@BEERISAC: OT/ICS Security Podcast Playlist

Emphasizing the importance of collaboration and communication, Mike Holcomb shares his extensive experience and practical insights into securing ICS and IoT environments. Holcomb, ICS/OT cybersecurity global lead at Fluor, stresses mastering basic cybersecurity fundamentals and asset inventory, along with the nuances of integrating IT and OT security. The episode aims to bridge gaps between IT and OT teams to fortify defenses against sophisticated cyber threats.

Listeners will gain valuable insights into critical takeaways, including:

1. Real-World Impact of Cyber Attacks: Mike explains how high-profile incidents, such as Colonial Pipeline and Triton, highlighted the physical consequences of cyber threats, making clear that OT security is a top priority for critical infrastructure.
2. Bridging the IT-OT Divide: The discussion underscores the need for IT and OT teams to collaborate, as a lack of communication and understanding can leave vulnerabilities open to exploitation.
3. Achievable Defense Strategies: From basic network segmentation to secure remote access, Mike provides practical, accessible steps to strengthen ICS/OT security without overwhelming smaller teams.

Let’s connect about IoT Security!

Follow John Vecchi at https://www.linkedin.com/in/johnvecchi

The IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

In this episode of The Security Sandbox, hosts Vivek Ponnada and Sandeep Lota will dive into the top cybersecurity trends that shaped 2024 and discuss our predictions for 2025, including:

▶️ The impact of emerging technologies like AI on cybersecurity
▶️ The latest trends in threat actor tactics targeting operational technology
▶️ How zero trust initiatives are changing industrial network architecture
▶️ The growing role of Secure by Design principles
▶️ Upcoming regulations driving cybersecurity enhancements across industries
▶️ Why proactive defense in OT environments will be a key initiative in 2025

Visit Our Website

Follow Us on LinkedIn

When we think of IoT, we first think of our smart light bulbs, our smart TVs, our smart baby monitors. However, we don't typically associate IoT with high-performance race cars, and yet they collect terabytes of data each race. Austin Allen, Director of Solutions Architecture at Airlock Digital, discusses the growing presence of smart devices and the responsibility of securing them—should it be the developers who write the code, or the individuals who implement it?

Join Derek Harp and his guests from Rapid7—Lonnie Best, William Price, and Nicholas Butcher—as they delve into the critical challenges and exciting opportunities within the Operational Technology (OT) and Industrial Control Systems (ICS) cybersecurity landscape. Recorded live at Hack the Capitol 7.0, this episode highlights the growing demand for OT cybersecurity, innovative approaches to managing threats, and the evolving dynamics between IT and OT professionals.

In this episode, the panel discusses real-world examples of managing ICS threats, the nuances of integrating OT into traditional IT security frameworks, and the importance of trust and communication in bridging gaps between teams. Learn how managed security services are adapting to meet the unique demands of OT environments and why collaboration across roles and expertise is essential.

Whether you’re a seasoned professional or new to the field, this episode offers actionable insights and inspiring stories that highlight the importance of securing critical infrastructure in today’s evolving threat landscape.

Visit cs2ai.org to learn more about resources, events, and professional development opportunities in OT and ICS cybersecurity.

In this episode, host Aaron Crow is joined by special guest  Mike Holcomb to discuss the intricate realm of Industrial Control Systems and Operational Technology (ICS/OT) cybersecurity. The episode also spotlights the upcoming event B Sides ICS, an open and community-centric conference set to run alongside the prestigious S4 conference in Tampa.

Mike Holcomb provides insights into the much-anticipated ticket sales for the event and underscores the importance of submitting papers or presentations by the end of the year. The discussion emphasizes the significance of expertise in OT, cyber, and enterprise operations for top-level management and how events like B Sides ICS and S4 promote networking, learning, and professional development.

Listeners will gain a deeper understanding of the origins of B Sides events, the excitement surrounding B Sides ICS, and the impactful discussions and innovations poised to shape the future of ICS/OT cybersecurity. Whether the audience comprises newcomers or seasoned professionals, this episode offers valuable takeaways for everyone.

Key Moments: 

00:00 Educating and supporting ICS & OT cybersecurity communities.

04:28 Passionate about learning and sharing cybersecurity knowledge.

08:59 B Sides: Global community-focused conference events.

10:43 Bringing B-Sides to Greenville increased attendance.

16:29 Promote diverse perspectives in OT cybersecurity.

19:01 Active Directory challenges in IT-OT integration.

21:07 Active Directory simplifies system management, poses risks.

28:57 Lean on IT for the correct Active Directory setup.

31:52 Availability is crucial in an OT environment.

34:14 Integrating IT and OT for enhanced cybersecurity collaboration.

36:16 IT and OT integration needs improvement.

40:54 Exploring cybersecurity in ICSOT across various sectors.

About the guest : 

Mike Holcomb is the Fellow of Cybersecurity and the ICS/OT Cybersecurity Global Lead for Fluor, one of the world’s largest engineering, procurement, and construction companies. His current role provides him with the opportunity to work in securing some of the world’s largest ICS/OT environments, from power plants and commuter rail to manufacturing facilities and refineries. He has his Masters degree in ICS/OT cybersecurity from the SANS Technology Institute. Additionally, he maintains cyber security and ICS/OT certifications such as the CISSP, GRID, GICSP, GCIP, GPEN, GCIH, ISA 62443, and more.

He posts regularly on LinkedIn and YouTube to help others learn more about securing ICS/OT and critical infrastructure.

How to contact Mike: 

Website : https://www.mikeholcomb.com/

Youtube :  https://www.youtube.com/@utilsec

LinkedIn: https://www.linkedin.com/in/mikeholcomb/

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: [email protected] 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at [email protected]

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

The practice of engineering dates back thousands of years, incorporating science and mathematics to solve problems in the ancient world, and remains a key requirement for developing the complex digital systems controlling the physical systems core to our modern way of life. Unfortunately connectivity and complexity have created a vulnerability we must now engineer our way out of, and just like risk management, engineering is about balancing constraints.

Andrew Ginter is a recognized thought leader within the industrial security space with decades of real world experience and the willingness to distill that knowledge into a series of book on operational technology cybersecurity. Mr. Ginter's latest book "Engineering-Grade OT Security, a manager's guide" explores risk elements over multiple chapters and provided a great intersection with ESRM principles.  A self professed collector of industry wisdom, Andrew was quick to highlight Cyber Informed Engineering principles for security engineering within OT and call out calculation issues when risk assessing black swans yet also offering an elegant approach to resolution. 

Due to a technical glitch, this episode joins Andrew, Tim and Doug in mid-conversation about Cyber Informed Engineering instead of the typical introduction banter of most episodes.


 

In dieser Episode von OT Security Made Simple sprechen wir mit Gerald Krebs von TÜVIT über den Stand der NIS2-Umsetzung in Unternehmen. Gerald erläutert, warum Unternehmen Cybersicherheit gerade auf die lange Bank schieben und wie das Aussitzen schnell ein paar Millionen Euro kosten kann (nicht nur wegen der Strafen!). Viel wichtiger aber: Gerald gibt Tipps, wie Unternehmen die ersten Schritte nehmen können, ohne sich selbst zu überlasten.

We speak with Shahmeer Amir, CEO & Co-Founder of SpeeQR and his activities in hacking satellite transmissions.

Shahmeer stands as a globally recognized Entrepreneur, world renowned public speaker and Ethical Hacker, awarded Entrepreneur of the year 2024 for founding multiple startups including Speeqr and also ranking as the third most accomplished bug hunter globally. Shahmeer has been invited to speak at 130 international conferences including Blackhat, DefCON, GiSec, National Security Summit, One Conference, and International Cyber Security. His expertise has been instrumental in assisting over 400 Fortune companies, such as Facebook, Microsoft, Yahoo, and Twitter, in resolving critical security issues within their systems. Shahmeer's entrepreneurial ventures in the technology realm have led to the establishment of multiple startups, with his current role involving the leadership of Speeqr, and involvement in Veiliux and Authiun. He serves as the Cyber Security Advisor to the Ministry of Finance in the Government of Pakistan. His involvement spans various projects, including Deep Sea Tracking, Digital Transformation of Legislation, and the Digitization of Pakistani Cultural Content. As a testament to his influence in the tech industry, he holds a position on the Forbes Technology Council.

Cyber Security Asia 2024 took place on 7 – 8 October 2024 at ParkRoyal Hotel, Kuala Lumpur – bringing together top experts and practitioners for in-depth talks, and exclusive networking opportunities. It is a platform for the development of partnerships and strategies and highlights the latest technologies that are ensuring the safety and security of government, industry and individual.

#mysecuritytv #austaraliainspacetv #csa2024 #spacecyber

In this episode of the Bites and Bytes Podcast, Kristin Demoranville is joined by Radojka Barycki, Director of Training and Consulting at Safe Food Alliance and a food safety expert with nearly 25 years of experience.  Together, they explore how cybersecurity and food safety are becoming inseparable in today’s technology-driven world.  Radojka shares her perspectives on emerging challenges like AI and traceability, the role of proactive strategies in protecting global food systems, and why trust is the foundation of food safety.  With stories from her personal journey and actionable insights for industry professionals, this episode sheds light on how innovation can both secure and transform the food industry.  A must-listen for those passionate about food safety, technology, and consumer protection!

_______________________________________________

Episode Key Highlights:

(0:02:09) - Food Defense and Cybersecurity Collaboration
(0:03:20) - Awareness of Cybersecurity Threats in Food
(0:05:55) - Personal Risk Assessments and Security Mindsets
(0:11:26) - Integrating Cybersecurity in Food Safety Audits
(0:13:37) - Vulnerabilities in Automated Food Processes
(0:16:17) - Challenges in Traceability and AI Adoption
(0:19:00) - Reactive Policies vs. Proactive Prevention in Food Safety
(0:22:28) - Impacts of Food Safety Incidents on Consumer Trust
(0:27:56) - Resources for Food Defense and Risk Assessment

_______________________________________________

Show Notes:

Traceability rule: 

https://www.qualityassurancemag.com/news/navigating-the-new-fda-food-traceability-rule-meeting-requirements-and-enhancing-safety/

Food Adulteration: 

https://www.fda.gov/food/food-safety-modernization-act-fsma/fsma-final-rule-mitigation-strategies-protect-food-against-intentional-adulteration

Food Safety Modernization Act (FSMA): 

https://www.fda.gov/food/guidance-regulation-food-and-dietary-supplements/food-safety-modernization-act-fsma

Food Defense: 

https://www.fda.gov/food/food-defense

AI for Traceability: 

https://www.food-safety.com/articles/9387-development-and-application-of-ai-for-food-processing-and-safety-regulations#:~:text=Current%20AI%20technologies%20can%20be,enhance%20traceability%20for%20food%20safety.&text=This%20could%20facilitate%20a%20quicker,of%20food%20contamination%20or%20recall.

Carrot Juice Cotulism Incident 2006:

https://www.cidrap.umn.edu/botulism/fourth-botulism-case-linked-carrot-juice

Hazard Analysis Critical Control Point (HACCP) & the Seven Principles:

https://food.unl.edu/article/haccp-seven-principles

Peanut Corporation of America and FSMA:

https://www.nejm.org/doi/full/10.1056/NEJMp1109388

Boars Head Incident 2024:

https://www.marlerblog.com/case-news/boars-head-listeria-outbreak-deemed-over-19-states-61-sick-60-hospitalized-with-10-dead/

McDonald’s Onion E. coli Incident 2024:

https://www.cdc.gov/ecoli/outbreaks/e-coli-O157.html#:~:text=Recalled%20food,onions%20before%20they%20got%20sick.

Spinach E. coli Outbreak 2006:

https://archive.cdc.gov/www_cdc_gov/ecoli/2006/spinach-10-2006.html

Tesla products mentioned:  Cybercab, Robovan, Bot

https://www.tesla.com/we-robot

Satellite made of wood called LignoSat (Japanese):

https://physicsworld.com/a/timber-japan-launches-worlds-first-wooden-satellite-into-space/#:~:text=Researchers%20in%20Japan%20have%20launched,the%20logging%20firm%20Sumitomo%20Forestry.

FDA:

https://www.fda.gov/

Food Defense Plan Builder:

https://www.fda.gov/food/food-defense-tools/food-defense-plan-builder

Food Defense Mitigation Strategies Database:

https://www.hfpappexternal.fda.gov/scripts/fooddefensemitigationstrategies/index.cfm

_______________________________________________

🌟 Exciting News!  AnzenSage, the company behind the Bites and Bytes Podcast, has been selected as a finalist for the 2024 Loudoun Innovation Challenge! 🏆 But we need your support to win the People’s Choice Award!

🗳️ Voting is open NOW until Wednesday, December 4 at midnight (EST), and it only takes a few seconds—no email required!   Cast your vote for AnzenSage here: https://www.surveymonkey.com/r/P95VYR2 ✅

Thank you for helping us raise awareness about the critical cybersecurity risks in food and agriculture! 🌾🔒 Your support means the world! 💛

_______________________________________________

BSides ICS/OT Conference 🎉🌟

Feb. 10, 2025, in Tampa, Florida 🌴 (the day before S4x25 Conference)

🔗 https://www.bsidesics.org/

Call for Papers is OPEN till 12/31/24!

Registration is OPEN:  https://www.eventbrite.com/e/bsides-icsot-tickets-1078099778459

General Admission is $30, and Student/Veteran is $20!

