil sie schlichtweg nicht gesehen werden. The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

OT security is commonly used to protect Industrial Systems and networks from attacks. Operational technology security is used to protect and control critical infrastructures such as power stations, transportation networks and smart city appliances.Thank you for watching this video, For more details or free demo with out expert write into us at sales@infosectrain.comSubscribe to our channel to get video updates. Hit the subscribe button above.Facebook: https://www.facebook.com/Infosectrain/Twitter: https://twitter.com/Infosec_TrainLinkedIn: https://www.linkedin.com/company/infosec-train/Instagram: https://www.instagram.com/infosectrain/Telegram: https://t.me/infosectrains

Patrick Latus berichtet als passionierter Pentester von vorderster Front der OT-Sicherheit. Von fehlendem Bewusstsein und Expertise bei Herstellern, Anwendenden und Auditor:innen bis zur Frage, ob OT-Sicherheitsvorfälle nur deshalb nicht publik werden, weil sie schlichtweg nicht gesehen werden. 

In der heutigen Folge lernst du Sven Müller, Themenlead OT bei der DB Systel kennen. Wir reden heute über IT-/OT-Konvergenz und was das genau bei der Deutschen Bahn bedeutet. Hierbei erfährst du, welche Herausforderungen es bei der Integration von bestehenden OT-Systemen gibt und was es mit dem Purdue-Modell auf sich hat. Mehr dazu im Interview. Jobs: Wenn auch du die IT-/OT-Konvergenz vorantreiben willst, dann schaue jetzt vorbei auf db.jobs, hier findest du spannende Positionen wie den Senior Spezialist:in OT-Security in Berlin (w/m/d): https://db.jobs/de-de/Suche/Senior-Spezialist-in-OT-Security-13275872?jobId=519032 Links zur Folge: LinkedIn Artikel von Sven zum Thema: https://www.linkedin.com/pulse/die-schnittstelle-zwischen-und-bahntechnik-wenn-der-zug-vqque Get in touch. Gast: https://www.linkedin.com/in/sven-m%C3%BCller-6b4027173/ Mein LinkedIn: https://www.linkedin.com/in/jan-g%C3%B6tze-178516a6/ Erfahre mehr über die IT-Welt bei der Deutschen Bahn: https://db.jobs/de-de/dein-einstieg/akademische-professionals/it

Podcast: OT Security Made SimpleEpisode: How do you secure the smart grid infrastructure? | OT Security Made SimplePub date: 2025-02-27Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of OT Security Made Simple, Zeek Muratovic, Director of Security Solutions for the Landis+Gyr group talks about the challenges and shortcomings of energy distributors, and the first steps to secure the growing and ever more complex smart grid infrastructure from the distribution network to the edge like smart meters and EV charging stations.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

In this episode of OT Security Made Simple, Zeek Muratovic, Director of Security Solutions for the Landis+Gyr group talks about the challenges and shortcomings of energy distributors, and the first steps to secure the growing and ever more complex smart grid infrastructure from the distribution network to the edge like smart meters and EV charging stations.

Please enjoy this encore episode of Word Notes. Hardware and software designed to detect and prevent cyber adversary campaigns that target industrial operations. 

Please enjoy this encore of Word Notes. Hardware and software designed to detect and prevent cyber adversary campaigns that target industrial operations.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Welcome to the third episode of our Energy Talks miniseries titled, Why Should You Talk About Incident Response? Join OMICRON cybersecurity consultant Simon Rommer as he explores the different process steps involved in cybersecurity incident response with other experts from the power industry. In this episode, Simon speaks with Johann Stockinger, Head of Digital Forensics and Incident Response at the Deutsche Telekom Security Operations Center, about the importance of Identification in the incident response process.

Podcast: OT Security Made Simple PodcastEpisode: OT Security Made Simple | How to secure the smart metering infrastructure?Pub date: 2025-02-13Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationOT Security Made Simple welcomes Kenneth Lampinen, Head of Global Security Operations at energy management system provider Landis+Gyr. Kenneth talks about the threats targeting the smart metering infrastructure and why the starting point of cybersecurity is always knowing your turf.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Herzlich Willkommen zu einer neuen Episode von Expanding Utilities. In dieser Folge dreht sich alles um die Rolle von Innovation und Digitalisierung bei Amprion, einem führenden Übertragungsnetzbetreiber in Deutschland. Dazu begrüßen wir Dr. Jan Kays und Lars Dieckmann von Amprion, um die Herausforderungen und Lösungen im Kontext der Energiewende zu diskutieren. Im Mittelpunkt steht, wie Amprion die Netzstrukturen für erneuerbare Energien umbaut und dabei modernste Technologien und digitale Prozesse einsetzt. Die Gesprächspartner erläutern die Bedeutung von Sektorkopplung, IT- und OT-Security sowie die Einführung neuer Technologien wie Robotik und künstliche Intelligenz, um den Betrieb und die Instandhaltung ihrer Systeme zu optimieren. Die Episode wirft einen Blick auf den Wandel zu einem digital transformierten Energiesystem und bietet Einblicke in die zukunftsweisenden Strategien von Amprion. Viel Spaß beim Zuhören!

OT Security Made Simple welcomes Kenneth Lampinen, Head of Global Security Operations at energy management system provider Landis+Gyr. Kenneth talks about the threats targeting the smart metering infrastructure and why the starting point of cybersecurity is always knowing your turf.

Willkommen zu einer neuen Episode von Expanding Utilities. In dieser Folge tauchen wir tief in die Welt der OT-Sicherheit und Leittechnik in der Energiewirtschaft ein. Unsere Gäste, Thomas Zapf von Verbund und Wolfgang Baumgartner von Eviden, teilen ihre wertvollen Einblicke und Erfahrungen zu den Herausforderungen der Digitalisierung und der Notwendigkeit einer umfassenden OT-Security in kritischen Infrastrukturen. Sie diskutieren, wie Verbund mit der Einführung von DIGITAL POWER auf diese Anforderungen reagiert und welche Strategien und Innovationen in der Zukunft erwartet werden. Hören Sie rein und erfahren Sie mehr über die Bedeutung von Partnerschaften, die Rolle der künstlichen Intelligenz und die wachsende Vernetzung in der Energiebranche. Viel Spaß beim Zuhören!

