The Industrial Security Podcast: Risk Assessment – Understanding the problem

The Industrial Security podcast features guests with a wide range of perspectives. Here are a handful of episodes in the theme of “risk assessment.” Some are risk assessment professionals talking about their methodology and findings, others are researchers and vendors exploring technology that helps with our understanding. All provide valuable insights – we need to understand the problem before it makes any sense to talk about solutions.

1. 1800 SITES: AIR GAPS, WINDOWS XP AND EVOLVING DUE DILIGENCE: PHIL NERAY

Eps. #32: Phil Neray, VP Industrial Security of CyberX reviews findings, remediations and C-level responses for security assessments at 1800 industrial sites.

2. WHEN NUMBERS ARE SCARCE – RON BRASH

Eps. #23: How do we estimate the probability of an attack that has never happened? Ron Brash of Verve Industrial explains.

3. WHERE DO YOUR BITS REALLY COME FROM? – ERIC BYRES

Eps #18: In this podcast Andrew Ginter talks to Eric Byres, about potential problems with the software supply chain for industrial sites. They ask how users can trust the firmware and software that they load into their industrial control systems.

4. BE BRAVE WHEN ASSESSING RISKS – MARK FABRO

Eps. #17: Mark Fabro, President and Chief Security Scientist at Lofty Perch, explores how robust cyber/physical risk assessments help “stay left of boom” at industrial sites.

5. STARTING FROM ZERO – LYNDON HALL OF IRON SPEAR

Eps. #16: Lyndon Hall, Senior Manager at Iron Spear Information Security, is routinely called on for the first-ever security assessment at industrial sites. On this episode of the Industrial Security Podcast, he explains how he does that and what he finds.

6. WE CAN ONLY SECURE WHAT WE KNOW WE HAVE – RICK KAUN

Asset inventory is the foundation of industrial security, which is essential to IT/OT convergence. Rick Kaun, VP Solutions at Verve Industrial Protection, talks about asset inventory concepts and the Verve Industrial technology for inventory.

Eps. #15: Asset inventory is the foundation of industrial security, which is essential to IT/OT convergence. Rick Kaun, VP Solutions at Verve Industrial Protection, talks about asset inventory concepts and the Verve Industrial technology for inventory.

7. CLASSIFYING CONTROL SYSTEMS, CONSEQUENCES AND CRITICALITY – MARTY EDWARDS

Eps. #7: Marty Edwards discusses the need for a standard way to classify the criticality of industrial control systems – eg: safety-critical vs. equipment-critical vs. reliability-critical systems, and what implications such classification should have for industrial security programs.