Questions or Need more information?  Email [email protected]

_______________________________________________

Bites and Bytes Podcast Info:

TikTok

Website:  Explore all our episodes, articles, and more on our official website.  Visit Now

Merch Shop:  Show your support with some awesome Bites and Bytes gear! 🧢👕 Shop Now

Blog:  Stay updated with the latest insights and stories from the world of cybersecurity in the food industry.  Read Our Blog

Audience Survey:  We value your feedback!  Help us make the podcast even better.  Take the Survey

Schedule a Call with Kristin:  Want to share your thoughts?  Schedule a meeting with Kristin!  Schedule Now

Bryson is joined by Sara Patrick, President and CEO at the Midwest Reliability Organization (MRO) to discuss cyber threats, mitigation strategies, and the United States energy infrastructure system. A lawyer by training, Sara led MRO’s enforcement group and compliance monitoring team for 16 years before stepping into her position as CEO. 

What risks does AI pose to maintaining a reliable grid? How does MRO build resilience into the Northeast bulk power grid? What do smaller organizations need to be able to mitigate threats? 

“When we think about operations, we're a lot of times focused on the bigger organizations. But from a cyber perspective, it really doesn't matter the size of your organization. You're all susceptible,” Sara explained. 

Join us for this and more on this episode of Hack the Plan[e]t. 

Hack the Plant is brought to you by ICS Village and the Institute for Security and Technology.

This episode delves into the pivotal issues surrounding the 2024 election and Mississippi's policy landscape. Lucien Smith shares his expert analysis on the presidential race, critical battleground states, and the implications for both the nation and Mississippi. The conversation also explores the state’s path toward universal school choice, tax reform, and structural government changes ahead of the 2025 legislative session. Gain unique insights into what’s at stake for Mississippi’s political and educational future, along with a look at emerging leadership for the 2027 gubernatorial race. Don’t miss this deep dive into the decisions shaping Mississippi and beyond.

In Episode 33, Aaron Crow explores the transformative impact of automation and AI in the Operational Technology (OT) sector, joined by industry expert Shane Cox from Morgan Franklin Cyber. This episode deepens how AI and automation can enhance security operations when balanced with human oversight and strategic implementation.

Shane Cox shares insights on Morgan Franklin's flexible and expert-driven approach to Managed Detection and Response (MDR) services, emphasizing the importance of tailored client partnerships and continuous collaboration. The discussion highlights the potential of AI to revolutionize security while addressing the unique challenges and risks of integrating automated solutions.

Tune in to learn how the right blend of technology, expertise, and strategy can drive effective security solutions and foster long-term client relationships in today's evolving cybersecurity landscape.

Key Moments: 

05:15 Flexible, evolving security service, partnership-focused approach.

07:06 Diverse tools are essential for all organizations.

12:58 Weekend setup complete; improved over subsequent months.

15:30 MDR/XDR: Cloud-based threat detection and response.

18:21 Flexible MDR service integrates client environments efficiently.

21:38 Integration speeds up threat detection and response.

24:52 Cautious automation best balances efficiency and control.

29:50 AI assists coding by highlighting potential errors.

32:12 People are crucial for effective security automation.

35:51 Superior team preferred over superior product.

39:06 AI integration risks due to untested promises.

41:46 Adapting security training amidst AI automation challenges.

Guest Profile: 

Shane Cox leads the Cyber Fusion Center at MorganFranklin Cyber where he is responsible for the delivery of managed services such as Orion MDR, Advanced Detection and Response (ADR), Threat Hunting, Adversary Simulation, Cyber Threat Intelligence (CTI), and Incident Response and Management. 

Shane has over 25 years of experience in IT and Cyber Security, leading the development and optimization of security programs within enterprise and managed services environments. He has deep experience and success providing customized, business-aligned security outcomes for a diverse range of client environments and industry verticals. 

How to connect with Shane:

https://www.linkedin.com/feed/update/urn:li:activity:7264640034891337730

https://www.sdxcentral.com/articles/stringerai-announcements/morganfranklin-consulting-launches-orion-mdr-service-with-stellar-cyber/2024/11/

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: [email protected] 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at [email protected]

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

In dieser Episode von OT Security Made Simple begrüßen wir Rainer Stecken vom Deutschen Verein des Gas- und Wasserfaches. Rainer zeigt die Herausforderungen im Wassersektor auf und stellt das Konzept eines Sektor-SOCs vor, das seit Anfang 2024 die Cybersicherheit mehrerer Wasserunternehmen zusammenführt.

What would happen if your GPS signal were jammed? It would impact more than just navigation – you'd also lose access to financial data and power. Joe Marshall, Senior IoT Strategist and Threat Researcher at Cisco Talos, discusses an innovative solution to maintain the country's power grid operations in the event of GPS jamming, whether it's a precautionary measure or an act of war.

Explore the fast-evolving field of OT cybersecurity with Emma Duckworth, a professional whose journey from chemical engineering to securing operational technologies highlights the growing need for cross-functional collaboration in industrial environments.

Emma shares her experiences working on the plant floor, the challenges of uniting IT and OT teams, and the role of emerging technologies like intrusion detection and prevention systems in safeguarding manufacturing processes.

Gain practical insights into career paths, mentorship, and the critical importance of hands-on learning in this dynamic industry.

Chapters:

• 00:00:00 - A Fresh Look at OT Cybersecurity
• 00:01:29 - From Chemical Engineering to Cybersecurity: Emma's Path
• 00:02:36 - Thriving in a Rapidly Evolving Industry
• 00:04:35 - Tools of the Trade: Technologies Transforming OT Security
• 00:05:21 - Bridging the Gap: IT and OT Collaboration Challenges
• 00:08:25 - The Cutting Edge: Emerging Trends and Remote Access
• 00:10:20 - Building a Cybersecurity Career: Emma’s Advice
• 00:15:03 - Looking Ahead: Emma’s Vision for the Future
• 00:18:08 - Key Takeaways and Parting Insights

Links And Resources:

• Velta Technology
• Dino Busalachi on LinkedIn
• Jim Cook on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Derek Harp hosts Virginia "Ginger" Wright, a program manager at Idaho National Laboratory, known for her pioneering work in cybersecurity for critical infrastructure. Ginger shares the history and importance of Cyber Informed Engineering (CIE) and how this engineering philosophy integrates safety protocols directly into the design of industrial systems, making them resilient against cyber threats. They discuss the origins of CIE in nuclear energy safety, the unique assets of Idaho National Laboratory, and the vital role engineers play in safeguarding critical infrastructure. Ginger also dives into practical resources like the Cyber Informed Engineering Implementation Guide, sharing how organizations and educators can adopt this methodology. Join us for insights into CIE’s impact on the future of OT and ICS cybersecurity.

Recent years have seen a growing awareness of the vulnerabilities in our critical infrastructure to cyberattacks, particularly from nation-states like Russia, Iran, and China. In this episode of the IoT Security Podcast, host John Vecchi welcomes Khris Woodring, Senior Cybersecurity Architect at Syngenta, to explore the evolving challenges and opportunities in securing critical infrastructure. From his serendipitous journey into the field to actionable insights on workforce development, Khris shares how industries can overcome the persistent talent gap and drive proactive change in OT security.

Key topics include:

• The unique challenges of bridging IT and OT security.
• Why workforce shortages hinder progress and how industry and academia can collaborate.
• The importance of standardizing roles, frameworks, and terminology.
• Stories of how early curiosity sparked a career in cybersecurity.

Tune in for a passionate discussion on how to protect the systems that make modern life possible—and the steps we can take to secure a resilient future.

Let’s connect about IoT Security!

Follow John Vecchi at https://www.linkedin.com/in/johnvecchi

The IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

In this episode, Aaron is joined by Paul Shaver, an experienced OT security consultant from Mandiant, part of Google Cloud. Together, they navigate the nuanced landscape of operational technology (OT) cybersecurity.

The episode begins with Aaron recalling a critical incident at a power plant that underscores the potential pitfalls in OT environments. This sets the stage for a rich discussion on the evolution of OT technology, with Aaron and Paul reminiscing about primary domain controllers and early NT workstations.

The conversation shifts to the future of OT in the cloud, where Paul highlights the benefits of cloud solutions, including enhanced resiliency, security, and data optimization through AI. A compelling customer case study illustrates modern technology adoption with web-based HMIs and Chromeboxes.

Paul offers a detailed analysis of the current OT cybersecurity landscape, addressing the persistent legacy system challenges and the need for a cohesive IT-OT security strategy. He discusses the evolving threat landscape influenced by global geopolitical tensions and the rise of zero-day vulnerabilities.

Listeners will gain practical insights into foundational cybersecurity measures, such as network segmentation, asset inventory management, and robust access control..

Key Moments: 

04:14 Connecting IT and OT optimizes processes securely.

09:54 Lost production severely impacts manufacturing revenue recovery.

14:06 Ensure network notifications; control access, separate credentials.

17:10 Engineers need secure access to adjust parameters.

21:55 Endpoint detection on older systems is critical.

28:47 Resilience is crucial in CrowdStrike incident response effectiveness.

32:11 Limited resources for global incident response efforts.=

39:22 Rebuilt domain controller caused authentication issues.

42:37 Focus on resiliency and cloud opportunities, leveraging multi-cloud.

44:59 Improve grid operations using cloud and hyper-converged technology.

48:38 Local cloud provides redundancy for remote sites.

51:15 Critical for acquisition process and problem-solving.

About the guest : 

Paul Shaver has dedicated more than two decades to various roles in Operational Technology (OT), primarily within the oil and gas industry. His expertise spans OT architecture, design, and build, along with run and maintaining responsibilities as an asset owner. 

Before transitioning into cybersecurity, Paul served as a Technology Director for an oil and gas company in California. Driven by a burgeoning interest in security, he joined Mandiant nearly five years ago. At Mandiant, now part of Google, Paul relishes the mission of enhancing security postures in OT and critical infrastructure, contributing to significant advancements in the field.

How to connect Paul: https://www.linkedin.com/in/pbshaver/

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: [email protected] 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at [email protected]

Dale Peterson speaks with Joel Langill, the SCADAHacker, about his new training course entitled Conducting Threat, Vulnerability, and Risk Assessments For ICS. A two day version of this course will be offered prior to S4x25. 

Of course Dale and Joel jump around a bit on training, the workforce and other items. Take a listen.

As the holidays approach, manufacturing and critical infrastructure organizations face unique cybersecurity challenges due to reduced staffing and associated increased vulnerabilities.

This episode delves into practical strategies for senior leaders and plant managers to secure their operational technology (OT) environments without disrupting production.

By adopting continuous monitoring, fostering cross-functional IT-OT collaboration, and engaging OT-specific vendors, organizations can reinforce their cyber resilience.

Through real-life scenarios, the hosts discuss how proactive planning and structured security practices are vital to maintaining operational continuity and mitigating risks in complex industrial settings.

Chapters:

• 00:00:00 - Introduction to Cybersecurity Challenges During the Holiday Season
• 00:00:52 - Cybersecurity Missteps Putting the C-Suite at Risk
• 00:14:06 - Holidays & Hackers: Keeping Industrial Control Systems Safe

Links And Resources:

• Velta Technology
• Dino Busalachi on LinkedIn
• Jim Cook on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

In this episode, host Derek Harp sits down with Bryson Bort and Tom Van Norman, co-founders of ICS Village and creators of Hack the Capital. They discuss the origins and evolution of Hack the Capital, now in its seventh year, and the conference’s unique focus on bridging cybersecurity professionals with policy makers and industry leaders. They dive into the value of hands-on learning, the launch of Workforce Development Day, and the ongoing need for practical cybersecurity education and career opportunities for all. Bryson and Tom also highlight the significance of candor in the field and what attendees can look forward to at future conferences. Tune in for insights into the world of OT and ICS cybersecurity, hands-on training, and the importance of building community partnerships.

In this episode of the Bites and Bytes Podcast, host Kristin Demoranville welcomes her good friend and former colleague, Mike Delaney, a seasoned corporate lawyer and partner with expertise in complex legal matters across industries. With over two decades of experience, Mike has held leadership roles at multinational corporations, where he managed global compliance, risk, and corporate governance.

Kristin and Mike explore the real-world challenges in food cybersecurity, sharing stories from their work together and discussing how industries like food manufacturing and supply chains adapt to meet today’s cybersecurity threats. From legal and compliance perspectives to human and technological considerations, this episode contains practical insights and firsthand experiences.

_______________________________________________

Show Notes:

DISARM Framework:

https://www.disarm.foundation/framework

Beekeeper movie: 

https://www.imdb.com/title/tt15314262/

SEC Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies:

https://www.sec.gov/newsroom/press-releases/2023-139

Form 8-K: 

https://www.sec.gov/files/form8-k.pdf

_______________________________________________

Episode Key Highlights:

(0:00:00) - Food Memories and Personal Connections

(0:06:50) - Industry’s Push for Modernization in Cybersecurity

(0:21:00) - Key Supply Chain Vulnerabilities in Food

(0:31:28) - SEC’s New Cybersecurity Reporting Rules

(0:43:00) - Rising Cyber Threats Targeting Food Sector

_______________________________________________

Bsides ICS/OT Conference 🎉🌟

Feb. 10, 2025 in Tampa, Florida  🌴  (day before S4x25 Conference)

🔗 https://www.bsidesics.org/

Call for Papers is OPEN till 12/31/24!

Registration is OPEN:  https://www.eventbrite.com/e/bsides-icsot-tickets-1078099778459

General Admission is $30 and Student/Veteran is $20!