Podcast: Bites & Bytes PodcastEpisode: ICS/OT Trends and the Food We Eat: A Conversation with Mike HolcombPub date: 2025-01-28Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWelcome to the first episode of the second season of the Award-Winning Bites and Bytes Podcast!  In this episode, host Kristin Demoranville sits down with Mike Holcomb, Fellow of Cybersecurity and ICS/OT Cybersecurity Global Lead for Fluor.  With decades of experience, Mike secures some of the world's largest and most complex ICS/OT environments, from power plants and rail systems to manufacturing and refineries.  A passionate advocate for education and community, Mike has built cybersecurity programs, founded the Upstate SC ISSA Chapter, awarded the CyberSC'sC's MG Lester D. Eisner Award for Cyber Excellence in Leadership for the State of South Carolina, and leads the BSides Greenville & BSides ICS conferences.  Join Kristin and Mike as they discuss the evolving ICS/OT cybersecurity landscape, Mike's journey as a leader in the field, and the unique challenges facing critical infrastructure, including food and agriculture.  Mike also shares personal insights, including his favorite food memories and how cybersecurity connects to everyday systems like agriculture and transportation. Where to find Mike Holcomb: LinkedIn Website Youtube Github Newsletter _______________________________________________ Episode Key Highlights: (0:00:09) - Welcome and Introduction to Mike Holcomb (0:03:10) - Unique Food Combinations and Fun Food Memories (0:07:12) - Highlighting Food and Agriculture in OT Security (0:12:10) - Protecting Critical Infrastructure Systems Impacting Lives (0:17:18) - Food and Agriculture as Complex Critical Systems (0:23:13) - Behind the Scenes of Food Production and Transport (0:24:02) - Cyber Incidents Impacting Grocery Supply Chains (0:30:01) - Regional Food Safety Regulations and Challenges (0:35:10) - Educating Consumers About Food Systems (0:47:25) - Reflections on Community Building in Cybersecurity (0:53:37) - Final ThoughtsMike'ss Personal Message _______________________________________________ Upcoming Conferences:

Guest: Fahad Mughal, Senior Cyber Solutions Architect - SecurityOn LinkedIn | https://www.linkedin.com/in/fahadmughal/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesModern railway systems are increasingly digital, integrating operational technology (OT) to enhance efficiency, reliability, and safety. However, as railways adopt automated and interconnected systems, they also become more vulnerable to cyber threats. In this episode of Redefining Cybersecurity on ITSP Magazine, host Sean Martin speaks with Fahad Ali Mughal, a cybersecurity professional with extensive experience in OT security architecture, about the challenges and priorities of securing railway infrastructure.The Growing Role of Cybersecurity in RailwaysRailway systems have evolved from steam-powered locomotives to autonomous, driverless trains that rely on sophisticated digital controls. OT now plays a crucial role in managing train operations, signaling, interlocking, and trackside equipment. These advancements improve efficiency but also expose railway networks to cyber threats that can disrupt service, compromise safety, and even impact national security. Unlike traditional IT environments, where the focus is on confidentiality, integrity, and availability (CIA), OT in railways prioritizes reliability, availability, and public safety. Ensuring the safe movement of trains requires a cybersecurity strategy tailored to the unique needs of railway infrastructure.Critical OT Systems in RailwaysMughal highlights key OT components in railways that require cybersecurity protection:• Signaling Systems: These function like traffic lights for trains, ensuring safe distances between locomotives. Modern communication-based train control (CBTC) and European Rail Traffic Management Systems (ERTMS) are vulnerable to cyber intrusions.• Interlocking Systems: These systems prevent conflicting train movements, ensuring safe operations. As they become digitized, cyber risks increase.• Onboard OT Systems: Automatic Train Control (ATC) regulates speed and ensures compliance with signaling instructions. A cyberattack could manipulate these controls.• SCADA Systems: Supervisory Control and Data Acquisition (SCADA) systems oversee infrastructure operations. Any compromise here can impact an entire railway network.• Safety-Critical Systems: Fail-safe mechanisms like automatic braking and failover controls are vital in preventing catastrophic accidents.The increasing digitization and interconnection of these systems expand the attack surface, making cybersecurity a top priority for railway operators.Real-World Cyber Threats in RailwaysMughal discusses several significant cyber incidents that highlight vulnerabilities in railway cybersecurity:• 2023 Poland Attack: Nation-state actors exploited vulnerabilities in railway radio communication systems to send unauthorized emergency stop commands, halting trains across the country. The attack exposed weaknesses in authentication and encryption within OT communication protocols.• 2021 Iran Railway Incident: Hackers breached Iran's railway scheduling and digital message board systems, displaying fake messages and causing widespread confusion. While safety-critical OT systems remained unaffected, the attack disrupted operations and damaged public trust.• 2016 San Francisco Muni Ransomware Attack: A ransomware attack crippled the fare and scheduling system, leading to free rides for passengers and operational delays. Though IT systems were the primary target, the impact on OT operations was evident.These incidents underscore the urgent need for stronger authentication, encryption, and IT-OT segmentation to protect railway infrastructure.Cybersecurity Standards and Best Practices for Railways (links to resources below)To build resilient railway cybersecurity, Mughal emphasizes the importance of international standards:• IEC 62443: A globally recognized framework for securing industrial control systems, widely applied to OT environments, including railways. It introduces concepts such as network segmentation, risk assessment, and security levels.• TS 50701: A European standard specifically designed for railway cybersecurity, expanding on IEC 62443 with guidance for securing signaling, interlocking, and control systems.• EN 50126 (RAMS Standard): A safety-focused standard that integrates reliability, availability, maintainability, and safety (RAMS) into railway operations.Adopting these standards helps railway operators establish secure-by-design architectures that mitigate cyber risks.Looking Ahead: Strengthening Railway CybersecurityAs railway systems become more automated and interconnected with smart cities, vehicle transportation, and supply chain networks, cyber threats will continue to grow. Mughal stresses the need for industry collaboration between railway engineers and cybersecurity professionals to ensure that security is integrated into every stage of railway system design.He also emphasizes the importance of real-time OT threat monitoring, anomaly detection, and Security Operations Centers (SOCs) that understand railway-specific cyber risks. The industry must stay ahead of adversaries by adopting proactive security measures before a large-scale cyber incident disrupts critical transportation networks.The conversation makes it clear: cybersecurity is now a fundamental part of railway safety and reliability. As Mughal warns, it's not a question of if railway cyber incidents will happen, but when.To hear the full discussion, including insights into OT vulnerabilities, real-world case studies, and cybersecurity best practices, listen to this episode of Redefining Cybersecurity on ITSP Magazine.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Podcast: OT Security Made Simple PodcastEpisode: OT Security Made Simple | Looking at smart grid cybersecurity regulation under TrumpPub date: 2025-01-28Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationOT Security Made Simple welcomes Marguerite Behringer, Director of Regulatory Policy & Industry Relations at Landis+Gyr USA. She talks about the difficulty of US-wide cybersecurity regulation, the grind of redundant requirements and why smart meter cybersecurity needs more frameworks than laws.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Guest: Fahad Mughal, Senior Cyber Solutions Architect - SecurityOn LinkedIn | https://www.linkedin.com/in/fahadmughal/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesModern railway systems are increasingly digital, integrating operational technology (OT) to enhance efficiency, reliability, and safety. However, as railways adopt automated and interconnected systems, they also become more vulnerable to cyber threats. In this episode of Redefining Cybersecurity on ITSP Magazine, host Sean Martin speaks with Fahad Ali Mughal, a cybersecurity professional with extensive experience in OT security architecture, about the challenges and priorities of securing railway infrastructure.The Growing Role of Cybersecurity in RailwaysRailway systems have evolved from steam-powered locomotives to autonomous, driverless trains that rely on sophisticated digital controls. OT now plays a crucial role in managing train operations, signaling, interlocking, and trackside equipment. These advancements improve efficiency but also expose railway networks to cyber threats that can disrupt service, compromise safety, and even impact national security. Unlike traditional IT environments, where the focus is on confidentiality, integrity, and availability (CIA), OT in railways prioritizes reliability, availability, and public safety. Ensuring the safe movement of trains requires a cybersecurity strategy tailored to the unique needs of railway infrastructure.Critical OT Systems in RailwaysMughal highlights key OT components in railways that require cybersecurity protection:• Signaling Systems: These function like traffic lights for trains, ensuring safe distances between locomotives. Modern communication-based train control (CBTC) and European Rail Traffic Management Systems (ERTMS) are vulnerable to cyber intrusions.• Interlocking Systems: These systems prevent conflicting train movements, ensuring safe operations. As they become digitized, cyber risks increase.• Onboard OT Systems: Automatic Train Control (ATC) regulates speed and ensures compliance with signaling instructions. A cyberattack could manipulate these controls.• SCADA Systems: Supervisory Control and Data Acquisition (SCADA) systems oversee infrastructure operations. Any compromise here can impact an entire railway network.• Safety-Critical Systems: Fail-safe mechanisms like automatic braking and failover controls are vital in preventing catastrophic accidents.The increasing digitization and interconnection of these systems expand the attack surface, making cybersecurity a top priority for railway operators.Real-World Cyber Threats in RailwaysMughal discusses several significant cyber incidents that highlight vulnerabilities in railway cybersecurity:• 2023 Poland Attack: Nation-state actors exploited vulnerabilities in railway radio communication systems to send unauthorized emergency stop commands, halting trains across the country. The attack exposed weaknesses in authentication and encryption within OT communication protocols.• 2021 Iran Railway Incident: Hackers breached Iran's railway scheduling and digital message board systems, displaying fake messages and causing widespread confusion. While safety-critical OT systems remained unaffected, the attack disrupted operations and damaged public trust.• 2016 San Francisco Muni Ransomware Attack: A ransomware attack crippled the fare and scheduling system, leading to free rides for passengers and operational delays. Though IT systems were the primary target, the impact on OT operations was evident.These incidents underscore the urgent need for stronger authentication, encryption, and IT-OT segmentation to protect railway infrastructure.Cybersecurity Standards and Best Practices for Railways (links to resources below)To build resilient railway cybersecurity, Mughal emphasizes the importance of international standards:• IEC 62443: A globally recognized framework for securing industrial control systems, widely applied to OT environments, including railways. It introduces concepts such as network segmentation, risk assessment, and security levels.• TS 50701: A European standard specifically designed for railway cybersecurity, expanding on IEC 62443 with guidance for securing signaling, interlocking, and control systems.• EN 50126 (RAMS Standard): A safety-focused standard that integrates reliability, availability, maintainability, and safety (RAMS) into railway operations.Adopting these standards helps railway operators establish secure-by-design architectures that mitigate cyber risks.Looking Ahead: Strengthening Railway CybersecurityAs railway systems become more automated and interconnected with smart cities, vehicle transportation, and supply chain networks, cyber threats will continue to grow. Mughal stresses the need for industry collaboration between railway engineers and cybersecurity professionals to ensure that security is integrated into every stage of railway system design.He also emphasizes the importance of real-time OT threat monitoring, anomaly detection, and Security Operations Centers (SOCs) that understand railway-specific cyber risks. The industry must stay ahead of adversaries by adopting proactive security measures before a large-scale cyber incident disrupts critical transportation networks.The conversation makes it clear: cybersecurity is now a fundamental part of railway safety and reliability. As Mughal warns, it's not a question of if railway cyber incidents will happen, but when.To hear the full discussion, including insights into OT vulnerabilities, real-world case studies, and cybersecurity best practices, listen to this episode of Redefining Cybersecurity on ITSP Magazine.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

