English
Français
Español
Deutsch
日本語
한국어
中文
The Industrial Security Podcast
The Industrial Security Podcast Hosted by Andrew Ginter and Nate Nelson
2020 Episodes
CONNECTING WITH YOUR LOCAL GURUS – DEREK HARP | EPISODE #35
CONNECTING WITH YOUR LOCAL GURUS – DEREK HARP | EPISODE #35Derek Harp, CEO and Co-Founder of CS2AI and Founder of The Cyber List speaks to the history and future of CS2AI, and provides some insights into cyber security training for non-cyber-savvy audiences.
Blockchains for industrial security: roman Arutyunov | Episode #34
Blockchains for industrial security: roman Arutyunov | Episode #34Roman Arutyunov, Co-Founder of Xage Security, explores intrinsically-distributed, authority-based blockchains for industrial security in the form of the Xage Security Fabric.
Safety protects the man from the machine, security the reverse: Marco Blume | Episode #33
Safety protects the man from the machine, security the reverse: Marco Blume | Episode #33Marco Blume, Product Manager for Embedded at WIBU Systems introduces discrete manufacturing and explores how intellectual property protection, safety and cybersecurity work in that vertical and others.
1800 sites: air gaps, Windows XP and evolving due diligence: Phil Neray | Episode #32
1800 sites: air gaps, Windows XP and evolving due diligence: Phil Neray | Episode #32Phil Neray, VP Industrial Security of CyberX reviews findings, remediations and C-level responses for security assessments at 1800 industrial sites.
Industrial Defender Returns: Phil Dunbar | Episode #31
Industrial Defender Returns: Phil Dunbar | Episode #31Industrial Defender was a pioneer of Industrial Security, but the brand dropped off the radar for several years. As of January though, Industrial Defender has returned. Phil Dunbar, CTO of the new Industrial Defender joins us to explore the significance of the firm’s historical contributions, and where the new Industrial Defender is headed today.
We can handle disruption – Not destruction | Episode #30
Andy Bochman of Idaho National labs describes CCE, a new methodology for industrial security with a focus on mission assurance, which means different things in different industries.
Canadian Initiatives for Industrial Security: Robert Pitcher | Episode #29
Canadian Initiatives for Industrial Security: Robert Pitcher | Episode #29Robert Pitcher of Public Safety Canada explores Canadian industrial security, including very popular attack training/awareness sessions and the annual industrial security symposium.
Unhackable Safeguards: James McGlone | Podcast Episode #28
Security PHA Review – a new methodology for protecting safe operations. Join our discussion with James McGlone, one of the authors of the new ISA book describing a robust connection between safety and cybersecurity. Play now.
Your Human Supply Chain: Dr. Art Conklin | Podcast Episode #27
Your Human Supply Chain: Dr. Art Conklin | Podcast Episode #27How education differs from training, with examples from Dr. Art Conklin at the University of Houston. Play now
Know more about your system than attackers do: Matt Gibson | Podcast Episode #26
Know more about your system than attackers do: Matt Gibson | Podcast Episode #26Know more about your system than attackers do, and other topics such as analog control systems, IIoT at nuclear sites and control system product “labeling” for security. Join Matt Gibson from the Electric Power Research Institute (EPRI) to explore these and other applied research insights for industrial security. Play now.
2019 Episodes
Product Security at GE: Kenneth Crowther | Podcast Episode #25
Product Security at GE: Kenneth Crowther | Podcast Episode #25Pointing fingers at vendors is easy. Creating “secure” products is a real challenge, supply chain is a big part of that challenge, and vendors cannot solve the problem in isolation. Kenneth Crowther, a Product Security Leader at GE explores what a leader in this space is doing. Play now.
Cyber and industrial focus at US CISA – Rick Driggers | Podcast Episode #24
Cyber and industrial focus at US CISA – Rick Driggers | Podcast Episode #24Rick Driggers of CISA describes cyber, physical and industrial security priorities at the new US DHS CISA agency. Play now.
Malcolm – A New (Free, INL) Tool for Network Visibility – Jens Wiesner | Podcast Episode #22
Malcolm – A New (Free, INL) Tool for Network Visibility – Jens Wiesner | Podcast Episode #22Jens Wiesner of the German BSI explores Malcolm, a new (free, open source) tool for OT network visibility, brought to us by the U.S. Idaho National Labs (INL). Play now.
When Numbers Are Scarce – Ron Brash | Podcast Episode #23
When Numbers Are Scarce – Ron Brash | Podcast Episode #23How do we estimate the probability of an attack that has never happened? Ron Brash of Verve Industrial explains. Play now.