Questions or Need more information email [email protected]

_______________________________________________

Bites and Bytes Podcast Info:

TikTok

Website:  Explore all our episodes, articles, and more on our official website.  Visit Now

Merch Shop:  Show your support with some awesome Bites and Bytes gear! 🧢👕 Shop Now

Blog:  Stay updated with the latest insights and stories from the world of cybersecurity in the food industry.  Read Our Blog

Audience Survey:  We value your feedback!  Help us make the podcast even better.  Take the Survey

Schedule a Call with Kristin:  Want to share your thoughts? Schedule a meeting with Kristin!  Schedule Now

In this episode, host Aaron Crow addresses the pressing issue of cybersecurity for small and medium-sized businesses. With their limited budgets and resources, these enterprises are often prime cyberattack targets.

Aaron explains why these businesses are particularly vulnerable, the potentially devastating impacts of a cyber incident, and practical measures they can adopt to strengthen their cybersecurity without incurring significant costs.

Listeners will uncover insights on establishing basic cybersecurity policies, the critical importance of monitoring, and strategies for preparing for potential breaches. 

This episode is filled with valuable tips that could ensure the survival and success of your business amid today's escalating cyber threats.

Key Moments; 

00:00 Cybersecurity challenges and solutions for small businesses.

03:24 Startups are vulnerable due to inadequate cybersecurity measures.

06:30 Use secure passwords, educate employees, and use tools.

11:26 Segregate networks to protect sensitive data.

14:46 Effective monitoring requires time, effort, and setup.

16:10 DNS filtering blocks malicious sites, prevents attacks.

20:29 Plan proactively to manage events before crises.

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: [email protected] 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at [email protected]

We had the privilege of speaking with Steven Sim, Chair of the OT-ISAC Executive Committee, during the recent summit in Singapore. As a seasoned expert in operational technology (OT) cybersecurity, Sim shared valuable insights into the importance of information sharing, the growing threat of ransomware, and the transformative role of AI in cybersecurity.

Kicking off the podcast, Steven introduced the Executive Committee and its pivotal role in driving OT-ISAC’s mission to foster a collaborative community and promote best practices. By providing advisory support and strategic guidance, the committee ensures OT-ISAC stays at the forefront of cybersecurity initiatives.

Balancing Information Sharing and Confidentiality

One of the most pressing challenges in OT cybersecurity is striking the right balance between information sharing and safeguarding sensitive data. He explained that OT-ISAC has implemented robust measures, such as the Traffic Light Protocol and data anonymization techniques, to protect confidentiality while promoting collaboration. The platform also employs protocols like STIX and TAXII to automate the exchange of cyber threat intelligence, enabling members to quickly share and respond to emerging threats.

Cross-Jurisdictional Collaboration

With cyber threats spanning borders, cross-jurisdictional collaboration is essential. Sim highlighted that OT-ISAC allows members to share threat intelligence across different regions without breaching data sovereignty regulations by anonymizing the information sources. This approach strengthens global defenses against transnational cyberattacks.

The Growing Threat of Ransomware

Ransomware remains a significant risk to OT environments. Steven urged organizations to avoid paying ransoms, citing the risks and long-term consequences. Instead, he emphasized the importance of investing in strong business continuity and incident response plans. By focusing on resilience and preparedness, organizations can minimize their exposure to future attacks.

AI’s Role in OT Cybersecurity

He also discussed the potential of AI in OT cybersecurity, noting its ability to streamline incident response and improve threat detection. However, he cautioned that while AI offers powerful advantages, it must be implemented with human oversight to manage the risks associated with automated systems.

Steven Sim has worked for more than 25 years in the cybersecurity field with large end-user enterprises and critical infrastructures, undertaken global CISO role, driven award-winning CSO50 security governance and management initiatives and headed incident response, security architecture, technology, awareness and operations at local, regional and global levels. He leads cybersecurity across large MNC, heading 8 direct reports at Group Cybersecurity Department as well as indirect reports across regional offices and local business units in 42 countries.

He oversees both IT and OT Security Governance, Global Cybersecurity Technology Management and Incident Response as well as Cyber Security Masterplan Office.

Always keen to give back to the community, he also volunteers at the ISACA Singapore Chapter (which won ISACA Global Outstanding Chapter Achievement in 2022) as the President (from 2021 to 2022) and OT-ISAC (since 2021), the second key thrust of the SG's OT Cybersecurity Masterplan 2019, as Chair Executive Committee, as well as member of Geneva Dialogue Technical Community, and holds Masters in Computing, CCISO, CGEIT, CRISC, CISM, CISA, CDPSE, CISSP as well as technical certifications GICSP, GREM, GCIH and GPPA.

Recorded 5th Sept 2.30pm. Singapore Operational Technology Information Sharing and Analysis Summit 2024

#otcybersecurity #mysecuritytv #cybersecurity #singaporecybersecurity

Cybercriminal tactics against ICS include direct threats against individuals for MFA credentials, sometimes escalating to physical violence if they won’t share. Jim Coyle, US Public Sector CTO for Lookout, warns about the increasing use of Android in critical Industrial Control Systems (ICS), such as HVAC systems, and how stealing MFA tokens from mobile devices could affect critical services like healthcare, finance, and water supply, depending on the goals of the attackers.

Businesses and government organizations have seen threats to critical US infrastructure on the rise in recent years, particularly within IoT and OT systems, posed by cyberattacks, notably from state actors like Iran. With that context, Joel Goins, a veteran of manufacturing, oil and gas, and OT security at large, talks with John Vecchi about the critical need for enhanced security measures for data centers and other vital components, the vulnerabilities present in IoT devices, and the essential steps companies must take to safeguard against both traditional and emerging cyber threats.

Let’s connect about IoT Security!

Follow John Vecchi at https://www.linkedin.com/in/johnvecchi

The IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

In this episode, the conversation centers on the critical role of operational technology (OT) security and the unique contributions of the S4 Conference. Dale Peterson shares his journey and insights into the challenges of underrepresentation in cybersecurity, especially for women and other groups, and highlights innovative scholarship initiatives aimed at bridging this gap. The discussion also delves into the evolving landscape of AI in cybersecurity, addressing both its potential and the complexities it brings. Listeners will gain valuable perspectives on managing cybersecurity risks, prioritizing investments, and developing effective recovery strategies in OT environments. As we look forward to S4 2025 in Tampa, Florida, this episode offers a glimpse into the future of cybersecurity and the importance of resilience in our systems

Runsafe Security CEO and Cofounder Joe Saunders joins the Nexus Podcast to discuss the strategic shift from certain APTs toward destructive cyberattacks targeting U.S. critical infrastructure. Groups such as Volt Typhoon and Sandworm have aggressively focused their efforts on hacking OT, IoT, and healthcare organizations, opening new fronts that asset owners and operators, as well as manufacturers of embedded systems must now contend with. 

OT Cybersecurity Engineer, Noah Duckworth, joins Dino Busalachi for this episode. They discuss the challenges and nuances of industrial cybersecurity, as he shares insights from his experience working in the OT (Operational Technology) cybersecurity space.

Noah talks about the complexities of integrating traditional IT cybersecurity measures within industrial networks, the specific tools and practices used, and the importance of safe, industry-specific approaches to vulnerability management.

He also provides a perspective on various industrial sectors, such as food and beverage and transportation, and how cybersecurity requirements vary across different verticals and environments.

This episode offers valuable insights into the evolving field of OT cybersecurity and practical advice for professionals interested in protecting critical infrastructure as well as entering the field of industrial cybersecurity.

Chapters:

• 00:00:00 - Introduction to Engineering Problem-Solving in Cybersecurity
• 00:00:46 - Guest Introduction: Meet OT Cybersecurity Engineer & Expert Noah Duckworth
• 00:00:58 - Noah’s Path into OT Cybersecurity and His Industry Experience
• 00:02:13 - Key Differences Between OT and IT Cybersecurity
• 00:03:01 - Addressing Common OT Cybersecurity Challenges and Tools
• 00:06:22 - Navigating Cybersecurity Across Industrial Sectors
• 00:08:06 - Insights for New Professionals in Industrial Cybersecurity
• 00:10:13 - The Evolving Landscape of OT Cybersecurity
• 00:15:22 - Inspiring the Next Generation of Cybersecurity Leaders
• 00:16:35 - Closing Thoughts: Practical Advice for Early-Career Professionals

Links And Resources:

• Velta Technology
• Noah Duckworth on LinkedIn
• Dino Busalachi on LinkedIn
• Jim Cook on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

In this episode, host Aaron Crow is joined by Clint Bodungen, Director of Cybersecurity Innovation at Morgan Franklin Cyber and founder of Threatgen, alongside Michael Welch, Managing Director at Morgan Franklin Cyber. Together, they delve into the ever-evolving world of cybersecurity in honor of Cybersecurity Awareness Month.

Aaron kicks things off by discussing the importance of iterative processes and tabletop exercises in enhancing decision-making and preparedness. The conversation then shifts to the exciting yet complex role of AI in cybersecurity, particularly in operational technology (OT) and critical infrastructure. The experts emphasize the potential of generative AI for data analysis while underscoring the need for human oversight to avoid biases and misinformation.

Clint introduces an “engineering informed cyber” approach to better integrate OT and IT in managing cybersecurity risks, while Aaron stresses the importance of collaboration between cybersecurity professionals and engineers. The episode also tackles balancing convenience and security, the intricacies of password management, and the critical role of communication and trust.

Listeners will gain valuable insights into AI’s role in enhancing security operations, the consequences of system failures, and the debate between compliance and true security. This episode offers expert opinions, real-world examples, and practical advice for navigating today’s cybersecurity challenges. Join us for a comprehensive discussion on protecting our digital world.

Key Moments: 

04:20 Generative AI aids efficient GRC and cybersecurity management.

08:40 AI lacks context for verifying asset information.

11:38 Generative AI creating and automating malware tools.

15:58 Building data centers using decommissioned power plants.

17:14 Regulation growing in infrastructure for compliance security.

22:09 Compliance is binary; partial compliance isn't sufficient.

24:33 Prioritize "engineering informed cyber" for OT resilience.

28:14 Collaboration between IT and OT is essential.

33:54 Frustration with excessive video game security measures.

34:49 Cybersecurity fails due to over-engineering complexity.

40:49 Make security easy with password managers, authenticators.

42:31 AI improves tabletop exercises for comprehensive insights.

45:31 Generative AI augments human capabilities and creativity.

48:08 Automated injects streamline engagement and business continuity.

53:46 Executives misunderstand risk, leading to false security.

54:29 Strong IT security, but vulnerable weak points.

About the Guests : 

Clint Bodungen: 

Clint Bodungen is a globally recognized cybersecurity professional and thought leader with 30 years of experience (focusing primarily on industrial cybersecurity, red teaming, and risk assessment). He is the author of two best-selling books, "Hacking Exposed: Industrial Control Systems" and “ChatGPT for Cybersecurity Cookbook. Clint is a United States Air Force veteran and has worked for notable cybersecurity firms like Symantec, Booz Allen Hamilton, and Kaspersky Lab, and is currently the founder of ThreatGEN and Director of Cybersecurity Innovation at Morgan Franklin Consulting. Renowned for his creative approach to cybersecurity education and training, he has been at the forefront of integrating gamification and AI applications into cybersecurity training; he created ThreatGEN® Red vs. Blue, the world's first online multiplayer computer designed to teach real-world cybersecurity. His latest innovation is AutoTableTop, which uses the latest generative AI technology to automate, simplify, and revolutionize IR tabletop exercises. As AI technology continues evolving, so does his pursuit of helping revolutionize the cybersecurity industry using gamification generative AI. Connect Clint at - https://www.linkedin.com/in/clintb/

Michael Welch : 

Michael Welch has over twenty-five years of expertise in Governance, Risk Management, Compliance and Cybersecurity.  In his role as Sector Lead, Michael  will focus on the importance of cybersecurity in Utilities and Industrial Manufacturing.  Michael understands that robust cybersecurity measures are not just a regulatory requirement but are pivotal in safeguarding the resilience of organizations, safety of its people, and overall economic stability.  Michael has worked for organizations such as NextEra and Duke Energy as well as engineering firm Burns & McDonnell.  In addition, he was the Global CISO for the food manufacturing firm OSI Industries.Some of the certifications he has obtained through his career are Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA), Global Industrial Cyber Security Professional (GICSP), Certified Data Privacy Solutions Engineer (CDPSE) and CMMC - Registered Practitioner Advanced (RPA).  Connect Michael Welch at : https://www.linkedin.com/in/michael-welch-93375a4/

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: [email protected] 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at [email protected]

Hosts Vivek Ponnada and Sandeep Lota share their insights on and exploring topics such as: 

✅ Emerging threats to ICS over the next 12-18 months

✅ Evolving strategies for integrating IT and OT cybersecurity

✅ The future role of AI in ICS cybersecurity

✅ Fostering collaboration between IT and OT teams

Visit Our Website

Follow Us on LinkedIn

** 3 Consecutive Awards for Best Podcast, 2022 - 2024 APEX Awards of Publication Excellence.

In this episode, The Journal’s Digital Editor Maggie MacHale brings the written word to life by reading the article, “Tips for Complying with the NIS2 Compliance Framework.” It’s written by Meghna Subramani, Commercial Product Manager, Network & Cybersecurity, and Andreu Cuartiella, Lifecycle Services Commercial Manager EMEA at Rockwell Automation. 