OT Security Made Simple welcomes Marguerite Behringer, Director of Regulatory Policy & Industry Relations at Landis+Gyr USA. She talks about the difficulty of US-wide cybersecurity regulation, the grind of redundant requirements and why smart meter cybersecurity needs more frameworks than laws.

Welcome to the second episode of our Energy Talks miniseries titled, Why Should You Talk About Incident Response? Join OMICRON cybersecurity consultant Simon Rommer as he explores the different process steps involved with cyber incident response alongside other experts from the power industry. In this episode, Simon speaks with Tibor Külkey from ALSEC Cybersecurity Consulting, a leading OT security consultancy in Switzerland. Simon and Tibor discuss the critical importance of preparation, which is the first step in the incident response process.

Podcast: OT Security Made Simple PodcastEpisode: OT Security Made Simple | How to translate IT in OT securityPub date: 2025-01-16Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationOT Security Made Simple welcomes senior OT cyber security expert Mohammed Saad, who spent twelve years developing security solutions at Honeywell. He talks about his experiences with customers, successful attacks and how the communication gap between IT and OT in companies needs to be bridged.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

OT Security Made Simple welcomes senior OT cyber security expert Mohammed Saad, who spent twelve years developing security solutions at Honeywell. He talks about his experiences with customers, successful attacks and how the communication gap between IT and OT in companies needs to be bridged.

