Salvatore Gariuolo, a senior threat researcher at Trend Micro, joins the Nexus Podcast to discuss safe EV charging and in particular, the ISO 15118 standard meant to create a trusted environment for electric vehicle charging. 

Gariuolo contends that while ISO 15118 offers substantial improvements that reduce pressure on the grid, and also introduces a handful of cybersecurity enhancements, it is not sufficient to fully secure the EV charging ecosystem.

Listen and subscribe to the Nexus Podcast

Noam Moshe, Research Director for Claroty Team82, joins the Nexus Podcast live at the Black Hat Briefings in Las Vegas to discuss research that was presented here on the security of a popular video surveillance platform manufactured by Axis Communications. 

Moshe describes how Team82 examined the proprietary protocol supporting Axis servers and clients (camera) and uncovered four vulnerabilities that could be chained to eventually gain pre-authentication remote-code execution. 

Moshe explains Team82's research process, the risks to users, and the successful disclosure process with Axis Communication that resulted in prompt patches available for the servers and camera platforms. 

Read Team82's research blog here

Listen and subscribe to the Nexus Podcast

Dan Berte, director of IoT security at Bitdefender, joins the Nexus Podcast to join his team's ongoing research into the security of solar grid inverters and three serious vulnerabilities uncovered in the popular Deye Solarman management platform.

Dan discusses his team's research, the disclosure process, and the implications on green energy initiatives overall. With the growing popularity of these platforms, Berte cautions that attackers are going to continue to analyze their security for weaknesses and attempt to exploit them. 

Listen to the Nexus Podcast on your favorite podcast platform.

OT cybersecurity veteran Vivek Ponnada, SVP Growth & Strategy at Frenos, joins the Nexus Podcast to lend his expertise on the areas where he is seeing the most maturity and rapid evolution in the practice. Vivek explains the growing demand for contextual information to supplement the data organizations have around their known assets and vulnerabilities, for example. He also explains current risk prioritization and mitigation strategies, and how advanced technologies fit into the OT security landscape. 

Listen to the Nexus Podcast on your favorite podcast platform.

Austin Allen, Sr. Director of Global Solutions Architecture at Airlock Security, joins the Nexus Podcast to discuss cybersecurity realities happening inside healthcare delivery organizations. 

Allen covers challenges and solutions around legacy software managing connected medical devices, and other cybersecurity risks potentially negatively impacting patient care. 

Allen also discusses the role of industry regulations and the role of compliance in guiding hospital cybersecurity programs.

Listen to the Nexus Podcast on your favorite podcast platform.

Gentry Lane, founder of Nemesis Global, joins the Nexus Podcast to discuss the strategies guiding adversaries in their targeting of U.S. critical infrastructure. Primary of which is the desire of countries such as China, Russia, Iran, and North Korea to displace the U.S. as the global hegemon, she said. 

To disrupt the U.S.' standing as such, these adversaries have chose cyberspace as a front where they're on relatively equal footing. They're doing so incrementally, Lane said, known as salami tactics. Salami tactics is a strategy of gradually cutting into an opposition's dominance by instilling distrust in institutions, utilities, or the government's ability to protect us. Gentry describes theses tactics, their effectiveness, and what critical infrastructure defenders should be doing to protect their systems and networks. 

Listen to the Nexus Podcast on your favorite podcast platform.

Pedro Umbelino, Principal Research Scientist at Bitsight Technologies, joins the Nexus Podcast to discuss his team's research into Automatic Tank Gauge (ATG) systems and how they uncovered 11 vulnerabilities in ATGs manufactured by five different vendors. 

ATG systems are an industrial control system that monitors fuel levels inside storage tanks, including those at gasoline stations, military bases, hospitals, airports, and elsewhere. ATGs track fuel levels, and are meant to detect leaks, help with inventory management, and are key in regulatory compliance efforts.

The vulnerabilities uncovered by Pedro and his team expose these systems to catastrophic risks, from environmental hazards to significant economic losses, including physical damage.

Worse yet is that these systems are old and challenging to update. 

Read Bitsight's research here.

Listen to the Nexus Podcast on your favorite podcast platform.

Steven Sim, Chair of the OT-ISAC Advisory Committee, joins the Nexus Podcast to catch us up on the ISAC's activities, and some of the upcoming community-driven initiatives sponsored by the group. Steven shares the processes by which member organizations share incident, threat, and vulnerability information. He also discusses how member organizations contribute and participate in discussions and events that level up the maturity of cybersecurity practices within OT asset-heavy enterprises. 

Listen to the Nexus Podcast on your favorite podcast platform.

Cybersecurity and technology expert Sarah Fluchs joins the 100th episode of the Nexus Podcast to discuss the EU's Cyber Resilience Act and what it means for manufacturers of "products with digital elements" as they aim toward a 2027 compliance deadline. 

Sarah provides her insight on the regulation's essential requirements, its focus on secure-by-design and overall cyber resilience of products, and the milestones manufacturers need to hit as their compliance efforts get under way. 

Sarah also discusses her thought leadership and work in bringing cybersecurity to engineers, asset operators, and other non-security teams. It's important, she says, to eliminate cybersecurity's innate complexity and bring these concepts to engineers and others on their terms. 

Listen to the Nexus Podcast on your favorite podcast platform.

Andrew Ohrt, the resilience practice area lead at West Yost, joins the Nexus Podcast to discuss cyber-informed engineering (CIE) and how it informs engineers and asset operators to understand their role in creating and maintaining a cyber resilient organization. According to Ohrt, CIE is one of the best examples of delivering cybersecurity concepts to non-security teams, speaking to them in their language, and avoiding the often-intimidating jargon that can dominate cybersecurity discussions.

Listen to the Nexus Podcast on your favorite podcast platform.