You’ll learn 7 steps to help you comply with this directive for increasing cybersecurity for industrial firms, utilities and other entities across the European Union.  

Resources from this episode:

• Read the article online: “Tips for Complying with the NIS2 Compliance Framework.”
• Data Bridge Market Research on the European market for operational technology (OT).
• To subscribe to our 4 print magazines (Feb., May, July and Oct.), e-mail Anna Hicks at [email protected].
• Subscribe to our 4 digital magazines at http://rok.auto/thejournal-subscribe.

Hit the “Share” symbol to share this episode with your colleagues who would benefit from this information. And please give us a 5-star rating and a review.

Brought to you by The Journal From Rockwell Automation and Our PartnerNetwork magazine.

This episode we dive into the critical strategies necessary for securing operational technology (OT) environments, with OT/ICS Strategy Lead at CISA, Danielle Jablanski.

Danielle explores the evolving role of CISA in assisting asset owners and government sectors, emphasizing the importance of collaboration and understanding in cybersecurity.

From building resilience against "shiny object syndrome" to prioritizing effective incident response and vendor relationships, this conversation provides valuable insights into crafting an actionable, sustainable OT security strategy.

Danielle also shares how workforce development is crucial in creating a robust cybersecurity posture and discusses CISA’s approach to integrating AI and machine learning into OT security cautiously and strategically.

Chapters:

• 00:00:00 - Understanding Outsourcing and Effective Incident Management in OT
• 00:01:21 - Welcoming Danielle Jablanski from CISA to the Show
• 00:01:47 - CISA’s Expanding Role in Supporting Critical Infrastructure Security
• 00:03:32 - Key Challenges Facing OT Cybersecurity Today
• 00:06:27 - Navigating the Convergence of IT and OT Security
• 00:11:36 - CISA’s Approach to Risk Management and Its Global Impact
• 00:13:40 - Overview of CISA Services and Regional Cybersecurity Initiatives
• 00:16:36 - Enhancing Incident Response Capacity and Cross-Agency Coordination
• 00:17:30 - Fusion Centers: Interagency Collaboration for Better Threat Intelligence
• 00:18:55 - Guiding Organizations in Reporting and Responding to Incidents
• 00:21:03 - Developing Effective Incident Response Playbooks for OT Environments
• 00:22:08 - Opportunities and Risks of AI in OT Cybersecurity
• 00:24:32 - Emerging Threats: Targeted Attacks on Control Systems
• 00:27:00 - Final Thoughts on Workforce Development and Building Cybersecurity Resilience

Links And Resources:

• Danielle Jablanski on LinkedIn
• Dino Busalachi on LinkedIn
• Jim Cook on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Get your FREE 2024 Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=audio&utm_medium=podcast&utm_campaign=podcast

Today on Cyber Work, Jonathan Braley from the Food and Agriculture Information Sharing and Analysis Center (Food and Ag ISAC) delves into the critical security challenges in the food, farming and production sectors. Featuring insights on the evolution of cybersecurity, the role of ISACs, and real-world threats like ransomware and phishing, this episode offers a comprehensive look at how cybersecurity professionals within this industry are working to safeguard vital systems. Braley shares tips on obtaining competitive roles, the convergence of IT and OT security and the importance of continuous learning. Tune in to grasp the latest trends and get invaluable career advice to stay ahead in the ever-evolving field of cybersecurity.

View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast/?utm_source=audio&utm_medium=podcast&utm_campaign=podcast

00:00 - Introduction to cyber work and guest Jonathan Braley
00:53 - The growing cybersecurity job market
02:05 - From biology to cybersecurity
04:48 - Early career and learning at Valley Apps
09:26 - Role and responsibilities at Food and Ag ISAC
17:07 - Understanding cyber threats in food and agriculture
23:23 - The growing connectivity and vulnerabilities in agriculture
23:49 - Cybersecurity challenges for small towns and farms
25:28 - The Reality of cyberattacks on small farms
26:59 - Global implications of cybersecurity in agriculture
28:44 - Insights from a cybersecurity expert in agriculture
33:13 - Career opportunities in food and agriculture cybersecurity
37:37 - Staying informed and prepared in the cybersecurity field
40:04 - Cybersecurity career advice

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Claroty Chief Strategy Officer Grant Geyer joins the Nexus Podcast to discuss the results of a survey of 1,100 cybersecurity leaders and practitioners on the business impact of disruptions from cyberattacks on cyber-physical systems.

The financial losses are steep from these attacks impacting connected systems that are so central to our way of life, as are the recovery costs and operational impacts such as downtime, which is often intolerable in critical industries such as manufacturing and healthcare.

Geyer brings his unique insights to the discussions, including attackers' motivations in targeting CPS, why ransomware continues to impact healthcare delivery organizations, and the risks of unsecured third-party and supply chain connections to the enterprise.  

Get the full survey results here. 

In Episode 29, host Aaron Crow is joined by cybersecurity expert Jori VanAntwerp to delve into Power Grid Security and Redundancy.

This episode explores the segmented design of the US power grid, addressing the challenges and necessary upgrades to mitigate cyber vulnerabilities. Jori highlights security monitoring gaps, the impact of hardware updates, and the cost implications of modernizing infrastructure. The discussion also emphasizes the importance of asset inventory and collaborative efforts between IT and OT professionals.

Real-world incidents, such as unexplained power plant reboots, illustrate the critical role of operator awareness and system maintenance. The potential of AI in cybersecurity, alongside the need for a collaborative, learning-focused approach, is also discussed.

Tune in to gain expert insights on balancing modernization, cost, and operational efficiency to ensure the stability and security of our power infrastructure. Join us for a packed episode to learn how to "Protect It All."

Key Moments: 

05:30 Restoring power grids involves complex, staged processes.

11:01 Centralizing data improves efficiency, introduces vulnerabilities.

17:47 Network segmentation essential for security, mitigates risks.

26:12 Cybersecurity tools revealed crucial system issues.

32:15 Understanding systems fully prevents unintended negative impacts.

36:31 Understand OT environment before implementing IT solutions.

41:24 Equip must survive extreme heat, unlike typical data centers.

54:28 Strict access control in nuclear power plant.

57:48 Assess likely risks for protecting plant operations.

01:00:59 Rushed training weakens foundational cybersecurity skills.

About the guest : 

For nearly two decades, Jori has enabled industrial and IT organizations to be successful in reducing risk, increasing compliance, and their overall security efforts. Jori has the ability to quickly evaluate situations and determine innovative solutions and possible pitfalls due to his diverse background in security, technology, partnering and client-facing experience. Approaching situations with intuitive insight and methodology, leveraging his deep understanding of business and technology, ranging from silicon to the cloud. He had the pleasure of working with such great companies as Gravwell, Dragos, CrowdStrike, FireEye, McAfee, and is now Founder and Chief Executive Officer at EmberOT, a cybersecurity startup focused on making security a reality.

How to connect Jori : 

Website : https://emberot.com/

Linkedin : https://www.linkedin.com/in/jvanantwerp/

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: [email protected] 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at [email protected]

In this week's episode, Dino Busalachi is joined by Gary Kneeland from Claroty. With over nine years of experience at Claroty, Gary discusses the evolution of OT security, the convergence of IT and OT, and the growing importance of cybersecurity in protecting critical infrastructure.

The conversation touches on how regulatory changes, ransomware threats, and AI advancements are shaping the industry.

Whether you’re dealing with outdated systems or navigating complex industrial environments, this episode provides practical insights into the challenges and opportunities ahead.

Chapters:

• 00:00:00 - Pandemic's Impact on Critical Infrastructure
• 00:01:08 - Introduction to Gary Neelan and Claroty
• 00:01:41 - Gary's Role in OT Cybersecurity
• 00:02:49 - Evolution of OT Cybersecurity: From Compliance to Strategy
• 00:05:23 - IT and OT Convergence: Securing Cyber-Physical Systems
• 00:09:46 - Addressing Complex Challenges in OT Cybersecurity
• 00:11:56 - OT Cybersecurity Talent Shortage and Managed Services
• 00:13:01 - Future of OT Cybersecurity: Adapting to New Threats
• 00:14:36 - Modernizing Manufacturing Systems for Enhanced Security
• 00:15:52 - Global Cybersecurity Trends in Critical Infrastructure
• 00:18:01 - Regional OT Cybersecurity Challenges and Responses
• 00:25:01 - The Role of AI in Defending OT Environments
• 00:28:19 - Final Thoughts on OT Cybersecurity's Future

Links And Resources:

• Gary Kneeland on LinkedIn
• Dino Busalachi on LinkedIn
• Jim Cook on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Technological change is inevitable and often one of the aspects that attracts people toward careers in information and operational technology. Although risk management is a part of navigating advancement in any area, the fundamental flaw in any management system is our human tendencies.

This episode explores how organizations can make slow, steady migration from first principles to risky undertakings without noticing. Marco Ayala, an operational technology cybersecurity expert and current Houston InfraGard president, joins this episode to further explore the reasons behind this normalization of deviance, a concept first introduced to OT cyber specialists at S4 in 2024.

Mr. Ayala is also CCE proponent and facilitator leading to a discussion on possible options for course correction back off the normalization path.  Although solutions must always be tailored to work within organizational constraints, the early contributors to catastrophic outcomes associated with the Challenger space shuttle and Boeing 737 Max warrant exploration or we will inevitably repeat. 



 

This episode delves into the world of cybersecurity with the esteemed guest, Ken Foster. With over 30 years of experience and a career that began in the Navy, Ken has comprehensive expertise in managing firewalls and antivirus systems and addressing today’s complex cybersecurity challenges.

This episode, hosted by Aaron Crow, explores the evolving cybersecurity industry, emphasizing the crucial roles of mentorship and networking. Ken and Aaron discuss the strategic importance of aligning security with business goals, the impact of leadership training and honest feedback on developing better leaders, and the necessity of balancing technical skills with effective communication.

Ken shares his insights on the dangers of over-relying on AI, the essential need for disaster preparedness and business continuity, and the importance of continuously evaluating business investments to avoid unnecessary expenses. The episode highlights the value of informal networks and mentorship in overcoming industry challenges and fostering personal growth.

Listeners will gain practical strategies and invaluable lessons to navigate the ever-changing cybersecurity landscape while ensuring their personal and professional development.

Key Moments: 

06:59 Translate tech leadership into business risk communication.

11:51 Integrating expertise, technical skills, and communication effectively.

18:13 No disaster recovery plan; business disrupted by flood.

25:36 Building relationships and listening are crucial successes.

31:39 Simplify explanations for effective cross-team communication.

33:53 Realized technical focus limited career growth.

42:12 Networking is crucial for finding senior roles.

44:06 Produced content led to advisory board roles.

50:06 Who supports post-handover? Security can't do it alone.

57:44 Translate work into clear business value requirements.

01:04:11 Ensure clarity and continuity for cybersecurity's future.

About the guest : 

Ken Foster is a cybersecurity leader with over 25 years of experience in risk management, global team development, and IT infrastructure. As Head of Global Architecture at Adient, Ken oversees global teams to align technical initiatives with business goals, driving innovation while managing risks. His career includes key roles at Fleetcor and Fiserv, where he built large-scale cybersecurity programs and led risk governance and cloud security efforts. With a strong focus on client trust and board-level advisory, Ken brings deep expertise in navigating regulatory landscapes and developing risk-based, business-aligned strategies.

Connect Ken Foster : https://www.linkedin.com/in/kennethfoster/

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: [email protected] 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at [email protected]

In dieser Folge des Rhebo-Podcast „OT Security Made Simple“ sprechen Gastgeber Klaus und der OT-Cybersecurity-Experte Max Weidele von Sichere Industrie über die Notwendigkeit eines organisatorischen Wandels, um OT-Sicherheit zu erreichen. Was mit dem Asset Management als Grundlage beginnt, führt schnell zu der klaren Vision, dass die IT das Herzstück der OT-Sicherheitsorganisation sein wird.

Craig sits down with Jessica Cook, a computer science engineering senior at Mississippi State University, to explore her journey into industrial cybersecurity.

From discovering her passion for tech in high school to gaining hands-on experience in OT cybersecurity, Jessica discusses how internships and real-world exposure have shaped her understanding of the industry.

She talks about the exciting evolution of industrial careers, highlighting how traditional manufacturing roles are becoming more technical and data-driven.

Jessica shares valuable advice on building relationships, leveraging networking opportunities, and overcoming the challenges of being a woman in a traditionally male-dominated field.

As she prepares to graduate, she reflects on her career path and the opportunities ahead in cybersecurity and OT.

Chapters:

• 00:00:00 - Introduction and Jessica’s Background in Cybersecurity
• 00:01:19 - Discovering a Passion for Tech and Breaking Into STEM
• 00:03:11 - Industrial Cybersecurity: Navigating a Changing Landscape
• 00:05:29 - Mississippi State’s Cybersecurity Program and Its Growth
• 00:06:58 - Real-World Experience: Internships and Co-Ops in OT Cybersecurity
• 00:10:06 - Key Courses and Mentors Shaping a Cybersecurity Career
• 00:14:30 - Leadership, Networking, and Extracurriculars in Engineering
• 00:19:06 - Practical Advice for Students and Early-Career Professionals
• 00:21:15 - Looking Ahead: Graduation and Career Prospects in OT Cybersecurity

Links And Resources:

• Velta Technology
• Dino Busalachi on LinkedIn
• Jim Cook on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

In this episode of the Bites and Bytes Podcast, host Kristin Demoranville welcomes Rick Biros, the founder of Food Safety Tech and the Food Safety Consortium. Rick, an industry veteran with decades of experience, shares fascinating insights into the critical role of food safety and its intersection with Cybersecurity. From the early days of food safety regulations sparked by major outbreaks to today’s technological advancements, Rick discusses how the industry has evolved and why Cybersecurity is becoming an integral part of protecting our food supply.