Build, Break & Secure – Matthew Luallen | Podcast Episode #21
Build, Break & Secure – Matthew Luallen | Podcast Episode #21Build, break & secure with a 1000-lb portable lab – Matthew Luallen of Cybati explores modern industrial security training. Play now.
THREE NETWORKS – IT, OT & ENGINEERING – JOE WEISS | PODCAST EPISODE #20
THREE NETWORKS – IT, OT & ENGINEERING – JOE WEISS | PODCAST EPISODE #20Industrial security pioneer Joe Weiss explains how there are 3 networks, not 2 – IT, OT and Engineering, with examples from the 2007 aurora test. Play now.
Layer Zero Anomaly Detection – Ilan Gendelman and Hadas Levine | Episode #19
Layer Zero Anomaly Detection – Ilan Gendelman and Hadas Levine | Episode #19Explore out of band security and operational anomaly detection with Ilan Gendelman and Hadas Levine of SIGA OT Solutions. Play now.
Where Do Your Bits Really Come From? – Eric Byres | Episode #18
Where Do Your Bits Really Come From? – Eric Byres | Episode #18Industrial security pioneer Eric Byres, CEO of Adolus, speaks to software supply chain trust issues and some of the technology his new venture Adolus Inc. is developing to help. Click PLAY.
Be Brave When Assessing Risks – Mark Fabro | Episode #17
Be Brave When Assessing Risks – Mark Fabro | Episode #17Mark Fabro, President and Chief Security Scientist at Lofty Perch, explores how robust cyber/physical risk assessments help “stay left of boom” at industrial sites. Click PLAY.
STARTING FROM ZERO – LYNDON HALL OF IRON SPEAR | Episode #16
STARTING FROM ZERO – LYNDON HALL OF IRON SPEAR | Episode #16Lyndon Hall, Senior Manager at Iron Spear Information Security, is routinely called on for the first-ever security assessment at industrial sites. On this episode of the Industrial Security Podcast, he explains how he does that and what he finds. Click PLAY.
WE CAN ONLY SECURE WHAT WE KNOW WE HAVE – RICK KAUN | Episode #15
WE CAN ONLY SECURE WHAT WE KNOW WE HAVE – RICK KAUN | Episode #15Asset inventory is the foundation of industrial security, which is essential to IT/OT convergence. Rick Kaun, VP Solutions at Verve Industrial Protection, talks about asset inventory concepts and the Verve Industrial technology for inventory.
EFFICIENCY THROUGH SECURITY – GREG HALE | Episode #14
EFFICIENCY THROUGH SECURITY – GREG HALE | Episode #14A wide-ranging conversation with Greg Hale, Editor and Founder of Industrial Safety and Security Source (ISSSource), about where we are today, how security relates to safety, how to sell security as improving efficiency and other topics.
TIPS FOR RECRUITING AND BEING RECRUITED INTO INDUSTRIAL SECURITY POSITIONS – MEG DUBA | Episode #13
TIPS FOR RECRUITING AND BEING RECRUITED INTO INDUSTRIAL SECURITY POSITIONS – MEG DUBA | Episode #13Meg Duba, a recruiter at Idaho National Labs talks about techniques, tips, and challenges for industrial security recruitment and job hunting.
Munich Airport – Security Challenges and Information Security Hub | Episode #12
Munich Airport – Security Challenges and Information Security Hub | Episode #12Mark Lindike explores industrial systems and security challenges at the Munich International Airport, as well as how the new Munich ISH training facility is helping the airport and others.
Water Services Security at the City of Calgary – Darrol Weiss | Episode #11
Water Services Security at the City of Calgary – Darrol Weiss | Episode #11Industrial security insights regarding risks, programs, budgets and technology at the City of Calgary Water Services, with Darrol Weiss.
Darrol Weiss is the Control Systems Services Leader for the City of Calgary Water Services. Darrol manages a team of automation staff responsible for OT operational technology process control systems for Calgary’s Wastewater Facilities.
RUNNING WITH SCISSORS – PATRICK MILLER | Episode #10
RUNNING WITH SCISSORS – PATRICK MILLER | Episode #10Patrick Miller discusses how technology advances in Industrial Control Systems are out-pacing existing industrial cybersecurity and business risk management programs and what needs to change to keep pace.
Israeli Cybersecurity – Dr. Gabi Siboni | Episode #9
Israeli Cybersecurity – Dr. Gabi Siboni | Episode #9Gabi Siboni joins us to talk about standards, challenges and current initiatives in Israel – perhaps most thoroughly-cyber-protected nation on the planet.
IT VS OT: CHALLENGES AND OPPORTUNITIES – ART CONKLIN | Episode #8
The differences between IT and OT teams and approaches both make life difficult and represent opportunities to improve industrial operations.
