How to prevent the next attack on your water and wastewater treatment plant? Click now to register for the upcoming webinar
The SolarWinds supply chain breach is arguably the biggest hack in history. OSIsoft's Security Architect, Bryan Owen, joins us to explore the breach and what it means for industrial security.
An organized crime group develops a history of routine speculation on futures markets for gasoline. Then they damage equipment at a refinery by using known vulnerabilities on internet facing IT equipment. This cripples the supply, makes prices spike, and attackers profit from their speculation.
Like civil engineers building bridges, security engineers should have quantitative goals: How secure must the system be when commissioned? (How much load must the bridge carry?) How long must the system maintain that security level without major maintenance? (How long must the bridge carry that load
The information security website "Help Net Security", has published an Article by Andrew Ginter "Misplaced expectations securing water treatment systems". Click here to read it
Nation state attackers use more sophisticated tools such as the BlackEnergy trojan to ultimately take over equipment on the ICS network and disable protective relays. The attack group then sends control commands to very quickly connect and disconnect power flows to parts of the grid, destroying larg
CIP-013 is intended to reduce supply chain risks. What are the rules? What are they costing? Are they working? Dr. Joseph Baugh, Managing Consultant at Guidehouse joins us to explore CIP-013, the executive order and other timely NERC CIP topics.
Like the 2015 Ukraine attack, hacktivist-class attackers steal remote-access passwords, log in and observe the operator using ICS HMI to learn how the screens work. The attackers eventually take control of the HMI and mis-operate the physical process.
Ed Amoroso of Tag Cyber, former CSO of AT&T talks about the IT perspective & approach for OT security - where to start and what to watch for.
An attack group similar to the “Shadow Brokers” steals a list of zero days from a nation-state adversary and sells the list to an organized crime group. That group creates autonomous ransomware that jumps through firewalls via encrypted connections to file shares, causing an emergency shutdown a
Some say "Industrial" and "Cloud" and "Security" don't fit together - but is this true? Our guest Andrea Carcano from Nozomi Networks explainins how cloud-based security systems really do improve industrial and IoT security
An attacker launches a phishing attack and plants RAT malware on the IT network. They use the RAT to steal credentials and gain remote access to the ICS and demand ransom
Markus Braendle, head of Airbus Cybersecurity, and Falk Lindner, lead architect for Industrial Cybersecurity at Airbus Manufacturing join us to talk about industrial security monitoring and management at one of the most complex industrial enterprises on the planet.
An engineer searching for information from an ICS-connected computer accidentally downloads ransomware resulting in an emergency shutdown Much like the WannaCry ransomware.
An unhappy IT Insider shoulder-surfs remote access credentials entered by an ICS support technician. The insider uses the credentials to trigger a partial shutdown
A disgruntled ICS technician steals passwords, logs in to equipment controlling the plant, and triggers a shut-down – much like Maroochy Shire incident
Press Release: Waterfall security announces the industrial security institute. A video series focused on industrial cybersecurity topics and education
Breaking into tenant enterprise networks via building automation networks, say from a public coffee shop: Barry Coflan, a Strategy Consultant at Tower Hill Analytics, provides a perspective on the growing attack surface in modern buildings.
Patrick Coyle - long-time blogger at Chemical Facility Security News explores the state of CFATS regulations, new cybersecurity spending bills in the pipe, and his new blog: Future ICS Security News.
Cybersecurity for rolling stock (trains) is trickier and even more safety critical than we imagine. Join Shannon Ramsaywak, Managing Partner at Nathanial Rand as we explore automation, security and safety issues for passenger rails.
Join us to explore building automation for skyscrapers, cybersecurity, and attack examples with Fred Gordy of Intelligent Buildings
A timely and insightful exploration of supply chain security issues with Spencer Wilcox, the CSO and Executive Director of Technology at PNM Resources
Episodes in the theme of "risk assessment." We need to understand the problem before it makes any sense to talk about solutions
Daniel Ehrenreich joins us to explore practitioner experience of IT/OT Integration, 62443 training and the ICS CyberSec conference every year in Israel
P&I diagrams connect process engineering to control engineering. Sarah Fluchs of Admeritia explains what we need to connect control engineers with security engineers
Andrew Ginter talks to Threatpost Podcast about the differing priorities between IT and OT security teams as industrial control systems become connected.