Rick also reflects on his journey from launching Food Quality magazine to creating the Food Safety Consortium, a must-attend event for senior-level food safety professionals. The episode covers how the Consortium fosters a collaborative environment for problem-solving and innovation, bringing together leaders from across the industry.

Listeners will also hear Rick’s thoughts on the latest challenges facing the food industry, including the impact of recent cyber threats and how technology is reshaping food safety protocols. Whether you’re in the food industry, Cybersecurity, or just curious about the future of food protection, this episode offers a wealth of knowledge and practical insights.

🎉🎂 Happy 1st Birthday to the Bites and Bytes Podcast! 🎧🎉Here’s to a year of incredible conversations, industry insights, and amazing listeners like YOU! 🎙️🌟 Thank you for all your support—here’s to many more! 🥳

________________________________________________________________________________________

Rick’s Information

LinkedIn:  https://www.linkedin.com/in/rick-biros-860bb47/

Food Safety Tech Bio:  https://foodsafetytech.com/about-us/

________________________________________________________________________________________

Show Notes:

Brussels memory – La Truffe Noire Restaurant  

https://www.truffenoire.com/en/

What is Candling wine?

https://www.instagram.com/cristienorman_somm/reel/C9A2l-hyOjV/

Jack-in-the-box crisis

https://outbreakdatabase.com/outbreaks/jack-in-the-box-restaurant-chain-ground-beef-hamburgers-1992

Mark Carter – president of IAFP (International Association for Food Protection)

https://www.foodprotection.org/about/news-releases/mark-carter-assumes-presidency-of-the-international-association-for-food-protection/

Food Safety Modernization Act (FSMA)

https://www.fda.gov/food/guidance-regulation-food-and-dietary-supplements/food-safety-modernization-act-fsma

Boars Head Crisis

https://www.fsis.usda.gov/recalls-alerts/boars-head-provisions-co--expands-recall-ready-eat-meat-and-poultry-products-due

https://www.marlerblog.com/case-news/bill-marler-free-advice-for-boars-head-ceo-and-other-after-a-foodborne-illness-outbreak/

Peanut Corp of America Crisis

https://www.npr.org/sections/thesalt/2015/09/21/442335132/peanut-exec-gets-28-years-in-prison-for-deadly-salmonella-outbreak

Bill Marler

https://billmarler.com/

Sabra – Salmonella incident 2021

https://www.fda.gov/inspections-compliance-enforcement-and-criminal-investigations/warning-letters/sabra-dipping-company-llc-615938-12012021

Rob Mommsen

https://www.linkedin.com/in/rob-mommsen-b6848211/

Frank Yiannas

https://foodsafetytech.com/news_article/boars-head-appoints-frank-yiannas-as-chief-food-safety-advisor-and-finalizes-food-safety-advisory-council/#:~:text=Boar's%20Head%20Brand%20announced%20on,and%20quality%20across%20the%20organization.

https://www.smarterfysolutions.com/

David Theo – Jack-in-Box

https://www.latimes.com/local/obituaries/la-me-david-theno-20170710-story.html

________________________________________________________________________________________

Food Safety Tech

https://foodsafetytech.com/

➡️ Subscription to the free newsletter:

https://innovativepublishing2.actonsoftware.com/acton/media/3357/food-safety-tech-newsletter-opt-in-page

________________________________________________________________________________________

Innovative Publishing Company

https://www.linkedin.com/company/innovative-publishing-company-llc/

http://innovativepublishing.net/

________________________________________________________________________________________

Food Safety Consortium Conference

https://foodsafetyconsortium.org/

➡️ Register here: 

https://www.eventleaf.com/Attendee/Attendee/EventPage?eId=RCMrOPTC6EZVv99yKxyQJw%3D%3D

💰⭐ Discount code for $200.00:  RickyB

________________________________________________________________________________________

Kristin Demoranville Speaking at:

Food Safety Consortium Conference, Arlington, VA

https://foodsafetyconsortium.org/

BREAKOUT 3: Food Defense in the Digital Era

2:15 PM - 3:00 PM EST on Monday, October 21st

ICS Cyber Security Conference, Atlanta, GA

https://www.icscybersecurityconference.com/

Agriculture at Risk: Recognizing and Securing Our Forgotten Critical Infrastructure

11 AM EST on Thursday, October 24th

InCyber Forum Canada, Montreal, QC

https://northamerica.forum-incyber.com/en/home-en/

Guardians of the food supply chain: cybersecurity resilience in agriculture and food safety

1:55 PM to 2:40 PM EST on Tuesday, October 29th

💰⭐  50% discount code:  ININ59XU2CF3
➡️ Registration link: https://2024.northamerica.forum-incyber.com/en/pe1/pe1-home.htm

________________________________________________________________________________________

Bites and Bytes Podcast Info:

TikTok

Website:  Explore all our episodes, articles, and more on our official website.  Visit Now

Merch Shop:  Show your support with some awesome Bites and Bytes gear! 🧢👕 Shop Now

Blog:  Stay updated with the latest insights and stories from the world of cybersecurity in the food industry.  Read Our Blog

Audience Survey:  We value your feedback!  Help us make the podcast even better.  Take the Survey

Schedule a Call with Kristin:  Want to share your thoughts? Schedule a meeting with Kristin!  Schedule Now

Joe Slowik, ATT&CK CTI Lead at MITRE, joins the latest episode of the mnemonic security podcast to share his insights on the complexities of securing critical infrastructure. With a background in cyber threat intelligence, incident response, and detection engineering, Joe discusses with Robby the challenge of defining and prioritising what's truly "critical" in a landscape where every sector claims importance.

They explore the difficulty in distributing security investments across industries and the growing need for organisations of all sizes to adopt a mindset of self-defence. Joe also addresses the potential consequences of large-scale cyberattacks, such as those by Volt Typhoon, emphasising the need for coordinated incident response and leadership during crisis scenarios. He concludes with a strong call for resilience and highlights the vital role CEOs play in ensuring organisational preparedness.

AI and generative AI are transforming the energy industry but also bringing new cybersecurity challenges. In the newest EPRI Current podcast episode, experts from EPRI and NVIDIA discuss AI's benefits and ways to combat potential cybersecurity threats to critical energy infrastructure.

Guests: Jason Hollern, EPRI cybersecurity technical executive, and Marc Spieler, Senior Managing Director for Energy with NVIDIA.

Links and Resources:

• Artificial Intelligence and Generative AI in the Energy Sector: Cyber Security Use-Cases, Considerations, and Implications https://www.epri.com/research/products/000000003002029821 

If you enjoy this podcast, please subscribe and share! And please consider leaving a review and rating on Apple Podcasts/iTunes. 

Follow EPRI:

LinkedIn https://www.linkedin.com/company/epri/ 

Twitter https://twitter.com/EPRINews 

EPRI Current examines key issues and new R&D impacting the energy transition. Each episode features insights from EPRI, the world's preeminent independent, non-profit energy research and development organization, and from other energy industry leaders. We also discuss how innovative technologies are shaping the global energy future. Learn more at www.epri.com 

In this rewind episode, we explore the critical role CISOs play in bridging the gap between operational technology (OT) and enterprise cybersecurity.

With manufacturing and critical infrastructure facing increasing cyber threats, CISOs must navigate both the boardroom and the plant floor to secure complex environments without disrupting production.

This discussion focuses on the importance of risk assessment, real-time monitoring, and the adoption of specialized cybersecurity tools.

The episode highlights the need for cross-functional collaboration, leveraging external expertise, and shifting toward proactive, secure-by-design approaches.

It also addresses the vulnerabilities in supply chains, the limitations of relying on cybersecurity insurance, and the necessity of actionable, strategic measures to protect industrial environments.

Chapters:

• 00:00:00 - Kicking Off: How CISOs Are Redefining Industrial Cybersecurity from the Ground Up
• 00:00:54 - Cybersecurity Missteps Putting the C-Suite at Risk
• 00:12:31 - CISO Resignations: Is the Industrial Sector Prepared for the Fallout?
• 00:23:43 - Securing Critical Assets: What Every CISO Should Know

Links And Resources:

• Velta Technology
• Dino Busalachi on LinkedIn
• Jim Cook on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

In this special episode, David and Shlomi, hosts of the Left to Our Own Devices podcast, sit down with Aaron C. Crow, a seasoned Cyber and Strategic Risk leader with 25 years of experience. Together, they share valuable insights on OT and product security, while also exploring the future direction of the industry.

This episode is a republish from Aaron’s own PrOTect It All podcast, where it was originally released.

If you are in IT, you are probably not thinking about the risks associated with the Otis Elevator or the Coke machine. Maybe you should. Chester Wisnieski, the director and global field CTO at Sophos, points out that IoT devices, big and small, create an outsized threat to any organization. And that’s why IoT vendors need to secure these devices, even if they only “phone home” for more Coke. If they’re on your network, they need to be secured.

In this episode, Aaron Crow engages in an insightful conversation with Dennis Maldonado, Director of Technology for Harris, Fort Bend ESD 100. The discussion emphasizes the importance of resiliency in technology environments and how strategic planning can safeguard against unforeseen disasters without necessitating a complete technological overhaul.

From his extensive experience, Dennis shares how effective communication and collaboration were critical during events like Hurricane Harvey. He also provides his perspective on future trends and concerns in cybersecurity, including the rise of ransomware and nation-state attacks targeting critical infrastructure.

The episode illuminates the significance of networking, with Aaron and Dennis underscoring its value in career advancement and sharing personal stories to illustrate how being well-known and trusted can open doors to unexpected opportunities. 

Additionally, Dennis discusses the zero trust model and the intricate balance between maintaining cybersecurity and ensuring system availability in critical infrastructure.Listeners will gain practical insights into building resilient tech environments through real-world examples and expert advice. 

The episode is a treasure trove of learnings on keeping organizations secure, responsive, and prepared for any eventuality. Join as "Protect It All" dives deep into building resilient tech environments with Dennis Maldonado's invaluable lessons.

Key Moments: 

09:15 Networking is crucial for success in cybersecurity.

13:46 Volunteer firefighter boosted dispatch center through IT.

18:52 Transfers emergency calls to fire and EMS.

22:06 Quick response with information saves lives effectively.

26:22 Implemented lessons for resilient project development.

42:14 Sharing lessons learned from threat modeling experiences.

48:04 Zero trust model effectively mitigates cybersecurity incidents.

57:32 Public safety adapts by reverting to manual methods.

01:02:51 Cybersecurity's mainstream rise sparks widespread interest.

About the guest : 

Dennis serves as Director of Technology for Harris Fort Bend ESD 100 (WESTCOM) managing and maintaining the technology needs of 911 call taking and emergency dispatch services for multiple public safety agencies.

With over 15 years of experience in information technology and over 12 years in cybersecurity enterprise environments and consulting, Dennis’s experience includes cyber resilience, network penetration testing, full-scope red team engagements, adversarial simulation, and physical security assessments.

Dennis presented at multiple security industry conferences including DEF CON, InfoSec SouthWest, BSides conferences, Houston Security Conference, Houston OWASP, SANS HackFest, and several local meetups and organizations around the United States.

As an active leader in the Houston cyber security community, Dennis is responsible for founding two cyber security meetups in the Houston area: Houston Locksport, founded in 2014 and Houston Area Hackers Anonymous (HAHA), founded in 2016.

How to connect Dennis: 

LinkedIn: https://www.linkedin.com/in/dennismald/

Twitter/X: https://twitter.com/dennismald

Houston Area Hackers Anonymous (HAHA): https://www.meetup.com/houston-area-hackers-association/=

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: [email protected] 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at [email protected]

In dieser Folge von OT Security Made Simple erläutert unser Gast Moritz Flüchter von der Universität Tübingen, wie ein OT-Monitoring auch dafür genutzt werden kann, um Time Sensitive Networking (TSN) in Netzwerken zu ermöglichen, in denen ein Teil der Systeme und Endgeräte nicht TSN-fähig sind. Nicht zuletzt zeigt er auf, wie eine integrierte Anomalieerkennung die bestehenden Unsicherheiten von TSN überwacht und Denial-of-Service-Attacken erkennt.

In this reflective episode, we revisit the real-world challenges of securing industrial environments, where the intersection of IT and OT often creates unforeseen cybersecurity vulnerabilities.

From mismanaged remote access to the critical need for continuous asset monitoring, our experts dive deep into the lessons learned from boots on the ground work in the field.

They share insights on managing OT cybersecurity risks while maintaining production uptime and operational integrity.

This episode provides invaluable takeaways for those navigating the complexities of protecting industrial networks, offering practical solutions for balancing security with operational demands.

Chapters:

• 00:00:00 - A rewind to the biggest OT cybersecurity lessons and surprising moments!
• 00:01:05 - Missteps and Common Blunders with Manufacturing, ICS and Cybersecurity
• 00:10:26 - Industrial Cybersecurity Lessons From the Field
• 00:20:19 - The State of OT Cybersecurity From the Field

Links And Resources:

• Velta Technology
• Dino Busalachi on LinkedIn
• Jim Cook on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube Podcasts to leave us a review!

