Lessons Learned From Incident Response [The Industrial Security Podcast]

We've been hacked. Everything is down. Or more mundane - there was a power surge and 5% of our cyber gear is fried. How do we get back into operation fastest? Stephen Nichols of Acronis joins us to look at rapid recovery of OT systems - from the mundane to the arcane.

We know there are problems in our security systems, but we can't and shouldn't fix everything. What do we fix? Who decides? How do we explain what's reasonable to people who do decide? Kayne McGladrey, CISOIn Residence at Hyperproof, joins us to explore risk, communication, and a surprising role for insurance.

Yes the device has to be safe to use on patients, and yes it has to produce its results reliably, but patient / data confidentiality is also really important. Naomi Schwartz of Medcrypt joins us to explore the multi-faceted world of medical device cybersecurity - from MRI's to blood sugar testers.

If you can touch it, you can hack it, usually. And having hacked it, you can often more easily find exploitable vulnerabilities. Marcel Rick-Cen of Foxgrid walks us through the basics of hacking industrial hardware and software systems.

Asset inventory, networks and router / firewall configurations, device criticality - a lot of information. How can we USE this information to make useful decisions about next steps to address cyber risk? Vivek Ponada of Frenos joins us to explore a new kind of OT / industrial digital twin - grab all that data and work it to draw useful conclusions.

We don't have budget to fix the problem, so we accept the risk? Tim McCreight of TaleCraft Security in his (coming soon) book "I don't sign s**t" uses story-telling to argue that front line security leaders should not be accepting multi-billion dollar risks on behalf of the business. We need to escalate those decisions - with often surprising results when we do.

NIS2 legislation is late in many EU countries, and the new CRA applies to most suppliers of industrial / OT computerized and software products to the EU. Christina Kiefer, attorney at reuschlaw, walks us through what's new and what it means for vendors, as well as for owner / operators.

Hundreds of subsystems with the same IP addresses? Thousands of legacy devices with no modern encryption or other security? Constant, acquisitions of facilities "all over the place" network-wise and security-wise? What most of us need is "network duct tape". Tom Sego of Blastwave shows us how their "duct tape" works.

Safety defines cybersecurity - Kenneth Titlestad of Omny joins us to explore safety, risk, likelihood, credibility, and deterministic / unhackable cyber defenses - a lot of it in the context of Norwegian offshore platforms.

How did they get in? How did we find them when they got in? What can we do in future to clean up the mess faster? Chris Sistrunk reflects on a decades' industrial cyber incident response experience at Mandiant (Google).