Most building automation is poorly secured, which is a big problem for hospitals. Gilad Zinger of PWC joins us to explore vulnerabilities and what hospital CISO's are starting to do about the problem.
There are voices in the industrial security community advocating a return to hard-wired protective relays, discarding two decades of progress in this space. But, a practical solution is to protect the protection. In power plants, as in high voltage substations, protective relays can be connected to
Ransomware continues to evolve and sophisticated phishing attacks are the most popular attack vector. James McQuiggan of KnowBe4 explores ransomware, phishing and what we can do about it.
Internet communications are creeping into electric distribution systems. James McCarthy and Don Faatz join us from the NIST NCCoE to talk about this project & others where they provide detailed "how to" industrial security documentation
Each of these perspectives involves more than software and are immune to an inevitable litany of software vulnerabilities found in control systems
Learn about the Beer ISAC movement, the Beer ISAC Podcast, the Russian industrial security community and other initiatives with Anton Shipulin and Vladimir Dashchenko of Kaspersky
Missed the latest Softprom webinar about the Top 20 Cyberattacks on ICS Control Systems? Catch up now and watch the full recording here
Explore a targeted ransomware attack at a pharmaceuticals plant, the incident response and how hard it is to just "restore from backup" with Ofer Shaked, Co-Founder & Chief Technology Officer at SCADAfence
What do the World's most secure sites do differently? Full recording of Andrew Ginter's latest Secure Operations Technology Webinar
Author, researcher and industrial security pioneer Jake Brodsky explores the security and operational benefits of configuring self-consistency checks into industrial control systems
Missed the latest SANS webinar on OT security monitoring, with Andrew Ginter? Catch up now and watch the full recording here
Derek Harp, CEO and Co-Founder of CS2AI and Founder of The Cyber List speaks to the history and future of CS2AI, and provides some insights into cyber security training for non-cyber-savvy audiences
Missed the latest SecurityWeek webinar on unidirectional remote access, with Andrew Ginter? Catch up now and watch the full recording here
Join Andrew Ginter, VP Industrial Security, Waterfall Security Solutions, on the next webinar: Wednesday, May 28, at 14:00 CET. Click here to register for free
What do the World's most secure sites do differently? Full recording of Andrew Ginter's latest Secure Operations Technology Webinar
The US government acts to protect the electric grid - but there is only so much any government can do. Unlike physical conflicts, the only way to defeat the most sophisticated cyber attacks is for individual sites to take the lead
Roman Arutyunov, Co-Founder of Xage Security, explores intrinsically-distributed, authority-based blockchains for industrial security in the form of the Xage Security Fabric
If you missed the latest webinar hosted by EnergySec with Andrew Ginter, here's your chance to catch up
Marco Blume, Product Manager for Embedded at WIBU Systems introduces discrete manufacturing and explores how intellectual property protection, safety and cybersecurity work in that vertical and others.