Most cybersecurity threats begin in IT systems. But as the lines between IT and OT continue to blur, these same threats have more and more opportunities to move closer to critical control systems. Having both visibility and context into what assets are most at risk across your operational environments is crucial for maintaining the safety and availability of these systems.

In this episode of the Security Sandbox, we'll cover the strategic use of cyber threat intelligence (CTI) to safeguard critical infrastructure and industrial environments.

You'll learn about:

• Integrating OT/IoT threat intelligence with traditional IT threat intelligence for a complete picture of the attack surface
• Using asset context when acting on threat intelligence in OT systems
• Real-world examples of successful proactive threat response

Visit Our Website

Follow Us on LinkedIn

KraftCERT trusselvurdering 2024 | In Norwegian only

In this episode, Robby is joined by Espen Endal and Bjørn Tore Hellesøy from KraftCERT/InfraCERT - the Norwegian CERT for the energy and petroleum sectors. 

The trio discuss the Threat Assessment report recently published by KraftCERT/InfraCERT, and the unique challenges the Norwegian energy sectors are facing. They touch into topics such as threat evaluation, insider threats, countermeasures, and the importance of maintaining robust security practices despite evolving digital landscapes. 

The conversation emphasises the contextualization of national threat assessments to be practical for energy production companies, stressing the balance between emerging technologies like AI and Digital Twins and their associated risks.

The Threat Assessment 2024 report is available at: https://www.kraftcert.no/filer/KraftCERT-ThreatAssessment2024.pdf

השימוש בספריות קוד פתוח הפך לפרקטיקה מקובלת בכול פיתוח תוכנה, קיצור משך הפיתוח הוא משמעותי אבל טומן בחובו סיכונים עיסקיים וסיכוני סייבר משמעותים ללקוחות.

המעבר של העולם התפעולי לבקרים מבוססי מערכת הפעלה סטנדרטית ותאומים דיגיטלים מוזיל עלויות ובאותה נשימה חושף את הסביבה התפעולית לסיכוני סייבר מוכרים מסביבות המחשוב הסטנדרטיות.

נחשון פינקו מארח את צביקה רונן מייסד שותף והמנהל הטכנולוגי בחברת פוסאוור, מומחה בתחום ניהול סיכונים בקוד פתוח בשיחה על השימוש בקוד פתוח ע"י חברות תוכנה.

מה המשמעות של הרישוי השונה בקוד פתוח

איך מוודאים שהקוד הפתוח שהוכנס ע"י המפתחים "נקי" ולא מסתיר נוזקות שיפתחו באתר הלקוח

איפה פוגש הקוד הפתוח את העולם התפעולי ועוד

Open-source libraries have become an accepted practice in all software development. Shortening the duration of development is significant but carries significant business and cyber risks for customers.

The transition of the operational world to controllers based on a standard operating system and digital twins lowers costs. Still, it exposes the operational environment to known cyber risks from standard computing environments.

Nachshon Pincu hosts Zvika Ronan, Co-founder and chief technology officer at FOSSAware and an expert in open-source risk management, in a conversation about software companies' use of open source.

What does the different open-source licensing mean?

How do you ensure that the open code entered by the developers is "clean" and does not hide vulnerabilities that will be opened on the client's site?

Where does the open source meet the operational world?

and more

In this episode, Bryson sits down with MITRE EMB3D co-founder Niyo Little Thunder Pearson. For nearly 20 years, Niyo has been at the forefront of protecting critical infrastructure systems. He previously led incident response for American Express, directing the company’s Security Operations Center during the LulzSec and Anonymous attacks, and worked to develop an adversarial cyber defense program for the nation’s third largest gas utility at ONE Gas Oklahoma. Now, Niyo has co-founded MITRE EMB3D, a groundbreaking global threat network aimed at enhancing the security of embedded devices. 

What is MITRE EMB3D? Who is the intended audience? What problems is it trying to solve? 

“There is such a gap that exists today on what we understand and how risk averse these [embedded] devices are. They do well and they operate well. They're built for what they're doing in a safety context, but the security was never brought forward with it,” Niyo said. 

Join us for this and more on this episode of Hack the Plan[e]t. 

Hack the Plant is brought to you by ICS Village and the Institute for Security and Technology. 

Political hacktivism once mainly focused on website defacement. Now it has shifted to targeting physical devices, affecting critical infrastructure such as water treatment plants. At Black Hat USA 2024, Noam Moshe from Claroty highlighted how the HMIs in PLC devices from Israeli manufacturers may be susceptible to political attacks by nation-state actors using unknown vulnerabilities in the PComm protocol.

In this episode, Craig and Dino explore the evolving responsibilities of the CISO in managing cybersecurity within operational technology (OT) environments.

They address the persistent disconnect between IT and OT teams and the unique challenges CISOs face in bridging this gap.

With a focus on collaboration, they discuss the critical role of external partnerships and the importance of understanding the industrial landscape to implement effective security measures.

The conversation highlights how CISOs can balance rigorous cybersecurity protocols with operational demands, ensuring both safety and continuous uptime in complex industrial systems.

Chapters:

• 00:00:00 - Prioritizing Safety and Minimizing Downtime
• 00:00:48 - The Evolving Role of CISOs in Operational Technology (OT)
• 00:02:11 - Overcoming IT and OT Collaboration Challenges
• 00:03:09 - The Persistent Disconnect Between IT and OT
• 00:04:06 - CISOs' Responsibility for OT Security
• 00:05:08 - Balancing Security and Operational Uptime
• 00:06:57 - The Role of External Resources in Cybersecurity
• 00:11:38 - Limited CISO Interaction with the Board
• 00:20:38 - The Realities of Relying on Cybersecurity Insurance
• 00:24:18 - Conclusion: Moving Forward with IT-OT Collaboration

Links And Resources:

• Velta Technology
• Dino Busalachi on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube, to leave us a review!

We sat down with Tim Conway and Robert Lee, two leading cybersecurity experts, to discuss pressing issues in OT cybersecurity.

CrowdStrike Lessons Learned

Tim and Robert began by examining the CrowdStrike incident from July 2024. They highlighted the dangers of over-relying on trusted technology without sufficient testing and verification, and the importance of integrating resilience into systems and avoiding a one-size-fits-all security approach.

Cyber Threat Landscape

Robert discussed the rise of sophisticated malware like Fuxnet, Frostygoop and Pipe Dream, designed to target OT systems. Fuxnet was a highly targeted attack aimed at disrupting critical infrastructure in Russia, while Frostygop used similar techniques against Ukraine. In contrast, Pipe Dream serves as a more versatile attack framework applicable to various OT systems.

He underscored an important lesson: even if specific malware isn't reused, studying its tactics can improve our prevention, detection, and response strategies. The key takeaway: threats to OT environments are growing, with increasingly targeted efforts from a range of actors.

Critical Control – ICS Network Visibility

Tim and Robert addressed the challenges of gaining visibility into OT devices. Tim noted that OT environments are diverse and require more than a one-size-fits-all approach. Each environment has unique characteristics that must be considered. While attackers exploit both commonalities and specific features, defenders must balance the need for visibility with the risk of disrupting operations. Legacy systems without modern security features further complicate these efforts. Despite historical challenges in visibility due to limited capabilities and resistance to change, recent technological advances have improved the situation. However, new technologies, such as encryption, introduce additional complexities. A balanced approach, using critical controls as a framework, is essential for prioritizing security efforts and adapting to evolving needs.

Critical Control – Incident Response Plan

Tim and Robert highlighted that many organizations lack specific incident response plans for OT, relying instead on general IT plans. Backup plans for power outages often do not address cyber attack scenarios. Effective OT incident response requires a tailored plan that includes data collection, safety procedures, and appropriate tools. In addition, maturity in incident response involves having a detailed, operationally integrated plan that addresses various scenarios, including handling outages and restoring systems without SCADA support.

OT and IT Convergence

Tim and Robert discussed several crucial aspects of OT security. They noted that the increasing interconnection between IT and OT systems has elevated the risk of attacks transitioning from IT to OT environments. Additionally, remote access, often used for vendor support, presents a significant security threat.

They emphasized the distinct characteristics of OT systems, which necessitate specialized security approaches. Treating OT and IT as identical can lead to dangerous oversimplifications and vulnerabilities. Therefore, security measures must be tailored to the specific needs of OT environments, considering their safety, physical constraints, and unique risks.

Tim and Robert also touched on cyber-informed engineering. Key takeaways include recognizing common attack vectors from IT systems, implementing distinct security strategies for OT, and avoiding the assumption that OT and IT are the same. Tailoring security measures to the specific needs and constraints of OT environments is essential for effective protection.

Celebrating Wins

Finally, Tim and Robert highlighted the importance of celebrating cybersecurity successes, such as defending against VOLTZITE. Recognizing and celebrating these victories can boost morale and encourage teams to continue their efforts.

Tim Conway, Senior Instructor, https://www.sans.org/profiles/tim-conway/

Tim serves as the Technical Director of ICS and SCADA programs at SANS, and he is responsible for developing, reviewing, and implementing technical components of the SANS ICS and SCADA product offerings. A recognized leader in CIP operations, he formerly served as the Director of CIP Compliance and Operations Technology at Northern Indiana Public Service Company (NIPSCO), where he was responsible for Operations Technology, NERC CIP Compliance, and the NERC training environments for the operations departments within NIPSCO Electric.

Robert M. Lee, Fellow, https://www.sans.org/profiles/robert-m-lee/

SANS fellow Robert M. Lee brings to the classroom one of the most valuable and respected of credentials: real-world experience. Robert is the CEO and founder of his own company, Dragos, Inc., that provides cyber security solutions for industrial control system networks.

Further viewing; https://youtu.be/BiUpuRk6pvA?si=xQcx9oiJOxQu0n7H

#mysecuritytv #otcybersecurity

Is your shop floor as secure as you think it is? Innovation in the manufacturing world has made IT-OT convergence much more commonplace today, but is the industry taking the potential risks seriously enough?

In this episode, we hear from Fortinet’s Director of Marketing for OT Solutions, Rich Springer, about the real threats facing manufacturers within OT networks, and why effective OT security is a non-negotiable today...

Rich brings bags of experience to the table, from his early days in furniture and glass factories to his time as a Navy submarine officer and later as the global head of SCADA operations for a major wind turbine company. He shares how these experiences shaped his understanding of the unique cybersecurity challenges facing the manufacturing sector.

Painting a picture of how an OT threat can bring production to a standstill, Rich recommends that manufacturers use tabletop exercises to assess risk points and their impact on the whole production line. Rich also explains that part of protecting your OT network is about getting IT and OT teams to work together, and he gives practical advice on how to bridge the gap.

In this episode, find out:

• Rich explains Fortinet’s position on OT network security
• We hear about Rich’s diverse career background and how his previous roles prepared him for his role at Fortinet
• The current state of OT convergence and why companies are yet to take action
• Rich breaks the misconception that air gaps will protect manufacturers from digital threats
• Advice for better collaboration between IT and OT teams
• Rich explains why he’s optimistic that manufacturers are paying attention to the right things in security
• What the report says about manufacturers and their approach to OT systems today
• What it takes for cybersecurity experts to get executives to pay attention to the threats facing OT
• How to run a tabletop exercise to assess threat and impact on production
• What surprises Rich most about cybersecurity in manufacturing today

Enjoying the show? Please leave us a review here. Even one sentence helps. It’s feedback from Manufacturing All-Stars like you that keeps us going!

Tweetable Quotes:

• “The separation of duties should be decided on the tabletop exercise, not when the fire is burning.”
• “The technology has evolved. So therefore, it has made this air gap strategy a little less realistic over the years. And this is a common challenge.”
• “When the systems go down, they go to paper. So if the line hasn't stopped, what happens with our suppliers if we have to go paper? Take your tabletop exercise to that level.”

Links & mentions:

• Advancing Digital Transformation in a Time of Unprecedented Cybersecurity Risk, a report on how digital transformation in manufacturing has driven a widespread need for cybersecurity awareness
• 2024 State of Operational Technology and Cybersecurity Report, Fortinet’s report on OT cybersecurity

Make sure to visit http://manufacturinghappyhour.com for detailed show notes and a full list of resources mentioned in this episode. Stay Innovative, Stay Thirsty.

Welcome to Episode 25 of the Protect It All podcast, titled "Funding OT Cybersecurity: Priority Setting and Practical Approaches." In this episode, host Aaron Crow tackles the pressing issue of securing Operational Technology (OT) systems in critical sectors like energy, manufacturing, and transportation. Although often overshadowed by IT security, the increasing number of OT system attacks makes it clear that underfunding is no longer an option.

Aaron explores the unique challenges of OT cybersecurity, such as legacy thinking and budget constraints. He offers strategies to align cybersecurity with business goals, prioritize investments effectively, and implement risk-based funding approaches. The episode emphasizes the importance of understanding asset inventories and making incremental improvements to strengthen security.

Listeners will also learn how to bridge the communication gap between OT teams and business executives and translate technical risks into business impacts. With real-world examples and actionable insights, this episode is essential for anyone tasked with protecting OT environments.

Tune in to gain valuable knowledge and start effectively prioritizing and funding your OT cybersecurity initiatives.

Key Moments : 

00:10 Cybersecurity requires comprehensive, risk-aware approach beyond basic safety.

05:18 Understanding OT risks is crucial for prioritization.