Podcast: KBKAST (LS 31 · TOP 5% what is this?)Episode: Episode 286 Deep Dive: Dean Frye | IT, IoT And OT Security As A Business Continuity ProblemPub date: 2024-12-18Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, we sit down with Dean Frye, Solutions Architect at Nozomi Networks, as he discusses the complex landscape of IT, IoT, and OT security challenges. Dean delves into the critical importance of avoiding an “us vs. them” mentality between IT and OT teams, and how security interruptions can severely impact business continuity. We explore industry-specific vulnerabilities, such as those in factory chicken farming and Tasmanian salmon farming, and emphasize the necessity for executives to have a deeper technical understanding of cybersecurity. Dean also highlights the value of telemetry and real-time reporting, the evolving role of cloud solutions in OT environments, and the importance of a well-integrated, multidisciplinary team to effectively manage cyber risks. Dean Frye is a Solutions Architect for Nozomi Networks in Australia and New Zealand. Dean is an experienced security professional with a demonstrated history of providing compliance strategy, pragmatic risk mitigation, security project delivery, threat abatement and vendor interface solutions with a significant commercial background. Covering more than twenty years, his previous roles span consulting and senior leadership, including a stint at Armis as solutions architect, and another tenure at Cisco as director of security for the APJ region.The podcast and artwork embedded on this page are from KBI.Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: OT Security Made Simple PodcastEpisode: OT Security Made Simple | Warum es sich lohnt, bei Use Cases über den Tellerrand zu schauenPub date: 2024-12-12Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationOT Security Made Simple trifft IoT Use Cases. Klaus Mochalski spricht mit Madeleine Mickeleit, Geschäftsführerin von IoT Use Cases. Gemeinsam beleuchten sie die Macht von Use Cases anderer bei der Realisierung eigener Projekte, dem Mehrwert von Security-Lösungen in völlig fachfremden Use Cases und den (auch monetären) Vorteilen, die sich aus dem Austausch mit der Community ergeben.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: (CS)²AI Podcast Show: Control System Cyber SecurityEpisode: Rapid7's Approach to ICS and OT Security: Lessons from the FieldPub date: 2024-12-03Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationJoin Derek Harp and his guests from Rapid7—Lonnie Best, William Price, and Nicholas Butcher—as they delve into the critical challenges and exciting opportunities within the Operational Technology (OT) and Industrial Control Systems (ICS) cybersecurity landscape. Recorded live at Hack the Capitol 7.0, this episode highlights the growing demand for OT cybersecurity, innovative approaches to managing threats, and the evolving dynamics between IT and OT professionals.In this episode, the panel discusses real-world examples of managing ICS threats, the nuances of integrating OT into traditional IT security frameworks, and the importance of trust and communication in bridging gaps between teams. Learn how managed security services are adapting to meet the unique demands of OT environments and why collaboration across roles and expertise is essential.Whether you're a seasoned professional or new to the field, this episode offers actionable insights and inspiring stories that highlight the importance of securing critical infrastructure in today's evolving threat landscape. Visit cs2ai.org to learn more about resources, events, and professional development opportunities in OT and ICS cybersecurity.The podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Join Derek Harp and his guests from Rapid7—Lonnie Best, William Price, and Nicholas Butcher—as they delve into the critical challenges and exciting opportunities within the Operational Technology (OT) and Industrial Control Systems (ICS) cybersecurity landscape. Recorded live at Hack the Capitol 7.0, this episode highlights the growing demand for OT cybersecurity, innovative approaches to managing threats, and the evolving dynamics between IT and OT professionals.In this episode, the panel discusses real-world examples of managing ICS threats, the nuances of integrating OT into traditional IT security frameworks, and the importance of trust and communication in bridging gaps between teams. Learn how managed security services are adapting to meet the unique demands of OT environments and why collaboration across roles and expertise is essential.Whether you're a seasoned professional or new to the field, this episode offers actionable insights and inspiring stories that highlight the importance of securing critical infrastructure in today's evolving threat landscape. Visit cs2ai.org to learn more about resources, events, and professional development opportunities in OT and ICS cybersecurity.

Podcast: OT Security Made Simple PodcastEpisode: OT Security Made Simple | Wer NIS2 aussitzt, spielt Russisches RoulettePub date: 2024-11-28Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn dieser Episode von OT Security Made Simple sprechen wir mit Gerald Krebs von TÜVIT über den Stand der NIS2-Umsetzung in Unternehmen. Gerald erläutert, warum Unternehmen Cybersicherheit gerade auf die lange Bank schieben und wie das Aussitzen schnell ein paar Millionen Euro kosten kann (nicht nur wegen der Strafen!). Viel wichtiger aber: Gerald gibt Tipps, wie Unternehmen die ersten Schritte nehmen können, ohne sich selbst zu überlasten.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Guest: Sian John, Chief Technology Officer, NCC GroupOn LinkedIn | https://www.linkedin.com/in/sian-john/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesDuring the recent AISA Cyber Conference 2024 in Melbourne, notable figures Sean Martin and Sian John engaged in a compelling conversation about emerging trends and significant topics within the cyber industry. The discussion covered a range of subjects from the importance of availability in operational technology (OT) security to the environmental implications of artificial intelligence (AI) and analytics. Sean Martin noted the communal focus of the conference, highlighting how initiatives driven by members of the industry, like those led by the AISA Perth chapter (as noted by Sian John), contribute significantly to the cybersecurity community.Sian John MBE provided an in-depth perspective on the global regulatory landscape, pointing out how digital disruption is driving an increase in regulations. She emphasized that privacy regulations now affect more people worldwide than ever before. John observes that while some regions might roll back regulations, the overall trend is increasing around regulatory scrutiny.Another key topic was the carbon impact of AI and analytics. Sian John pointed out the substantial environmental cost associated with training large language models, referencing research by PwC and Microsoft showcasing the significant carbon footprint involved. She argued for the need to integrate sustainability into technological advancements, coining it 'green by design.'The conversation also touched on the vital importance of OT security in the context of achieving net-zero carbon emissions and advancing renewable technology. John pointed out that while OT security has been a topic of discussion for some time, the urgency is now heightened as regulatory focus intensifies and renewable energy projects increase. When it comes to triggers that drive action, finance could win out over regulation in this case.The dialogue also explored the broader implications of security, extending beyond the traditional realms to incorporate business resilience. Martin stressed the necessity for organizations to adopt a risk-aware approach that encompasses both cyber and business risks. He posits that mature organizations, which effectively integrate resilience into their operations, are more adept at navigating regulatory changes and emerging threats.Finally, the cost of security and operational efficiency was discussed. Both speakers agreed that in a world with rising power costs, the drive towards efficient, sustainable practices is also economically motivated. This underscores the intersection of cost, regulation, and sustainability in today's business strategies. As the conversation drew to a close, the future-oriented outlook shared by both speakers reflected a pragmatic approach to the complexities of modern cybersecurity, emphasizing efficiency, regulatory compliance, and sustainability.____________________________This Episode's SponsorsThreatlocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australiaBe sure to share and subscribe!____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage?Learn More