Phil Neray, VP Industrial Security of CyberX reviews findings, remediations and C-level responses for security assessments at 1800 industrial sites
In this time of COVID-19 travel restrictions and quarantines, understanding options for safe, secure remote access to Industrial Sites and Control Centers is especially important. This post reviews 3 common options for secure remote access and support: server replication, Remote Screen View and Secu
Phil Dunbar, CTO of the new Industrial Defender joins us to explore the significance of the firm's historical contributions, and where the new Industrial Defender is headed today
Andy Bochman of Idaho National labs describes CCE, a new methodology for industrial security with a focus on mission assurance, which means different things in different industries
Robert Pitcher of Public Safety Canada explores Canadian industrial security, including very popular attack training/awareness sessions and the annual industrial security symposium
Security PHA Review – a new methodology for protecting safe operations. Join our discussion with James McGlone, one of the authors of the new ISA book describing a robust connection between safety and cybersecurity. PLAY Now
The Industrial Security Podcast: how education differs from training, with examples from Dr. Art Conklin at the University of Houston. Click Play
Matt Gibson from the EPRI explores analog control systems, IIoT at nuclear sites and control system product "labeling" for security. Click Play
As 2019 comes to a close, we look back at the top five episodes by downloads. The top five include guests from the United States, Israel, and Germany: Joe Weiss, Dr. Gabi Siboni, Jens Weisner, Patrick Miller, and Jonathan Pollet. To hear the insights of our most popular guests, click on each episode
Pointing fingers at vendors is easy. Creating "secure" products is a real challenge, supply chain is a big part of that challenge, and vendors cannot solve the problem in isolation. Kenneth Crowther, a Product Security Leader at GE explores what a leader in this space is doing. Click PLAY
Rick Driggers of CISA describes cyber, physical and industrial security priorities at the new US DHS CISA agency. Tune in now
Andrew Ginter was a guest on the Energy Exchange (Enernex) podcast. Tune in to hear what the world's most secure industrial sites do and how that differs from conventional security programs. Click here to listen
The information security website "Help Net Security", has published an interview with Andrew Ginter "How can security teams effectively monitor OT and ICS networks?". Click here to read it
Jens Wiesner returns to the Industrial Security Podcast to discuss the German BSI's commitment to the new "Malcolm" OT network visibility tool. PLAY NOW
The information security website "Help Net Security", has published a new article written by Andrew Ginter "Microsegmentation for refining safety systems". Click here to read it
Lyndon Hall is routinely called on for the first-ever security assessment at industrial sites. On this episode of the Industrial Security Podcast, he explains how he does that and what he finds
A wide-ranging conversation with Greg Hale, Editor and Founder of Industrial Safety and Security Source (ISSSource), about where we are today, how security relates to safety, how to sell security as improving efficiency and other topics.
Meg Duba, a recruiter at Idaho National Labs talks about techniques, tips, and challenges for industrial security recruitment and job hunting. Tune in to the new episode of the Industrial Security Podcast
Mark Lindike explores industrial systems and security challenges at the Munich International Airport, as well as how the new Munich ISH training facility is helping the airport and others.
Industrial security insights regarding risks, programs, budgets and technology at the City of Calgary Water Services, with Darrol Weiss.
Patrick Miller discusses how technology advances in Industrial Control Systems are out-pacing existing industrial cybersecurity and business risk management programs and what needs to change to keep pace.
The differences between IT and OT teams and approaches both make life difficult and represent opportunities to improve industrial operations.
SECURE OPERATIONS TECHNOLOGY: THE MISSING LINK TO A SECURE INDUSTRIAL SITE - A new book by Andrew Ginter. Get your free copy now
Andrew Ginter, and Edward Amoroso, talk about how new approaches are needed to gain defensive advantage over already-capable cyber adversaries
Andrew Ginter and Edward Amoroso talk about how unidirectional security gateways enable safe IT/OT integration. Podcast
Andrew Ginter, VP of Industrial Security at Waterfall, and Edward Amoroso, CEO of TAG Cyber, talk about SCADA vulnerabilities in ICS architectures
In this podcast, Andrew Ginter and Edward Amoroso talk about how the traditional focus of most hackers has been on software, but the historical focus of crime is on anything of value
In this podcast, Andrew Ginter, VP of Industrial Security at Waterfall Security Solutions, and Edward Amoroso, CEO of TAG Cyber, talk about industrial control system security
In this podcast recorded at IoT Solutions World Congress Barcelona 2016, Andrew Ginter, VP of Industrial Security at Waterfall Security, talks about remote access options for unidirectionally protected networks
In this podcast recorded at IoT Solutions World Congress Barcelona 2016, Andrew Ginter, VP of Industrial Security at Waterfall Security, explains how, in order to keep log repositories more secure than the attacked network, Waterfall developed the BlackBox
In this podcast recorded at IoT Solutions World Congress Barcelona 2016, Andrew Ginter, VP of Industrial Security at Waterfall Security, explains how you can send information into these sites securely.
In this podcast recorded at IoT Solutions World Congress Barcelona 2016, Andrew Ginter, VP of Industrial Security at Waterfall Security, talks about Unidirectional Security Gateways. They can replace firewalls in industrial network environments, providing absolute protection to control systems and o
In this podcast recorded at IoT Solutions World Congress Barcelona 2016, Andrew Ginter, VP of Industrial Security at Waterfall Security, talks about the difference between IT security and ICS security