Gus Serino worked at a large water utility before joining Dragos in 2019. We're talking water sector so it's obligatory to start with Oldsmar (2:20), but we don't talk cyber. Instead we go through the physical portion of the water system assuming the attacker is able to issue the command to the pump to dump a lot of sodium hydroxide into the water system and what would likely happen. Importantly Gus identifies the simple, unhackable solution to this threat. A hard wired PH sensor that will shut off the pump regardless of the commands from the ICS.

After Oldsmar Dale and Gus discuss:

• how small and medium water systems should approach cyber risk
• the greater challenge to large water systems
• the EPA's early steps on cybersecurity and future regulation - surprises in moving from a water utility to Dragos
• what Gus's new I&C Secure company is doing