Guest: Sian John, Chief Technology Officer, NCC GroupOn LinkedIn | https://www.linkedin.com/in/sian-john/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesDuring the recent AISA Cyber Conference 2024 in Melbourne, notable figures Sean Martin and Sian John engaged in a compelling conversation about emerging trends and significant topics within the cyber industry. The discussion covered a range of subjects from the importance of availability in operational technology (OT) security to the environmental implications of artificial intelligence (AI) and analytics. Sean Martin noted the communal focus of the conference, highlighting how initiatives driven by members of the industry, like those led by the AISA Perth chapter (as noted by Sian John), contribute significantly to the cybersecurity community.Sian John MBE provided an in-depth perspective on the global regulatory landscape, pointing out how digital disruption is driving an increase in regulations. She emphasized that privacy regulations now affect more people worldwide than ever before. John observes that while some regions might roll back regulations, the overall trend is increasing around regulatory scrutiny.Another key topic was the carbon impact of AI and analytics. Sian John pointed out the substantial environmental cost associated with training large language models, referencing research by PwC and Microsoft showcasing the significant carbon footprint involved. She argued for the need to integrate sustainability into technological advancements, coining it 'green by design.'The conversation also touched on the vital importance of OT security in the context of achieving net-zero carbon emissions and advancing renewable technology. John pointed out that while OT security has been a topic of discussion for some time, the urgency is now heightened as regulatory focus intensifies and renewable energy projects increase. When it comes to triggers that drive action, finance could win out over regulation in this case.The dialogue also explored the broader implications of security, extending beyond the traditional realms to incorporate business resilience. Martin stressed the necessity for organizations to adopt a risk-aware approach that encompasses both cyber and business risks. He posits that mature organizations, which effectively integrate resilience into their operations, are more adept at navigating regulatory changes and emerging threats.Finally, the cost of security and operational efficiency was discussed. Both speakers agreed that in a world with rising power costs, the drive towards efficient, sustainable practices is also economically motivated. This underscores the intersection of cost, regulation, and sustainability in today's business strategies. As the conversation drew to a close, the future-oriented outlook shared by both speakers reflected a pragmatic approach to the complexities of modern cybersecurity, emphasizing efficiency, regulatory compliance, and sustainability.____________________________This Episode's SponsorsThreatlocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australiaBe sure to share and subscribe!____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage?Learn More

Podcast: OT Security Made Simple PodcastEpisode: OT Security Made Simple | Wie funktioniert OT-Sicherheit im WassersektorPub date: 2024-11-21Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn dieser Episode von OT Security Made Simple begrüßen wir Rainer Stecken vom Deutschen Verein des Gas- und Wasserfaches. Rainer zeigt die Herausforderungen im Wassersektor auf und stellt das Konzept eines Sektor-SOCs vor, das seit Anfang 2024 die Cybersicherheit mehrerer Wasserunternehmen zusammenführt.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: The Industrial Security Podcast (LS 35 · TOP 3% what is this?)Episode: OT Security Data Science - A better vulnerability database [The Industrial Security Podcast]Pub date: 2024-11-20Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationSecurity automation needs a machine-readable vulnerability database. Carmit Yadin of Device Total joins us to look at limitations of the widely-used National Vulnerability Database (NVD), and explore a new "data science" alternative.The podcast and artwork embedded on this page are from PI Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Security automation needs a machine-readable vulnerability database. Carmit Yadin of Device Total joins us to look at limitations of the widely-used National Vulnerability Database (NVD), and explore a new "data science" alternative.

Security automation needs a machine-readable vulnerability database. Carmit Yadin of Device Total joins us to look at limitations of the widely-used National Vulnerability Database (NVD), and explore a new "data science" alternative.

Podcast: Unsolicited Response (LS 33 · TOP 5% what is this?)Episode: Joel Langill On His New OT Security Training Class And MorePub date: 2024-11-13Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationDale Peterson speaks with Joel Langill, the SCADAHacker, about his new training course entitled Conducting Threat, Vulnerability, and Risk Assessments For ICS. A two day version of this course will be offered prior to S4x25.  Of course Dale and Joel jump around a bit on training, the workforce and other items. Take a listen.The podcast and artwork embedded on this page are from Dale Peterson: ICS Security Catalyst and S4 Conference Chair, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Dale Peterson speaks with Joel Langill, the SCADAHacker, about his new training course entitled Conducting Threat, Vulnerability, and Risk Assessments For ICS. A two day version of this course will be offered prior to S4x25.  Of course Dale and Joel jump around a bit on training, the workforce and other items. Take a listen.

Podcast: (CS)²AI Podcast Show: Control System Cyber SecurityEpisode: Shaping the Future of OT Security with Dale PetersonPub date: 2024-11-06Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, the conversation centers on the critical role of operational technology (OT) security and the unique contributions of the S4 Conference. Dale Peterson shares his journey and insights into the challenges of underrepresentation in cybersecurity, especially for women and other groups, and highlights innovative scholarship initiatives aimed at bridging this gap. The discussion also delves into the evolving landscape of AI in cybersecurity, addressing both its potential and the complexities it brings. Listeners will gain valuable perspectives on managing cybersecurity risks, prioritizing investments, and developing effective recovery strategies in OT environments. As we look forward to S4 2025 in Tampa, Florida, this episode offers a glimpse into the future of cybersecurity and the importance of resilience in our systemsThe podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

In this episode, the conversation centers on the critical role of operational technology (OT) security and the unique contributions of the S4 Conference. Dale Peterson shares his journey and insights into the challenges of underrepresentation in cybersecurity, especially for women and other groups, and highlights innovative scholarship initiatives aimed at bridging this gap. The discussion also delves into the evolving landscape of AI in cybersecurity, addressing both its potential and the complexities it brings. Listeners will gain valuable perspectives on managing cybersecurity risks, prioritizing investments, and developing effective recovery strategies in OT environments. As we look forward to S4 2025 in Tampa, Florida, this episode offers a glimpse into the future of cybersecurity and the importance of resilience in our systems