09:11 We do business at the speed of trust.

12:13 Communicate cybersecurity's financial impact to business leaders.

13:58 Cost-benefit analysis of asset inventory in OT.

18:15 Establish security basics before advanced AI implementation.

23:21 Easier board conversations amid constant news events.

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: [email protected] 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at [email protected]

This episode dives into OT Cybersecurity and discusses:

SCADA, ICS & IIoT Cybersecurity

How do we define an OT-related cyber incident?

What are the leading standards and guidelines for managing OT Cybersecurity and resilience?

Threat intelligence and suitable ISAC models

Vendor platform insights and cyber maturity landscape

Speakers include:

Daniel Ehrenreich, Secure Communications and Control Experts

Lesley Carhart, Director of Incident Response - Dragos

Ilan Barda, Founder - Radiflow

Rahul Thakkar, Team Lead, System Engineering, ANZ, Forescout

Dean Frye, Solutions Architect ANZ, Nozomi Networks

To visit and subscribe to the full series visit https://mysecuritymarketplace.com/security-risk-professional-insight-series/

#mysecuritytv #otcybersecurity

Further reading:

https://mysecuritymarketplace.com/reports/your-guide-to-nis2-compliance/

https://www.forescout.com/research-labs/ot-iot-routers-in-the-software-supply-chain/

https://cyberriskleaders.com/critical-infrastructure-organisations-remain-poorly-prepared-against-cyber-attacks/

חזרת ממילואים ומצאת את עצמך בלי עבודה ופרנסה קבועה רוצה להיכנס להייטק או כול תחום אחר כג'וניור רוצה להחליף מקום עבודה כסיניור רוצה לעשות שינוי כיוון בקריירה שלך סדרת הפודקאסטים הזו נועדה עבורך

נחשון פינקו מארח את דפנה הר-לבן מנהלת קשרי הייטק בקריה האקדמית אונו ומנהלת מחלקת גיוסים בעברה. בתפקידה הנוכחי דפנה מסייעת לסטודנטים במכללה במציאת עבודה.

הפודאסט כולו סביב מציאת עבודה, איך מחפשים עבודה בצורה אקטיבית ואיך עוברים את המשוכה המשמעותית הראשונה, השיחה (ראיון) עם המגייס/ת.

מודיעין איומי סייבר הוא משכבות הקריטיות בהגנת סייבר. הכרת האויב שלך, הבנת מטרותיו וביצוע מראש של מהלכים מתאימים ימנעו מתקפה משמעותית ונזק משמעותי לארגון. התוקף תמיד יחפש פריצה פשוטה במקום לבזבז זמן על התקפות ארוכות עם פוטנציאל גילוי גבוה.

נחשון פינקו מארח את אסף חזן, סמנכ"ל טכנולוגיות של קספרסקי ישראל וצייד איומי סייבר ידוע, בשיחה על חשיבות מודיעין איומי סייבר, המידע שהוא מספק לחברות מדי יום והרשת העצומה שקספרסקי בנתה ברשת האפלה במשך שנים עם מספר עצום של חיישנים

.Cyber threat intelligence is one of the most critical layers in cyber defense. Knowing your enemy, understanding his targets, and making the appropriate next moves will prevent disaster. The attacker will always look for a straightforward breach rather than wasting time on long attacks with a high potential for discovery.

Nachshon Pincu hosts Assaf Hazan, the CTO of Kaspersky Israel and a renowned Cyber Threat Hunter, in a conversation on the importance of Cyber Threat Intelligence. Assaf shares the information he provides to companies daily, and the extensive network Kaspersky has built in the dark net over the years, boasting a significant number of sensors.

En este episodio de Secure Tracks, el presentador Omar Benjumea conversa con Isabel Pardo de Vera, exsecretaria de Estado de Transportes, Movilidad y Agenda Urbana de España y expresidenta de Adif. Isabel comparte sus experiencias en el ámbito de la ingeniería civil y el sector ferroviario, abordando la creciente importancia de la ciberseguridad en las operaciones ferroviarias, los desafíos para proteger infraestructuras críticas y la transformación cultural necesaria para mejorar la conciencia sobre seguridad. También destaca el valor de la diversidad en el liderazgo y la necesidad de colaboración entre los sectores público y privado para mejorar la resiliencia cibernética en el sector del transporte.English description: Engineering the Future of Railway Cybersecurity | Isabel Pardo de Vera PosadaIn this episode of Secure Tracks, host Omar Benjumea speaks with Isabel Pardo de Vera, former Secretary of State for Transport, Mobility, and Urban Agenda of Spain and former President of Adif. Isabel shares insights from her extensive experience in civil engineering and the rail sector, discussing the increasing importance of cybersecurity in railway operations, the challenges of securing critical infrastructure, and the cultural transformation needed to enhance security awareness. She also highlights the value of diversity in leadership and the need for collaboration between public and private sectors to improve cybersecurity resilience across the transport industry.

We revisit key insights from past conversations with Dave Purdy and Debbie Lay of TXOne Networks, who shared their expertise on the critical cybersecurity challenges facing industrial environments.

The episode delves into innovative solutions such as virtual patching and deep packet inspection, which are vital for securing legacy systems without causing operational disruption.

With a focus on mitigating zero-day vulnerabilities and ransomware threats, the discussions also emphasize the importance of bridging the IT/OT divide to create cohesive, secure environments.

This episode provides actionable strategies for professionals responsible for managing the cybersecurity of critical infrastructure in sectors like energy, manufacturing, and utilities.

Chapters

• 00:00:00 – Introduction to Key Cybersecurity Challenges in Industrial Environments
• 00:01:19 – Why Visibility is Critical for Securing Industrial Operations
• 00:01:36 – TXOne Networks' Native Protocols and the Power of Deep Packet Inspection
• 00:02:53 – Addressing Zero-Day Vulnerabilities through the Zero Day Initiative
• 00:04:26 – Personal Insights and Fun Facts from Industry Experts
• 00:05:23 – Overcoming Barriers to Industrial Cybersecurity Adoption
• 00:06:35 – IT-OT Collaboration: A Must for Comprehensive Cybersecurity
• 00:09:22 – Global Cybersecurity Trends and Adoption in Industrial Sectors
• 00:10:54 – Virtual Patching: A Game-Changer for Securing OT Systems
• 00:13:50 – Navigating IT-OT Convergence for Improved Security Outcomes
• 00:19:30 – TXOne's Innovative Security Solutions for Industrial Environments

Links And Resources:

• Crowdstrike, Virtual Patching, and Industrial OT Environments with Debbie Lay
• Unmasking Industrial Cybersecurity Threats and Solutions with Dave Purdy
• Velta Technology
• Dino Busalachi on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, YouTube, and Google Podcasts to leave us a review!

In this episode of Protect It All, host Aaron Crow is joined by Christopher Stein from Royal Caribbean Group to delve into the fascinating evolution of maritime technology. This discussion explores the dramatic journey ships have taken from their analog origins to becoming digitally advanced behemoths of the seas, emphasizing the critical importance of safety and redundancy.

Listeners will understand how automation has revolutionized ship operations, allowing for reduced crew workload and increased efficiency. The episode also highlights the intricate management behind running a fleet of 68 ships, each functioning as an autonomous mobile city with numerous interconnected systems.

Christopher Stein provides an insider’s perspective on the maritime industry's latest cybersecurity challenges and compliance requirements. He discusses the careful processes of ensuring all onboard systems run smoothly and safely, from cybersecurity assessments to integrating digital sensors and control mechanisms.

This episode offers a deep dive into the complexities of maritime operations, emphasizing the behind-the-scenes efforts that keep voyages safe and efficient. 

Through engaging storytelling and expert insights, Protect It All takes listeners on a journey through the melding of technology and tradition in the maritime world. Tune in to discover how these advancements are shaping the future of safe sea travel!

Key Moments: 

00:10 OT systems require constant uptime; no outage windows.

05:06 OT and IT convergence misunderstood; safety risk emphasized.

08:18 Testing must ensure safety, operational integrity, and collaboration.

10:25 Cybersecurity must integrate with overall system design.

14:21 No pool, casino, water slides, roller coasters.

17:29 Systems affect availability, reliability, safety, and billing.

21:24 Managing vast logistics for seamless vacation experiences.

25:14 Royal Caribbean's efficient logistics and management impress.

27:28 Family surprised internet works during power outage.

33:26 Apollo 13 movie: interconnected digital procedures, limited power.

36:20 All systems have manual control for safety.

37:55 Operator rounds involved manual inspection of equipment.

41:27 Early immigrants faced harsh, uncertain voyages to America.

45:32 Technology makes formerly unattainable achievements accessible today.

49:08 Internet outage impacts due to maritime dependency.

About the guest : 

Christopher Stein is a proficient maritime systems specialist who ensures the operational safety of onboard systems. Recognizing the potential dangers of propulsion loss, Christopher meticulously coordinates maintenance tasks while vessels are docked. He emphasizes precise timing and a clear understanding of assessment objectives to execute system tests and shutdowns safely. His expertise ensures voyages proceed without incidents, reflecting his commitment to maritime safety and system reliability.

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: [email protected] 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at [email protected]

In this episode, Robby speaks with Jens Christian Vedersø, Head of Cyber Risk Management at Vestas, one of the world’s largest wind turbine manufacturers.

Jens is a former Navy and intelligence officer and recovering regulator. Before managing cyber risk in the renewable energy sector, Jens helped develop energy sector legislation and cyber preparedness at the Danish Energy Agency, and served as a subject matter expert for SCADA, OT, ICS and IoT at the Danish Center for Cyber Security.

In the discussion Jens shares his unique perspective on how security acts as both an enabler and a potential barrier in the transition towards renewable energy transition, and how the industry needs to move from a reactive, compliance-driven approach towards a more proactive, risk-based model. Jens also shares insights into the threat landscape, potential motivations of state actors, and how Vestas is working to quantify cyber risk and empower customers to better understand and control their own cyber risks.

In this episode of the Bites and Bytes Podcast, host Kristin Demoranville welcomes George Kamide, co-host of the Bare Knuckles & Brass Tacks podcast, Head of Community at The CISO Society, and Co-Founder of Mind Over Cyber.  George brings his expertise in both cybersecurity and anthropology to the conversation, discussing the cultural, human, and technological factors shaping the global food supply chain.  Together, they examine how cybersecurity intersects with agriculture, the vulnerabilities within our food systems, and the importance of protecting this critical infrastructure.

If you're interested in the connections between cybersecurity, food security, and technology, this episode is packed with valuable insights into securing the systems that sustain us.

_______________________________________________

🏆 Vote for Bites and Bytes Podcast for Women in Podcasting Award
🏆 Voting deadline: October 1, 2024

https://womeninpodcasting.net/bites-and-bytes-podcast/

THANK YOU!  🤩 🎉

_______________________________________________

George’s Information:

LinkedIn:  https://www.linkedin.com/in/george-kamide/

The CISO Society:  https://www.linkedin.com/company/the-ciso-society/posts/?feedView=all

Mind Over Cyber:  https://www.linkedin.com/company/mind-over-cyber/posts/?feedView=all

_______________________________________________

Bare Knuckles and Brass Tacks Podcast Information:

LinkedIn:  https://www.linkedin.com/company/bare-knuckles-brass-tacks/posts/?feedView=all

Listen here: https://open.spotify.com/show/1be0fUg0zTS6nfdUFlNDOt?si=97ff77d647294ff8
Merch Shop: https://bkbtpodcast.shop/

Secure World Denver October 10, 2024

[Closing Keynote] Radical Transparency Needed to Build Trust

https://events.secureworld.io/agenda/denver-co-2024/

_______________________________________________

Show Notes:

Brazil's innovation and technology in ag-tech:

https://www.spglobal.com/commodityinsights/en/ci/research-analysis/innovation-technology-brazil-emerges-dominant-agribusiness.html

Development of Brazilian Agriculture:

https://agricultureandfoodsecurity.biomedcentral.com/articles/10.1186/2048-7010-1-4

SMART FARMING IN BRAZIL: AN OVERVIEW OF TECHNOLOGY,

ADOPTION AND FARMER PERCEPTION:

https://www.rbgdr.net/revista/index.php/rbgdr/article/download/6040/1250/15857

"50% of croplands are used for human food; 38% is for livestock feed; and 12% is for non-food uses."

https://ourworldindata.org/global-land-for-agriculture#:~:text=Poore%20and%20Nemecek%20estimate%20that,of%20the%20paper's%20Supplementary%20Information.

