@BEERISAC: OT/ICS Security Podcast Playlist

What would happen if your GPS signal were jammed? It would impact more than just navigation – you'd also lose access to financial data and power. Joe Marshall, Senior IoT Strategist and Threat Researcher at Cisco Talos, discusses an innovative solution to maintain the country's power grid operations in the event of GPS jamming, whether it's a precautionary measure or an act of war.

Explore the fast-evolving field of OT cybersecurity with Emma Duckworth, a professional whose journey from chemical engineering to securing operational technologies highlights the growing need for cross-functional collaboration in industrial environments.

Emma shares her experiences working on the plant floor, the challenges of uniting IT and OT teams, and the role of emerging technologies like intrusion detection and prevention systems in safeguarding manufacturing processes.

Gain practical insights into career paths, mentorship, and the critical importance of hands-on learning in this dynamic industry.

Chapters:

• 00:00:00 - A Fresh Look at OT Cybersecurity
• 00:01:29 - From Chemical Engineering to Cybersecurity: Emma's Path
• 00:02:36 - Thriving in a Rapidly Evolving Industry
• 00:04:35 - Tools of the Trade: Technologies Transforming OT Security
• 00:05:21 - Bridging the Gap: IT and OT Collaboration Challenges
• 00:08:25 - The Cutting Edge: Emerging Trends and Remote Access
• 00:10:20 - Building a Cybersecurity Career: Emma’s Advice
• 00:15:03 - Looking Ahead: Emma’s Vision for the Future
• 00:18:08 - Key Takeaways and Parting Insights

Links And Resources:

• Velta Technology
• Dino Busalachi on LinkedIn
• Jim Cook on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Derek Harp hosts Virginia "Ginger" Wright, a program manager at Idaho National Laboratory, known for her pioneering work in cybersecurity for critical infrastructure. Ginger shares the history and importance of Cyber Informed Engineering (CIE) and how this engineering philosophy integrates safety protocols directly into the design of industrial systems, making them resilient against cyber threats. They discuss the origins of CIE in nuclear energy safety, the unique assets of Idaho National Laboratory, and the vital role engineers play in safeguarding critical infrastructure. Ginger also dives into practical resources like the Cyber Informed Engineering Implementation Guide, sharing how organizations and educators can adopt this methodology. Join us for insights into CIE’s impact on the future of OT and ICS cybersecurity.

Recent years have seen a growing awareness of the vulnerabilities in our critical infrastructure to cyberattacks, particularly from nation-states like Russia, Iran, and China. In this episode of the IoT Security Podcast, host John Vecchi welcomes Khris Woodring, Senior Cybersecurity Architect at Syngenta, to explore the evolving challenges and opportunities in securing critical infrastructure. From his serendipitous journey into the field to actionable insights on workforce development, Khris shares how industries can overcome the persistent talent gap and drive proactive change in OT security.

Key topics include:

• The unique challenges of bridging IT and OT security.
• Why workforce shortages hinder progress and how industry and academia can collaborate.
• The importance of standardizing roles, frameworks, and terminology.
• Stories of how early curiosity sparked a career in cybersecurity.

Tune in for a passionate discussion on how to protect the systems that make modern life possible—and the steps we can take to secure a resilient future.

Let’s connect about IoT Security!

Follow John Vecchi at https://www.linkedin.com/in/johnvecchi

The IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

In this episode, Aaron is joined by Paul Shaver, an experienced OT security consultant from Mandiant, part of Google Cloud. Together, they navigate the nuanced landscape of operational technology (OT) cybersecurity.

The episode begins with Aaron recalling a critical incident at a power plant that underscores the potential pitfalls in OT environments. This sets the stage for a rich discussion on the evolution of OT technology, with Aaron and Paul reminiscing about primary domain controllers and early NT workstations.

The conversation shifts to the future of OT in the cloud, where Paul highlights the benefits of cloud solutions, including enhanced resiliency, security, and data optimization through AI. A compelling customer case study illustrates modern technology adoption with web-based HMIs and Chromeboxes.

Paul offers a detailed analysis of the current OT cybersecurity landscape, addressing the persistent legacy system challenges and the need for a cohesive IT-OT security strategy. He discusses the evolving threat landscape influenced by global geopolitical tensions and the rise of zero-day vulnerabilities.

Listeners will gain practical insights into foundational cybersecurity measures, such as network segmentation, asset inventory management, and robust access control..

Key Moments: 

04:14 Connecting IT and OT optimizes processes securely.

09:54 Lost production severely impacts manufacturing revenue recovery.

14:06 Ensure network notifications; control access, separate credentials.

17:10 Engineers need secure access to adjust parameters.

21:55 Endpoint detection on older systems is critical.

28:47 Resilience is crucial in CrowdStrike incident response effectiveness.