Podcast: OT Security Made Simple PodcastEpisode: OT Security Made Simple | Warum sich für OT-Sicherheit vor allem die IT-Abteilung ändern mussPub date: 2024-10-17Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn dieser Folge des Rhebo-Podcast „OT Security Made Simple“ sprechen Gastgeber Klaus und der OT-Cybersecurity-Experte Max Weidele von Sichere Industrie über die Notwendigkeit eines organisatorischen Wandels, um OT-Sicherheit zu erreichen. Was mit dem Asset Management als Grundlage beginnt, führt schnell zu der klaren Vision, dass die IT das Herzstück der OT-Sicherheitsorganisation sein wird.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: OT Security Made Simple PodcastEpisode: OT Security Made Simple | Wie OT-Monitoring TSN weitreichend ermöglicht und absichertPub date: 2024-10-01In dieser Folge von OT Security Made Simple erläutert unser Gast Moritz Flüchter von der Universität Tübingen, wie ein OT-Monitoring auch dafür genutzt werden kann, um Time Sensitive Networking (TSN) in Netzwerken zu ermöglichen, in denen ein Teil der Systeme und Endgeräte nicht TSN-fähig sind. Nicht zuletzt zeigt er auf, wie eine integrierte Anomalieerkennung die bestehenden Unsicherheiten von TSN überwacht und Denial-of-Service-Attacken erkennt.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Cyber Security Weekly Podcast (LS 38 · TOP 2% what is this?)Episode: Episode 414 - Winning the OT Security BattlePub date: 2024-09-24We sat down with Tim Conway and Robert Lee, two leading cybersecurity experts, to discuss pressing issues in OT cybersecurity.CrowdStrike Lessons LearnedTim and Robert began by examining the CrowdStrike incident from July 2024. They highlighted the dangers of over-relying on trusted technology without sufficient testing and verification, and the importance of integrating resilience into systems and avoiding a one-size-fits-all security approach.Cyber Threat LandscapeRobert discussed the rise of sophisticated malware like Fuxnet, Frostygoop and Pipe Dream, designed to target OT systems. Fuxnet was a highly targeted attack aimed at disrupting critical infrastructure in Russia, while Frostygop used similar techniques against Ukraine. In contrast, Pipe Dream serves as a more versatile attack framework applicable to various OT systems. He underscored an important lesson: even if specific malware isn't reused, studying its tactics can improve our prevention, detection, and response strategies. The key takeaway: threats to OT environments are growing, with increasingly targeted efforts from a range of actors.Critical Control – ICS Network VisibilityTim and Robert addressed the challenges of gaining visibility into OT devices. Tim noted that OT environments are diverse and require more than a one-size-fits-all approach. Each environment has unique characteristics that must be considered. While attackers exploit both commonalities and specific features, defenders must balance the need for visibility with the risk of disrupting operations. Legacy systems without modern security features further complicate these efforts. Despite historical challenges in visibility due to limited capabilities and resistance to change, recent technological advances have improved the situation. However, new technologies, such as encryption, introduce additional complexities. A balanced approach, using critical controls as a framework, is essential for prioritizing security efforts and adapting to evolving needs.Critical Control – Incident Response PlanTim and Robert highlighted that many organizations lack specific incident response plans for OT, relying instead on general IT plans. Backup plans for power outages often do not address cyber attack scenarios. Effective OT incident response requires a tailored plan that includes data collection, safety procedures, and appropriate tools. In addition, maturity in incident response involves having a detailed, operationally integrated plan that addresses various scenarios, including handling outages and restoring systems without SCADA support. OT and IT ConvergenceTim and Robert discussed several crucial aspects of OT security. They noted that the increasing interconnection between IT and OT systems has elevated the risk of attacks transitioning from IT to OT environments. Additionally, remote access, often used for vendor support, presents a significant security threat.They emphasized the distinct characteristics of OT systems, which necessitate specialized security approaches. Treating OT and IT as identical can lead to dangerous oversimplifications and vulnerabilities. Therefore, security measures must be tailored to the specific needs of OT environments, considering their safety, physical constraints, and unique risks.Tim and Robert also touched on cyber-informed engineering. Key takeaways include recognizing common attack vectors from IT systems, implementing distinct security strategies for OT, and avoiding the assumption that OT and IT are the same. Tailoring security measures to the specific needs and constraints of OT environments is essential for effective protection.Celebrating WinsFinally, Tim and Robert highlighted the importance of celebrating cybersecurity successes, such as defending against VOLTZITE. Recognizing and celebrating these victories can boost morale and encourage teams to continue their efforts. Tim Conway, Senior Instructor, https://www.sans.org/profiles/tim-conway/Tim serves as the Technical Director of ICS and SCADA programs at SANS, and he is responsible for developing, reviewing, and implementing technical components of the SANS ICS and SCADA product offerings. A recognized leader in CIP operations, he formerly served as the Director of CIP Compliance and Operations Technology at Northern Indiana Public Service Company (NIPSCO), where he was responsible for Operations Technology, NERC CIP Compliance, and the NERC training environments for the operations departments within NIPSCO Electric.Robert M. Lee, Fellow, https://www.sans.org/profiles/robert-m-lee/ SANS fellow Robert M. Lee brings to the classroom one of the most valuable and respected of credentials: real-world experience. Robert is the CEO and founder of his own company, Dragos, Inc., that provides cyber security solutions for industrial control system networks. Further viewing; https://youtu.be/BiUpuRk6pvA?si=xQcx9oiJOxQu0n7H#mysecuritytv #otcybersecurityThe podcast and artwork embedded on this page are from MySecurity Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Manufacturing Happy Hour (LS 43 · TOP 1.5% what is this?)Episode: 204: OT Security Best Practices for Manufacturers with Fortinet's Rich SpringerPub date: 2024-09-24Is your shop floor as secure as you think it is? Innovation in the manufacturing world has made IT-OT convergence much more commonplace today, but is the industry taking the potential risks seriously enough? In this episode, we hear from Fortinet's Director of Marketing for OT Solutions, Rich Springer, about the real threats facing manufacturers within OT networks, and why effective OT security is a non-negotiable today...Rich brings bags of experience to the table, from his early days in furniture and glass factories to his time as a Navy submarine officer and later as the global head of SCADA operations for a major wind turbine company. He shares how these experiences shaped his understanding of the unique cybersecurity challenges facing the manufacturing sector. Painting a picture of how an OT threat can bring production to a standstill, Rich recommends that manufacturers use tabletop exercises to assess risk points and their impact on the whole production line. Rich also explains that part of protecting your OT network is about getting IT and OT teams to work together, and he gives practical advice on how to bridge the gap.In this episode, find out:Rich explains Fortinet's position on OT network security We hear about Rich's diverse career background and how his previous roles prepared him for his role at Fortinet The current state of OT convergence and why companies are yet to take actionRich breaks the misconception that air gaps will protect manufacturers from digital threats Advice for better collaboration between IT and OT teams Rich explains why he's optimistic that manufacturers are paying attention to the right things in securityWhat the report says about manufacturers and their approach to OT systems todayWhat it takes for cybersecurity experts to get executives to pay attention to the threats facing OTHow to run a tabletop exercise to assess threat and impact on production What surprises Rich most about cybersecurity in manufacturing todayEnjoying the show? Please leave us a review here. Even one sentence helps. It's feedback from Manufacturing All-Stars like you that keeps us going!Tweetable Quotes:“The separation of duties should be decided on the tabletop exercise, not when the fire is burning.”“The technology has evolved. So therefore, it has made this air gap strategy a little less realistic over the years. And this is a common challenge.”“When the systems go down, they go to paper. So if the line hasn't stopped, what happens with our suppliers if we have to go paper? Take your tabletop exercise to that level.”Links & mentions:Advancing Digital Transformation in a Time of Unprecedented Cybersecurity Risk, a report on how digital transformation in manufacturing has driven a widespread need for cybersecurity awareness2024 State of Operational Technology and Cybersecurity Report, Fortinet's report on OT cybersecurity Make sure to visit http://manufacturinghappyhour.com for detailed show notes and a full list of resources mentioned in this episode. Stay Innovative, Stay Thirsty.The podcast and artwork embedded on this page are from Chris Luecke, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Is your shop floor as secure as you think it is? Innovation in the manufacturing world has made IT-OT convergence much more commonplace today, but is the industry taking the potential risks seriously enough? In this episode, we hear from Fortinet's Director of Marketing for OT Solutions, Rich Springer, about the real threats facing manufacturers within OT networks, and why effective OT security is a non-negotiable today...Rich brings bags of experience to the table, from his early days in furniture and glass factories to his time as a Navy submarine officer and later as the global head of SCADA operations for a major wind turbine company. He shares how these experiences shaped his understanding of the unique cybersecurity challenges facing the manufacturing sector. Painting a picture of how an OT threat can bring production to a standstill, Rich recommends that manufacturers use tabletop exercises to assess risk points and their impact on the whole production line. Rich also explains that part of protecting your OT network is about getting IT and OT teams to work together, and he gives practical advice on how to bridge the gap.In this episode, find out:Rich explains Fortinet's position on OT network security We hear about Rich's diverse career background and how his previous roles prepared him for his role at Fortinet The current state of OT convergence and why companies are yet to take actionRich breaks the misconception that air gaps will protect manufacturers from digital threats Advice for better collaboration between IT and OT teams Rich explains why he's optimistic that manufacturers are paying attention to the right things in securityWhat the report says about manufacturers and their approach to OT systems todayWhat it takes for cybersecurity experts to get executives to pay attention to the threats facing OTHow to run a tabletop exercise to assess threat and impact on production What surprises Rich most about cybersecurity in manufacturing todayEnjoying the show? Please leave us a review here. Even one sentence helps. It's feedback from Manufacturing All-Stars like you that keeps us going!Tweetable Quotes:“The separation of duties should be decided on the tabletop exercise, not when the fire is burning.”“The technology has evolved. So therefore, it has made this air gap strategy a little less realistic over the years. And this is a common challenge.”“When the systems go down, they go to paper. So if the line hasn't stopped, what happens with our suppliers if we have to go paper? Take your tabletop exercise to that level.”Links & mentions:Advancing Digital Transformation in a Time of Unprecedented Cybersecurity Risk, a report on how digital transformation in manufacturing has driven a widespread need for cybersecurity awareness2024 State of Operational Technology and Cybersecurity Report, Fortinet's report on OT cybersecurity Make sure to visit http://manufacturinghappyhour.com for detailed show notes and a full list of resources mentioned in this episode. Stay Innovative, Stay Thirsty.

