@BEERISAC: OT/ICS Security Podcast Playlist

From Y2K to 2038: Uncovering Time Bombs in OT and ICS Systems with Pedro Umbelino


Listen Later

Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)
Episode: From Y2K to 2038: Uncovering Time Bombs in OT and ICS Systems with Pedro Umbelino
Pub date: 2025-06-09

Get Podcast Transcript →
powered by Listen411 - fast audio-to-text and summarization



In this episode of Protect It All, host Aaron Crow welcomes Pedro Umbelino, Principal Research Scientist at BitSight, for an insightful and lively conversation recorded shortly after they met at RSA. Pedro shares stories of his early days in computing, from scavenging parts as a kid to teaching himself programming on a ZX Spectrum. The discussion quickly dives into critical cybersecurity issues across the interconnected worlds of IT and OT, focusing on dramatic vulnerabilities in Automatic Tank Gauges (ATGs) at gas stations—exposing ways attackers could cause significant physical damage and even spark major operational disruptions, all through insecure legacy protocols.

 

Pedro also brings attention to a ticking time bomb: the “Year 2038” problem, where millions (if not billions) of 32-bit systems might fail due to an epoch time rollover—an issue that could have consequences reminiscent of Y2K, but on a potentially broader scale, especially for OT and critical infrastructure.

 

Throughout the episode, Aaron and Pedro share practical strategies, lessons from the field, and the sobering reminder that many of these vulnerabilities are still lurking below the surface. The conversation highlights the importance of awareness, collaboration across industry and ISPs, and a proactive approach to understanding and hardening both new and legacy systems. Whether you're an OT engineer, a security researcher, or just curious about what it means to truly “protect it all,” this episode offers a fascinating look at the evolving landscape of digital and physical security risks.

 

Key Moments:

06:37 Letting Go of Old Memories

15:12 Refueling Spill Risks Concern Technicians

17:37 Understanding Risks Beyond Fear

23:24 Internet Exposure Risks for OT Devices

32:17 Global Cyber Incident Response Challenges

35:30 Legacy System Challenges

39:19 Unidentified Cyber Assets Risk

48:41 "Understanding the Epochalypse Project's Challenges"

49:31 Testing System Vulnerabilities at Scale

55:12 Tech Vulnerabilities Analogous to Y2K

01:03:08 Challenges in OT Modernization

 

About the Guest:

Pedro Umbelino currently holds the position of Principal Research Scientist at Bitsight Technologies and brings over a decade of experience in dedicated security research.

⁤His eclectic curiosity has led to the uncovering of vulnerabilities spanning a gamut of technologies, highlighting critical issues in multiple devices and software, ranging from your everyday smartphone to household smart vacuums, from the intricacies of HTTP servers to the nuances of NFC radio frequencies, from vehicle GPS trackers to protocol-level denial of service attacks. 

Pedro is committed to advancing cybersecurity knowledge and has shared his findings at prominent conferences, including Bsides Lisbon, DEF CON, Hack.lu and RSA.

How to connect Pedro :
LinkedIn: https://www.linkedin.com/in/pedroumbelino/
X: https://x.com/kripthor
Website: https://www.bitsight.com/

Connect With Aaron Crow:

  • Website: www.corvosec.com 
  • LinkedIn: https://www.linkedin.com/in/aaronccrow
  •  

    Learn more about PrOTect IT All:

    • Website: https://protectitall.co/ 
    • X: https://twitter.com/protectitall 
    • YouTube: https://www.youtube.com/@PrOTectITAll 
    • FaceBook:  https://facebook.com/protectitallpodcast 
    •  

      To be a guest or suggest a guest/episode, please email us at [email protected]

       

      Please leave us a review on Apple/Spotify Podcasts:

      Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

      Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4



      The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
      ...more
      View all episodesView all episodes
      Download on the App Store

      @BEERISAC: OT/ICS Security Podcast PlaylistBy Anton Shipulin / Listen Notes

      • 4.4
      • 4.4
      • 4.4
      • 4.4
      • 4.4

      4.4

      7 ratings


      More shows like @BEERISAC: OT/ICS Security Podcast Playlist

      View all
      Security Now (Audio) by TWiT

      Security Now (Audio)

      1,982 Listeners

      SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

      SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

      639 Listeners

      The Ben Shapiro Show by The Daily Wire

      The Ben Shapiro Show

      153,518 Listeners

      CyberWire Daily by N2K Networks

      CyberWire Daily

      1,013 Listeners

      Darknet Diaries by Jack Rhysider

      Darknet Diaries

      7,917 Listeners

      Cybersecurity Today by Jim Love

      Cybersecurity Today

      163 Listeners

      The Industrial Security Podcast by PI Media

      The Industrial Security Podcast

      21 Listeners

      Cyber Security Headlines by CISO Series

      Cyber Security Headlines

      128 Listeners

      Hack the Plant by Bryson Bort

      Hack the Plant

      25 Listeners

      Nexus: A Claroty Podcast by Claroty

      Nexus: A Claroty Podcast

      17 Listeners

      Error Code by Robert Vamosi

      Error Code

      9 Listeners

      HOU.SEC.CAST. by Michael Farnum and Sam Van Ryder

      HOU.SEC.CAST.

      7 Listeners