Jens Wiesner of the German BSI joins us - new German critical infrastructure laws demand immediate reporting and certified state-of-the-art attack detection.
Jens Wiesner of the German BSI joins us - new German critical infrastructure laws demand immediate reporting and certified state-of-the-art attack detection.
"Silent" cyber coverage has vanished in most insurance policies, and you can't get cyber insurance any more without cyber security. Georgina Williams, Senior Cyber Underwriter at Murich RE joins us to look at how insurers are digging deep into both engineering and security aspects of industrial cybe
A lot can go wrong - Enrique Martinez Technical Solutions Architect for OT Security at WWT joins us to look at common mistakes when deploying OT asset inventory, IDS and other visibility solutions - and how to avoid them.
Industrial security programs have to touch all the bases. Alexandru Suditu of the Enevo Group joins us to look at - not everything - just the tricky bits.
Demand for skilled industrial / OT security people has increased dramatically over the last couple of years. Join Meg Duba, Senior Technical Recruiter at Idaho National Labs for an update on the market.
Greg Hale - Editor and Founder of ISSSource and ICSStrive joins us to look at his new OT / industrial incident repository, and a new report using the data in the repository, analyzing industrial cyber incidents with physical consequences.
Standardization and consolidation increase the consequences of cyber attacks - these are unexpected insights from applying the CCE methodology. Jodi Jensen, President of Secure SCADA Solutions joins us to look the experience of using Consequence-Driven, Cyber-Informed Engineering.
The widely-used 62443-3-3 standard is being updated. One big change is making security levels risk-based. Join Alex Nicoll, co-chair of the ISA committee updating the standard, to look at what this means and how it will work.
Functional vs operational safety, profiles, deep connections to IEC 62443 and more. Tom Aubuchon, Principal Consultant at Ethosecure Consulting and Suzanne Lemieux, Director Operations Security and Emergency Response Policy at the American Petroleum Institute join us to look at API 1164 Rev 3 - a co
Which is better - security or compliance? Suzanne Black of Network + Security Technologies brings a new perspective to this old question and covers a lot of other ground in the latest NERC CIP standards.
Safety, insiders, external attacks, remote access, zero trust, and more. Serkan Yusuf at Applied Risk explores a new report based on a survey of over 1000 industrial security practitioners.
A special episode where Nate and Andrew look back at what we can learn from cyber attacks on industrial sites in 2021 and what we should expect to come at us in 2022 and 2023.
Graham Speake (semi-retired) reflects on a career in industrial security. He points out industrial networks were always connected and observes that we should all get more credit for material improvements in industrial security and security technologies in the last 2-3 decades.
The IEC 62443 security standards are evolving. Eric Cosman, co-chair of the ISA SP-99 committee that creates the 62443 standards joins us in this episode. Eric looks at how experience using the 62443 standards is driving change in a number of key areas.
"Lenses" are preconceived notions that limit our ability to evaluate and accept solutions. Dr. Art Conklin from the University of Houston joins us to look at lenses in industrial security and what to do about them.
Change is a risk in industrial operations, but at least on the security side of things, rapid change is the order of the day when connecting an acquisition to a new owner's infrastructures. Anthony Morrone and Marianne Swarter of Level5Cyber join us to look at issues and solutions for mergers, acqui
Vulnerability handling costs a lot of time and effort - finding the announcements, evaluating them, comparing to our systems, planning & managing deployment and more. Jens Wiesner of the German BSI joins us to explore a new standard that promises to automate much of this task - the Common Security A
Ernie Hayden joins us to walk through the big picture of risk assessment as documented in his new book - Critical Infrastructure Risk Assessment. The book is a "how-to" for assessing risks ranging from hurricanes to safety systems to cyber attacks.
OT / industrial cyber risk is tricky. Ask questions about probabilities like we did 10 years ago and you get answers that just don't work well. Mark Fabro, President & Chief Security Scientist at Lofty Perch joins the podcast to look at the modern way to model risk.
Maritime systems are unique in some senses - eg: both having safety critical aspects and being reliant on wireless satellite communications. But these systems are familiar too - PLCs, HMIs and remote access. Marco Ayala, Director of ICS Security at 1898 & Company walks us through the space.