32:11 Limited resources for global incident response efforts.=

39:22 Rebuilt domain controller caused authentication issues.

42:37 Focus on resiliency and cloud opportunities, leveraging multi-cloud.

44:59 Improve grid operations using cloud and hyper-converged technology.

48:38 Local cloud provides redundancy for remote sites.

51:15 Critical for acquisition process and problem-solving.

About the guest : 

Paul Shaver has dedicated more than two decades to various roles in Operational Technology (OT), primarily within the oil and gas industry. His expertise spans OT architecture, design, and build, along with run and maintaining responsibilities as an asset owner. 

Before transitioning into cybersecurity, Paul served as a Technology Director for an oil and gas company in California. Driven by a burgeoning interest in security, he joined Mandiant nearly five years ago. At Mandiant, now part of Google, Paul relishes the mission of enhancing security postures in OT and critical infrastructure, contributing to significant advancements in the field.

How to connect Paul: https://www.linkedin.com/in/pbshaver/

Connect With Aaron Crow:

Learn more about PrOTect IT All:

To be a guest or suggest a guest/episode, please email us at [email protected]

Dale Peterson speaks with Joel Langill, the SCADAHacker, about his new training course entitled Conducting Threat, Vulnerability, and Risk Assessments For ICS. A two day version of this course will be offered prior to S4x25. 

Of course Dale and Joel jump around a bit on training, the workforce and other items. Take a listen.

As the holidays approach, manufacturing and critical infrastructure organizations face unique cybersecurity challenges due to reduced staffing and associated increased vulnerabilities.

This episode delves into practical strategies for senior leaders and plant managers to secure their operational technology (OT) environments without disrupting production.

By adopting continuous monitoring, fostering cross-functional IT-OT collaboration, and engaging OT-specific vendors, organizations can reinforce their cyber resilience.

Through real-life scenarios, the hosts discuss how proactive planning and structured security practices are vital to maintaining operational continuity and mitigating risks in complex industrial settings.

Chapters:

• 00:00:00 - Introduction to Cybersecurity Challenges During the Holiday Season
• 00:00:52 - Cybersecurity Missteps Putting the C-Suite at Risk
• 00:14:06 - Holidays & Hackers: Keeping Industrial Control Systems Safe

Links And Resources:

• Velta Technology
• Dino Busalachi on LinkedIn
• Jim Cook on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

In this episode, host Derek Harp sits down with Bryson Bort and Tom Van Norman, co-founders of ICS Village and creators of Hack the Capital. They discuss the origins and evolution of Hack the Capital, now in its seventh year, and the conference’s unique focus on bridging cybersecurity professionals with policy makers and industry leaders. They dive into the value of hands-on learning, the launch of Workforce Development Day, and the ongoing need for practical cybersecurity education and career opportunities for all. Bryson and Tom also highlight the significance of candor in the field and what attendees can look forward to at future conferences. Tune in for insights into the world of OT and ICS cybersecurity, hands-on training, and the importance of building community partnerships.

In this episode of the Bites and Bytes Podcast, host Kristin Demoranville welcomes her good friend and former colleague, Mike Delaney, a seasoned corporate lawyer and partner with expertise in complex legal matters across industries. With over two decades of experience, Mike has held leadership roles at multinational corporations, where he managed global compliance, risk, and corporate governance.

Kristin and Mike explore the real-world challenges in food cybersecurity, sharing stories from their work together and discussing how industries like food manufacturing and supply chains adapt to meet today’s cybersecurity threats. From legal and compliance perspectives to human and technological considerations, this episode contains practical insights and firsthand experiences.

_______________________________________________

Show Notes:

DISARM Framework:

https://www.disarm.foundation/framework

Beekeeper movie: 

https://www.imdb.com/title/tt15314262/

SEC Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies:

https://www.sec.gov/newsroom/press-releases/2023-139

Form 8-K: 

https://www.sec.gov/files/form8-k.pdf

_______________________________________________

Episode Key Highlights:

(0:00:00) - Food Memories and Personal Connections

(0:06:50) - Industry’s Push for Modernization in Cybersecurity

(0:21:00) - Key Supply Chain Vulnerabilities in Food

(0:31:28) - SEC’s New Cybersecurity Reporting Rules

(0:43:00) - Rising Cyber Threats Targeting Food Sector

_______________________________________________

Bites and Bytes Podcast Info:

TikTok

Website:  Explore all our episodes, articles, and more on our official website.  Visit Now

Merch Shop:  Show your support with some awesome Bites and Bytes gear! 🧢👕 Shop Now

Blog:  Stay updated with the latest insights and stories from the world of cybersecurity in the food industry.  Read Our Blog

Audience Survey:  We value your feedback!  Help us make the podcast even better.  Take the Survey

Schedule a Call with Kristin:  Want to share your thoughts? Schedule a meeting with Kristin!  Schedule Now