Securing OT: Strategies for Prioritizing Vulnerabilities

Podcast: OT Security Made Simple PodcastEpisode: OT Security Made Simple | Hatte der Energiesektor bei Cyberangriffen bisher nur Glück?Pub date: 2024-04-25OT Security Made Simple Host Klaus Mochalski spricht mit Stefan Grützmacher, der in den letzten Jahrzehnten mehrere Energieversorger geleitet hat. Für Stefan wird die OT-Sicherheit bei den Kritischen Infrastrukturen noch immer viel zu stiefmütterlich behandelt. Er stellt als Branchenkenner aber auch klare Anforderungen an Lösungen für den KRITIS-Sektor.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Secure Insights with NDK CyberEpisode: Rails & Resilience: Navigating Cybersecurity in Rail Travel with RazorSecure CEO, Alex CowanPub date: 2024-04-25In this episode, we welcome Alex Cowan, CEO of RazorSecure, where we discuss the intricate world of rail cybersecurity.  From legacy systems to cutting-edge digital infrastructures, Alex shares his wealth of knowledge gained from over a decade in the field. Additionally, we'll explore the impact of new NIST regulations on this dynamic sector.Join us for another informative episode of Secure Insights!The podcast and artwork embedded on this page are from NDK Cyber, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Data Breach Today Podcast (LS 32 · TOP 5% what is this?)Episode: Major Areas of Cybersecurity Focus for Medical Device MakersPub date: 2024-04-24Medical device makers submitting products for premarket approval by the Food and Drug Administration often struggle the most with cybersecurity in three major areas - design controls, providing a software bill of materials and testing, according to Nastassia Tamari of the FDA.The podcast and artwork embedded on this page are from DataBreachToday.com, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Hack the Plant (LS 34 · TOP 5% what is this?)Episode: The ICS HackerPub date: 2024-04-23Claroty is a cybersecurity company that helps organizations to secure cyber-physical systems across industrial (OT), healthcare (IoMT), and enterprise (IoT) environments: the Extended Internet of Things (XIoT). In this episode, Bryson Bort sits down with Claroty director of research and industrial control system (ICS) vulnerability expert Sharon Brizinov to discuss everything ICS.What are the most common vulnerabilities threatening ICS security? What’s the impact of cybersecurity controls standardization? And if he could wave a magic wand, what is one thing he’d change in the ICS industry? “Don't expose ICS equipment over the Internet,” Sharon said. “That's my wish. To eliminate all the ICS Internet-exposed devices.”Join us for this and more on this episode of Hack the Plant. Hack the Plant is brought to you by ICS Village and the Institute for Security and Technology. The podcast and artwork embedded on this page are from Bryson Bort, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Unsolicited Response (LS 34 · TOP 5% what is this?)Episode: State Of NERC CIP, European Update and OT Security CommunityPub date: 2024-04-24Patrick Miller has OT cybersecurity experience as an asset owner, PacificCorp. As a regulator and one of the first NERC CIP auditors with WECC. As a community organizer creating and leading EnergySec and the BeerISAC. And as an entrepreneur creating and leading a number of consulting practices. He is currently the Founder of Ampyx Cyber.   In this episode Patrick and Dale discuss: Why Patrick changed the company name and selected Talinn as the location for the new European office. The major differences in approaches to OT cybersecurity and risk management between Europe and the US. (more than just regulatory differences) What has the EU learned or improved on regulation from NERC CIP. What is the current state of NERC CIP regulatory risk? Are the regulated entities understanding and meeting the standards’ requirements? The challenge of slow NERC CIP modifications, eg virtualization and cloud. Bad standard & good regulator v. good standard & bad regulator. Should water follow the NERC CIP model as recommended by AWWA? How Patrick is dealing with AI.   Links Ampyx Cyber: https://ampyxcyber.com Patrick’s Critical Assets Podcast: https://amperesec.com/podcast Subscribe to Dale’s ICS Security Friday News & Notes: https://friday.dale-peterson.com/signup Advertise on Unsolicited Response: https://dale-peterson.com/advertising/   The podcast and artwork embedded on this page are from Dale Peterson: ICS Security Catalyst and S4 Conference Chair, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Adam Gluck on Industrial DevOpsPub date: 2024-04-23Adam Gluck, founder and CEO of Copia Automation, joins the Claroty Nexus podcast to discuss the need for DevOps within industrial automation. DevOps practices are popping up more frequently in these environments, but there are still hurdles and challenges for developers and engineers to overcome. Adam covers those, and explains how DevOps can improve disaster recovery, lessen the introduction of vulnerabilities in new code, and mitigate risk by being proactive about reviewing code changes as they happen rather than later in the development lifecycle. The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Error Code (LS 25 · TOP 10% what is this?)Episode: EP 35: Outsized Kinetic Response to OT AttacksPub date: 2024-04-23If you knock down an email server, you could stand up a parallel server or you could find workarounds. If you knock down a factory floor, there is no real parallel, alternative to a factory floor.  Dane Grace of Brinqa talks about how the risks to OT carries with it an outsized kinetic response in the real world. For example, what would happen if someone managed to put a botnet on a defibrillator?The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Cyber Work (LS 42 · TOP 1.5% what is this?)Episode: How to get started in industrial control systems cybersecurity | Guest Robin BerthierPub date: 2024-04-22Today on Cyber Work, we are talking operational technology, or OT, security with guest, Robin Berthier of Network Perception. From his earliest studies to his time as an academic researcher, Berthier has dedicated his career to securing the intersection between operational technology and network security, with some pretty imaginative solutions to show for it. In today’s episode, Berthier explains why modern OT security means thinking more about the mechanics of the machinery than the swiftness of the software solutions, the big conversation that infrastructure and ICS Security need to have about nation-state attackers (and finally are having!) and Berthier's best piece of career advice turns into some excellent thoughts on the importance of maintaining your network… and I don’t mean routing and switching!0:00 - Industrial control systems cybersecurity1:54 - How Robin Berthier got into tech3:38 - Majoring in cybersecurity 4:55 - Intrusion detection systems 9:18 - Mechanical and cybersecurity tools12:33 Launching Network Perception17:03 - Current state of ICS and OT infrastructure20:24 - Cyberattacks on industrial control systems28:35 -Skills needed to work in industrial control systems35:19 - Where are ICS security jobs?36:39 - Getting into local OT systems37:55 - Skills gaps in ICS39:21 - Best piece of career advice41:01 - Cultivating a work network43:28 - What is Network Perception?45:27 - Learn more about Robin Berthier45:58 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.The podcast and artwork embedded on this page are from Infosec, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: ICS Pulse PodcastEpisode: Ep. 46: Matt Wiseman on the massive impact of OT decisionsPub date: 2024-04-23When it comes to OT cybersecurity, every decision can have massive impact on company finances,human life and safety and more. In this episode of the ICS Pulse Podcast, we talk to Matt Wiseman of OPSWAT about getting IT and OT to work together and how AI/ML can help simplify the process.The podcast and artwork embedded on this page are from Industrial Cybersecurity Pulse, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Casos de Ciberseguridad IndustrialEpisode: 2/4 Análisis del caso Cómo proteger las cajas negras en un entorno OTPub date: 2024-04-22En este episodio se analizan cuáles son los riesgos de las cajas negras, así como consideraciones específicas al diseñar estrategias de protección.The podcast and artwork embedded on this page are from Centro de Ciberseguridad Industrial, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.