We sat down with Tim Conway and Robert Lee, two leading cybersecurity experts, to discuss pressing issues in OT cybersecurity.CrowdStrike Lessons LearnedTim and Robert began by examining the CrowdStrike incident from July 2024. They highlighted the dangers of over-relying on trusted technology without sufficient testing and verification, and the importance of integrating resilience into systems and avoiding a one-size-fits-all security approach.Cyber Threat LandscapeRobert discussed the rise of sophisticated malware like Fuxnet, Frostygoop and Pipe Dream, designed to target OT systems. Fuxnet was a highly targeted attack aimed at disrupting critical infrastructure in Russia, while Frostygop used similar techniques against Ukraine. In contrast, Pipe Dream serves as a more versatile attack framework applicable to various OT systems. He underscored an important lesson: even if specific malware isn't reused, studying its tactics can improve our prevention, detection, and response strategies. The key takeaway: threats to OT environments are growing, with increasingly targeted efforts from a range of actors.Critical Control – ICS Network VisibilityTim and Robert addressed the challenges of gaining visibility into OT devices. Tim noted that OT environments are diverse and require more than a one-size-fits-all approach. Each environment has unique characteristics that must be considered. While attackers exploit both commonalities and specific features, defenders must balance the need for visibility with the risk of disrupting operations. Legacy systems without modern security features further complicate these efforts. Despite historical challenges in visibility due to limited capabilities and resistance to change, recent technological advances have improved the situation. However, new technologies, such as encryption, introduce additional complexities. A balanced approach, using critical controls as a framework, is essential for prioritizing security efforts and adapting to evolving needs.Critical Control – Incident Response PlanTim and Robert highlighted that many organizations lack specific incident response plans for OT, relying instead on general IT plans. Backup plans for power outages often do not address cyber attack scenarios. Effective OT incident response requires a tailored plan that includes data collection, safety procedures, and appropriate tools. In addition, maturity in incident response involves having a detailed, operationally integrated plan that addresses various scenarios, including handling outages and restoring systems without SCADA support. OT and IT ConvergenceTim and Robert discussed several crucial aspects of OT security. They noted that the increasing interconnection between IT and OT systems has elevated the risk of attacks transitioning from IT to OT environments. Additionally, remote access, often used for vendor support, presents a significant security threat.They emphasized the distinct characteristics of OT systems, which necessitate specialized security approaches. Treating OT and IT as identical can lead to dangerous oversimplifications and vulnerabilities. Therefore, security measures must be tailored to the specific needs of OT environments, considering their safety, physical constraints, and unique risks.Tim and Robert also touched on cyber-informed engineering. Key takeaways include recognizing common attack vectors from IT systems, implementing distinct security strategies for OT, and avoiding the assumption that OT and IT are the same. Tailoring security measures to the specific needs and constraints of OT environments is essential for effective protection.Celebrating WinsFinally, Tim and Robert highlighted the importance of celebrating cybersecurity successes, such as defending against VOLTZITE. Recognizing and celebrating these victories can boost morale and encourage teams to continue their efforts. Tim Conway, Senior Instructor, https://www.sans.org/profiles/tim-conway/Tim serves as the Technical Director of ICS and SCADA programs at SANS, and he is responsible for developing, reviewing, and implementing technical components of the SANS ICS and SCADA product offerings. A recognized leader in CIP operations, he formerly served as the Director of CIP Compliance and Operations Technology at Northern Indiana Public Service Company (NIPSCO), where he was responsible for Operations Technology, NERC CIP Compliance, and the NERC training environments for the operations departments within NIPSCO Electric.Robert M. Lee, Fellow, https://www.sans.org/profiles/robert-m-lee/ SANS fellow Robert M. Lee brings to the classroom one of the most valuable and respected of credentials: real-world experience. Robert is the CEO and founder of his own company, Dragos, Inc., that provides cyber security solutions for industrial control system networks. Further viewing; https://youtu.be/BiUpuRk6pvA?si=xQcx9oiJOxQu0n7H#mysecuritytv #otcybersecurity