CLASSIFYING CONTROL SYSTEMS, CONSEQUENCES AND CRITICALITY – MARTY EDWARDS | Episode #7
CLASSIFYING CONTROL SYSTEMS, CONSEQUENCES AND CRITICALITY – MARTY EDWARDS | Episode #7The need for a standard way to classify the criticality of industrial control systems – eg: safety-critical vs. equipment-critical vs. reliability-critical systems, and what implications such classification should have for industrial security programs.
ICS Penetration Testing – Jonathan Pollet | Episode #6
ICS Penetration Testing – Jonathan Pollet | Episode #6In this pilot episode, Jonathan walks us through how his crew does control system penetration testing, often with live, running systems as a target, with examples of findings and how customers use those findings.
Critical Infrastructure Security In Israel – Buki Carmeli | Episode #5
Critical Infrastructure Security In Israel – Buki Carmeli | Episode #5Buki Carmeli walks us through the evolution of government programs and legislation for securing Israel’s critical infrastructure.
German Initiatives & Progress in Cybersecurity – Jens Weisner | Episode #4
We caught Jens Weisner at S4 and he talks about cybersecurity in Germany – progress, challenges and a little comparing of the German approach to what he sees happening in North America.
Cybersecurity Governance – Paul Feldman | Episode #3
Cybersecurity Governance – Paul Feldman | Episode #3Paul Feldman joins us to explore cybersecurity governance topics for boards of directors in the North American electric sector: what are their responsibilities and more.
OSIsoft & EPRI Methodology – Harry Paul | Episode #2
OSIsoft & EPRI Methodology – Harry Paul | Episode #2Join us for an introduction to the EPRI approach and an overview of what OSIsoft is doing, and what other product vendors can do, to support the effort.
IIoT Security – Sven Shrecker | Episode #1
IIoT Security – Sven Shrecker | Episode #1In this pilot episode, Sven takes us through the emerging field of industrial IoT and how connecting the grid to the cloud presents new problems, and new solutions, for security professionals.
2018 Episodes
THE FUTURE OF OT SECURITY IN MODERN INDUSTRIAL OPERATIONS
THE FUTURE OF OT SECURITY IN MODERN INDUSTRIAL OPERATIONSHow new approaches are needed to gain defensive advantage over already-capable cyber adversaries, to keep up with new OT/ICS technologies, and to serve business risk management needs in increasingly-demanding, competitive environments. Listen Here
SAFE IT/OT INTEGRATION WITH UNIDIRECTIONAL SECURITY GATEWAYS
SAFE IT/OT INTEGRATION WITH UNIDIRECTIONAL SECURITY GATEWAYSThe reason SCADA security is so controversial stems primarily from the intense consequences that come from a compromise in this area. Unidirectional security gateways allow digitizing without compromise. Listen Here
Vulnerabilities and architectural considerations in ICS
In this podcast, Andrew Ginter, VP of Industrial Security at Waterfall Security Solutions, and Edward Amoroso, CEO of TAG Cyber, talk about SCADA vulnerabilities in Industrial Control Systems architectures. Listen Here
Malicious hacking activity increasingly
targeting critical infrastructure
As operational technology (OT) and industrial control system (ICS) infrastructure have become much more prominent components of national critical infrastructure, malicious hacking activity is increasingly targeted in this direction. Listen Here
A closer look at the IT/OT Landscape for infosec professionals
The challenge for modern cyber security engineers working in the OT/ICS area involves modernizing the weak or missing protection controls in existing infrastructure toward more advanced and effective solutions that will stop malicious actors. Listen Here
Why Unidirectional Security Gateways can replace firewalls
Unidirectional Security Gateways can replace firewalls in industrial network environments, providing absolute protection to control systems and operations networks from attacks originating on external networks. Listen Here
Seal the integrity of your logs with Waterfall BlackBox
Logs are the baseline information required for quality incident response and forensics. They consist of tracks and hints of the attack and the attacker. How do you keep log repositories more secure than the attacked network? Listen Here
Unidirectional communications in a bidirectional world
Modern enterprises transmit control system information to business networks continuously and need to send information from business networks into operations networks occasionally. How do you do it securely? Listen Here
Remote access options for unidirectionally protected networks
Remote control is the modern attack method. While unidirectional gateways are designed to defeat remote control, that doesn’t mean we have to give up remote access. Learn about a few practical options. Listen Here
The difference between IT security and ICS security
On IT networks, the focus of a security program is generally preventing the theft of information. The primary focus on control system networks is safety and reliability and preventing sabotage of those elements. Listen Here