Food Insecurity in Ukraine:

https://www.wfp.org/stories/war-ukraine-how-humanitarian-tragedy-fed-global-hunger-crisis

Global Starvation because of Russia's War on Ukraine:

https://www.nytimes.com/2023/01/02/us/politics/russia-ukraine-food-crisis.html

Ukraine's war damage to agriculture:

https://resoilfoundation.org/en/agricultural-industry/ukraine-war-pollution-soil/

Ukraine's state of soil as impacted by war:

https://www.agroberichtenbuitenland.nl/documenten/publicaties/2024/03/28/ukrainian-soil

H5 Avian Flu in cows:

https://www.aphis.usda.gov/livestock-poultry-disease/avian/avian-influenza/hpai-detections

https://www.cidrap.umn.edu/avian-influenza-bird-flu/officials-await-testing-clues-missouri-h5-avian-flu-case-michigan-reports

H5N1 Bird Flue Reponse CDC:

https://www.cdc.gov/bird-flu/spotlights/h5n1-response-09132024.html#:~:text=Since%20April%202024%2C%2014%20human,H5N1)%20virus%2Dinfected%20poultry

How Food Gets Contaminated:  The Food Production Chain:

https://www.cdc.gov/foodborne-outbreaks/foodproductionchain/index.html

_______________________________________________

News Break:

Boar's Head

https://www.food-safety.com/articles/9740-following-outbreak-boars-head-forms-food-safety-council-of-top-experts-closes-facility-discontinues-liverwurst

https://www.food-safety.com/articles/9724-inspection-reports-show-mold-insects-meat-residues-and-more-at-boars-head-facility-responsible-for-listeria-outbreak

https://www.food-safety.com/articles/9636-boars-head-rte-deli-meats-recalled-after-two-listeriosis-deaths

https://www.fsis.usda.gov/sites/default/files/media_file/documents/Non-Compliance_Reports_112022-To-812024.pdf

Avian Influenza

https://www.aphis.usda.gov/livestock-poultry-disease/avian/avian-influenza/hpai-detections

https://www.cdc.gov/bird-flu/spotlights/h5n1-response-09132024.html#:~:text=Since%20April%202024%2C%2014%20human,H5N1)%20virus%2Dinfected%20poultry

_______________________________________________

Episode Key Highlights:

00:00 - Introduction

02:15 - Cultural Significance of Food

10:30 - Global Food Supply Chains and Technology

18:45 - Vulnerabilities in the Food Supply System

26:00 - Communication Skills in Cybersecurity

33:20 - Resilience in Supply Chains

41:10 - Future of Cybersecurity

_______________________________________________

Bites and Bytes Podcast Info:

TikTok

Website:  Explore all our episodes, articles, and more on our official website.  Visit Now

Merch Shop:  Show your support with some awesome Bites and Bytes gear! 🧢👕 Shop Now

Blog:  Stay updated with the latest insights and stories from the world of cybersecurity in the food industry.  Read Our Blog

Audience Survey:  We value your feedback!  Help us make the podcast even better.  Take the Survey

Schedule a Call with Kristin:  Want to share your thoughts? Schedule a meeting with Kristin!  Schedule Now

In this week's episode, Craig Duckworth and LuRae Lumpkin dive into the critical need for translating high-level cybersecurity solutions and priorities into clear, succinct communication across the industrial cybersecurity industry.

They focus on bridging the communication gap between IT and OT teams, discussing how a unified approach from both leadership and operations can strengthen security efforts.

The episode highlights evolving strategies for addressing breaches, improving risk management, and safeguarding critical infrastructure.

Key takeaways include the importance of tailoring cybersecurity communication to different audiences, implementing proactive measures, and fostering a consistent, organization-wide message that integrates cybersecurity into the core culture regardless of the organization.

Chapters:

• 00:00:00 - Setting the Stage: Why Cybersecurity Communication Matters
• 00:00:54 - LuRae Lumpkin's Proven Expertise in Industrial Cybersecurity
• 00:01:34 - How Cybersecurity Messaging Has Evolved Across IT and OT
• 00:04:49 - Lessons from Major Cyber Breaches: What You Need to Know
• 00:06:47 - Why Being Proactive is Crucial in Cybersecurity Communication
• 00:08:41 - Building a Cybersecurity-Driven Culture from the Top Down
• 00:10:44 - Simplifying Complex Cybersecurity Issues for Maximum Impact
• 00:12:30 - Making Cybersecurity a Company-Wide Priority
• 00:14:15 - Bridging the Communication Gap Between IT and OT
• 00:16:00 - Creating a Unified Language Across Teams
• 00:18:45 - The Role of External Vendors in Cybersecurity Communication
• 00:20:27 - Practical Advice to Strengthen Your Organization's Cybersecurity
• 00:24:39 - Final Insights on Fostering a Cyber-Aware Organization

Links And Resources:

• LuRae Lumpkin on LinkedIn
• Velta Technology
• Dino Busalachi on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, YouTube, and leave us a review!

U.S. manufacturing is on a roll right now. And organizations like MxD – The Digital Manufacturing and Cybersecurity Institute are on a mission to help manufacturers build the things they need to build in the modern digital world.

In this episode, we sit down with Berardino Baratta, CEO of MxD, to explore the evolution of digital transformation in manufacturing and its impact on the industry. First, Berardino shares his career story, which takes us from healthcare AI to operating a café during a sabbatical to now helping manufacturers thrive in a digital world.

As MxD celebrates its 10th anniversary, Berardino shares insights on how the organization has evolved over the years as new technology progresses. We dig into the challenges faced by small businesses, the importance of cybersecurity in the digital age, and how MxD is shaping the future of American manufacturing. Berardino shares his perspective on how manufacturing is changing for the better, including a more collaborative approach to improving supply chains and the democratization of data and insights.

In this episode, find out:

• Berardino explains what MxD does to help manufacturers and how its scope has evolved as new technology advances
• Some backstory on Berardino’s varied career from being the CEO of an AI healthcare company to now working as the CEO of the U.S.’s leading digital manufacturing innovation center
• What Berardino learned during his long sabbatical about modernizing operations at a café and how he applied that to his work in manufacturing
• Berardino takes us through MxD’s project history, including working with the Department of Defense and Manufacturing USA
• How modern manufacturing companies feel about creating something that will be democratized vs. maintaining competitive advantages
• Why the industry has become more collaborative over making supply chain improvements
• How manufacturing has changed in the past ten years in line with technological innovations
• What’s working when it comes to fortifying the strength of U.S. manufacturing
• Improvements the industry needs to make when it comes to adopting digital assets

Enjoying the show? Please leave us a review here. Even one sentence helps. It’s feedback from Manufacturing All-Stars like you that keeps us going!

Tweetable Quotes:

• “We quickly realized cybersecurity is critical. We went from being the Digital Manufacturing Institute to the Digital Manufacturing and Cybersecurity Institute. Two sides of the same coin, right? If you're going to adopt digital, it better be secure.”
• “98% of U.S. manufacturing companies are small and medium. 75% have less than 20 employees. What's starting to work is that those small and medium businesses are starting to adopt digital to improve their operations.”
• “With the café, we modernized their entire operations. Right from production in the back house through building their front of the house. We modernized it with technology, not that dissimilar to a digital transformation of a manufacturer.”

Links & mentions:

• MxD, the digital manufacturing and cybersecurity institute; MxD advances economic prosperity and national security by strengthening U.S. manufacturing competitiveness through technology innovation, workforce development, and cybersecurity preparedness; in partnership with the Department of Defense
• Manufacturing USA, a network of regional institutes, each with a specialized technology focus; Manufacturing USA institutes like MxD convene business competitors, academic institutions, and other stakeholders to test applications of new technology, create new products, reduce cost and risk, and enable the manufacturing workforce with the skills of the future
• Chicago Cut Steakhouse, a stylish modern steakhouse with a patio overlooking the Chicago River where Berardino and Chris have both dined before
• Hardware Sustainable Gastropub and Brewery, avant-garde haunt in Aurora, IL with seasonal, creative entrées, whiskeys from around the world, and outdoor seating

Make sure to visit http://manufacturinghappyhour.com for detailed show notes and a full list of resources mentioned in this episode. Stay Innovative, Stay Thirsty.

We have an exciting and crucial topic: the Cyber Resilience Act. With us are two guests who are experts in their fields: Guillaume Crinon, Director of IoT Business Strategy at Keyfactor, and Romain Tesniere, Business Development Manager at Avnet Silica. Guillaume and Romain bring a wealth of knowledge and experience in IoT security and business strategy, making them the perfect guides to help us navigate this important legislation.

The Cyber Resilience Act aims to enhance the security of connected devices, but what does that mean for businesses, developers, and end-users? We'll explore the benefits, challenges, and impacts of this Act and practical steps for ensuring IoT security.

#iot #security #cra #wetalkiot

Summary of this week's episode:

01:42 Understanding the Cyber Resilience Act

02:04 Keyfactor's Role in IoT Security

03:37 Avnet Silica's Approach to Security

05:19 Exploring the Cyber Resilience Act

10:42 Challenges and Risk Assessments

19:05 Practical Implementations and Examples

23:15 Collaboration and Future Prospects

24:44 Balancing Innovation and Security

Show notes:

Guillaume Crinon: https://www.linkedin.com/in/guillaumecrinon/

Romain Tesniere: https://www.linkedin.com/in/romain-tesniere-26698b80/

About Keyfactor: https://www.keyfactor.com

Deep dive into the Cyber Resilience Act:

https://my.avnet.com/silica/solutions/iot/secure-device-management-provisioning/

https://www.keyfactor.com/resources/content/eight-steps-to-iot-security?lx=6IfNm7

https://www.brighttalk.com/webcast/17778/604186

About Avnet Silica:

This podcast is brought to you by Avnet Silica—the Engineers of Evolution.

You can connect with us on LinkedIn: https://www.linkedin.com/company/silica-an-avnet-company/. Or find us at www.avnet-silica.com.

In this episode, Steve Plumb, Editor-in-Chief, sits down with Jeremy Dodson, Chief Information Security Officer, and Jay Korpi, Principal Cybersecurity Specialist, from NextLink Labs to discuss cybersecurity in the manufacturing industry. They highlight the convergence of IT and OT and the need for understanding the differences between the two.  They also talk about common breaches, such as social engineering attacks and misconfigurations, and the need for comprehensive risk assessments and training programs. 

In this episode, Craig Duckworth is joined by Roger Hill, founder of Hillstrong Group Security.

Roger is a seasoned 30-year industry veteran in the field of industrial automation and cybersecurity. He joins Craig to discuss the critical challenges and emerging trends in industrial cybersecurity.

From the evolution of security practices in industrial environments to the complexities of integrating modern solutions with legacy systems, Roger offers invaluable insights.

He delves into the importance of breaking down silos between IT and OT teams, the rise of ransomware as a major threat, and the need for collaborative approaches to secure critical infrastructure.

Whether you're grappling with aging systems or looking to future-proof your OT security, this conversation is packed with practical advice and forward-thinking strategies.

Chapters:

• 00:00:00 - Introduction to OT Cybersecurity
• 00:00:46 - Meet Roger Hill: A Veteran in Industrial Automation and Cybersecurity
• 00:00:57 - How OT Security Has Evolved Over 30 Years
• 00:01:52 - The Impact of Stuxnet: A Turning Point in OT Cybersecurity
• 00:03:41 - Navigating Emerging Technologies and the Rising Ransomware Threat
• 00:05:32 - Overcoming Challenges in Adopting New Technologies
• 00:07:13 - Why Context and Visibility Are Key to Effective OT Security
• 00:09:10 - Budgeting and Governance: The Backbone of OT Security
• 00:11:13 - Breaking Down Silos: The Critical Role of IT and OT Collaboration
• 00:13:00 - Challenges in Global OT Security: Governance and Compliance
• 00:14:50 - The Aging Workforce Problem: Building and Retaining Talent
• 00:17:00 - Importance of Cross-Functional Teams in OT Security
• 00:23:24 - What’s Next? The Future of OT Cybersecurity
• 00:28:29 - Final Thoughts: Practical Advice and Forward-Looking Strategies

Links And Resources:

• Roger Hill on LinkedIn
• Dino Busalachi on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, YouTube, and Google Podcasts to leave us a review!

Welcome to the first episode of our new Energy Talks miniseries, Why Should We Talk About Incident Response? Join OMICRON cybersecurity experts Andreas Klien and Simon Romer as they explore the critical roles of IT and OT in cyber incident response and disaster recovery alongside other experts from the power industry.

In this episode, Andreas and Simon discuss disaster recovery from an OT perspective, using a recent CrowdStrike incident as a case study. Simon also highlights key considerations for utilities when developing OT incident response and recovery processes and offers practical tips for those without established plans.

We want to hear from you! If you work at a utility, please share your experiences implementing OT response and recovery processes – what prompted you to start, and what challenges have you faced? If you would like to contribute, email us at omicroncybersecurity.com and we may feature your story in an upcoming episode.

Stay tuned for upcoming episodes in our miniseries Why Should We Talk About Incident Response?

Learn more about OMICRON’s approach to advanced cybersecurity for OT environments.

We would really like to know what you think about Energy Talks and which topics you would like to hear more about. To do this, simply send us an email to [email protected] and be sure to give us a star review on Spotify or Apple Podcast. Thanks for your feedback!

Over the past decade, operational technology (OT) systems have become increasingly digitized and more vulnerable to cyber threats, making effective cyber risk management more crucial than ever. This session will explore the concept of cyber risk, defined as the potential for loss or harm to digital infrastructure, and how you can proactively apply the latest tools, trends and techniques to reduce cyber risk and enhance the resilience of your OT systems.

We’ll cover:

• Different risk scoring approaches, like quantitative, qualitative, and hybrid models, which help organizations prioritize and address vulnerabilities. 
• Emerging trends in cyber risk management, including the growing adoption of AI-driven analytics, automation, and integrated security frameworks. 
• How technologies like artificial intelligence and advanced threat detection systems are reshaping how organizations mitigate risk in OT environments.

Visit Our Website

Follow Us on LinkedIn

Too few vulnerabilities in industrial control systems (ICS) are assigned CVEs because of client non-disclosure agreements. This results in repeatedly discovering the same vulnerabilities for different clients, especially in critical infrastructure. Don C. Weber from IOActive shares his experiences as an ICS security professional and suggests improvements, including following the SANS best practices for ICS security..