Podcast: OT Security Made Simple PodcastEpisode: OT Security Made Simple | How programming language Rust makes for a more secure product codePub date: 2024-08-15This episode sees Rhebo Head of Development, Martin Förster, taking the driver's seat. He talks to fellow developers Ingmar Pörner & Raphael Peters about how programming language Rust makes for robust and secure software and what a high-quality development process in an OT security company looks like.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: OT Security Made Simple PodcastEpisode: OT Security Made Simple | Richtige Cybersicherheits-Invest-Entscheidungen brauchen zuerst eine OT-Security-StrategiePub date: 2024-07-15In dieser Folge von Rhebos OT Security Made Simple erklärt Matthias Maier vom SIEM-System-Hersteller Splunk, warum eine OT-Sicherheitsstrategie auf Managementlevel unumgänglich ist, um bei der Tool-Auswahl die richtigen Investment-Entscheidungen zu treffen. Er erläutert die einzelnen Schritte und verdeutlicht noch einmal die Verantwortung des Managements bei der Cybersicherheit der OT, insbesondere mit Blick auf NIS2 und Co. The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Where in the world are Adam and Cristian? In this episode, they're coming to you live from São Paulo, Brazil, where they sat down with a special guest: Fernando Madureira. Fernando is the Global CISO of Cosan, a Brazilian conglomerate of several businesses spanning energy, transportation and logistics, and other sectors that operates around the world. Given Cosan's size and the nature of its business, Fernando has a broad range of threats at top of mind. Operational technology (OT) security is a key concern because adversaries seek access to OT devices and traffic, and it requires a different mindset and technology than a modern IT environment. Social engineering is another, as adversaries attempt to disguise themselves as employees to manipulate customers and partners. Tune in to hear a conversation that explores OT security, modern phishing scams and how the Global CISO of a major company is taking steps to protect it.

Podcast: Secure Insights with NDK CyberEpisode: NDK's Top 3 of Season 3: 'The future of OT Security is so exciting' with Danielle JablanskiPub date: 2024-07-03Our top podcast episode of Season 3 is back in the spotlight, and it's a must-listen! Join us as we revsit our time meeting with Danielle Jablanski, exploring the exciting future of cybersecurity!. We explore the fascinating realm of smart cities and their development, while also delving deep into Danielle's expertise in OT security challenges and navigating legacy technology hurdles.The podcast and artwork embedded on this page are from NDK Cyber, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

In this episode, host Raghu Nandakumara sits down with Carlos Buenano, CTO, OT at Armis, to discuss his path to OT security, the importance of Zero Trust in industrial environments, and how to make progress in security while not compromising productivity.--------“They are not in charge of security. Until now they haven't been accountable  to basically provide security. Okay. Of course, they are concerned about being disrupted, the operations being disrupted.” - Carlos Buenano--------Time Stamps:(08:39) How to discuss security with OT practitioners(13:49) Why we have so many legacy systems in OT and OT's perspective on security (24:19) Adoption of Zero Trust in OT environments and challenges (39:23) Pros and cons of the American and European approaches, how to accelerate adoption(44:15) Relevance of AI in the OT space--------SponsorAssume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. Learn more at illumio.com.--------LinksConnect with Carlos on LinkedIn

Industrial Talk is chatting with Huxley Barbee, Security Evangelist at runZero about “OT Security vs IT Security and Passive vs Active Scanning.”  The following is a summary of our conversation: Cybersecurity and OT with Huxley from Run Zero. 0:00 Palo Alto Networks provides comprehensive security solutions for all assets, networks, and remote operations. Huxley Barbee, security evangelist at runZero, discusses cybersecurity and the importance of staying connected and safe in the digital world. Industrial Talk is a platform dedicated to amplifying voices and solving problems through various mediums, including podcasts, videos, and webcasts. Cybersecurity in IoT, OT, and ICS environments. 4:36 Security evangelist at Ron zero discusses chasm solution for cyber asset attack surface management. Huxley highlights the importance of security in IoT and OT environments, emphasizing that it's often an afterthought. Scott MacKenzie agrees, noting that security should be a priority from the beginning of a project, rather than an add-on later on. Industrial control systems security. 9:13 Scott MacKenzie and Huxley discuss the importance of aligning security and operations in an organization, with Huxley highlighting the need for more conversations to understand the importance of including security in planning and decision-making. Huxley notes that operational teams may prioritize mechanical problems over security updates, but this can lead to negative consequences, such as security breaches or outages, which can affect the way devices operate. Huxley emphasizes the importance of knowing what assets are present in an OT or ICS environment for proper security controls. Cybersecurity risks in industrial control systems. 14:04 Huxley emphasizes the importance of selecting security controls commensurate with the value of assets. Huxley highlights the irony of introducing security measures to avoid outages, only to inadvertently cause them. Vendors and devices create variety and complexity in IoT security. Active scanning techniques for IoT devices. 20:02 Huxley explains how active scanning techniques can cause real-world problems, such as network outages, due to the way they are implemented. The speaker highlights the bias against active scanning that has developed as a result of poor deployments in the past. Huxley argues that active scanning can be safe for OT and ICS environments with proper development. Active vs passive device discovery in cybersecurity. 24:19 Active scanning involves customizing security measures based on specific devices, while passive discovery tends to be more costly and effortful. Huxley discusses the challenges of passive discovery in network traffic analysis, including the need for multiple collectors and the difficulty of deploying collectors in the right locations. Huxley also highlights the advantages of active scanning over passive discovery, including the ability to be targeted and thorough in...