EP 65: Hacking Critical Infrastructure Through Supply Chains

Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Pedro Umbelino on Exploiting ATG Devices in Fuel StoragePub date: 2025-06-29Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationPedro Umbelino, Principal Research Scientist at Bitsight Technologies, joins the Nexus Podcast to discuss his team's research into Automatic Tank Gauge (ATG) systems and how they uncovered 11 vulnerabilities in ATGs manufactured by five different vendors. ATG systems are an industrial control system that monitors fuel levels inside storage tanks, including those at gasoline stations, military bases, hospitals, airports, and elsewhere. ATGs track fuel levels, and are meant to detect leaks, help with inventory management, and are key in regulatory compliance efforts.The vulnerabilities uncovered by Pedro and his team expose these systems to catastrophic risks, from environmental hazards to significant economic losses, including physical damage.Worse yet is that these systems are old and challenging to update. Read Bitsight's research here.Listen to the Nexus Podcast on your favorite podcast platform. The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 65: Hacking Critical Infrastructure Through Supply ChainsPub date: 2025-06-24Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCritical Infrastructure software lacks the strict liability standards found in industries like automotive manufacturing, leading to minimal accountability for insecure products when they get exploited.  Alex Santos, CEO of Fortress Information Security, explains how they’re typically hired by buyers of ICS equipment—such as utilities—to assess and mitigate supply chain risks, including working with OEMs to improve security.The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Industrial Cybersecurity InsiderEpisode: When IT Cyber Events Bring Down the Plant FloorPub date: 2025-06-24Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCraig and Dino break down how cyberattacks that start in traditional IT systems can shut down entire manufacturing production lines, leading to massive financial losses. Using real-world examples like UNFI's $500 million drop in market value in 60 hours, they explain how overlooked connections between IT and the OT plant floor are often the weakest links. You’ll hear why simply installing firewalls isn’t enough, how organizational silos between IT and operations cause major blind spots, and what it really takes to secure industrial equipment. Whether you're in leadership, technology, or operations, this episode will change how you think about cyber risk and business continuity in connected environments.Chapters:00:00:00 - Introduction: Where Responsibility Ends and Authority Doesn’t Begin00:01:08 - Meet Your Guides: Dino & Craig On the Frontlines00:01:14 - When Cyber Hits the Plant Floor00:01:28 - Real-World Wake-Up: The Unify IT Incident00:02:36 - The Gaps No One’s Watching in OT Security00:03:18 - How Org Structure Can Make or Break Cyber Defense00:04:03 - Plugging in OT Visibility: IDS in Action00:04:43 - Who’s Really Calling the Shots—Corporate or the Plant?00:07:02 - IT-OT Convergence: What Leaders Must Understand00:13:14 - Building Cyber Defense That Actually Works00:15:25 - Recovery Starts Before the Breach00:17:37 - Why IT Alone Can’t Fix OT Problems00:24:55 - Just Getting Started? Here’s What to Do First00:28:33 - Final Word: You Can’t Secure OT AloneLinks And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: Driving OT Security Innovation: AI, Risk Reduction, and the Future of Critical InfrastructurePub date: 2025-06-23Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWelcome back to Protect It All! In this episode, host Aaron Crow sits down with longtime friend and OT cybersecurity veteran Brian Proctor for a deep dive into the current state—and future—of the OT cyber landscape. Together, they trade stories from the front lines, reflecting on how their early experiences as asset owners shaped their passion for innovation and helping critical infrastructure run safely and securely. Brian, whose career spans roles from OT engineer to startup co-founder, opens up about his journey—highlighting his drive to push the boundaries of traditional OT security and the evolution of key industry technologies. The conversation explores everything from the persistent lack of innovation in OT, to AI’s growing role in tackling the daunting challenges of risk reduction, visibility, and scaling assessments across sprawling environments. If you’ve ever wondered how new tech like AI is reshaping industrial cybersecurity, why “we’ve always done it this way” just doesn’t cut it anymore, or how organizations can realistically stay ahead without breaking the bank, this episode delivers honest insights, practical advice, and a look toward an exciting, if sometimes daunting, future. So grab your headphones and settle in as Aaron and Brian share stories, hot takes, and strategies designed to protect it all—because in critical infrastructure, the stakes have never been higher. Key Moments:  06:45 OT Cyber Industry Evolution 11:57 Evolving Challenges in OT Security 19:34 Bridging the OT Security Skills Gap 21:54 Enhancing OT Security Understanding 30:46 AI Model Security Challenges 34:26 Rapid Scaling for Site Assessments 40:56 Simulating Cyber Threat Responses 47:19 Operational Priorities: Equipment vs. Cyber Tools 49:30 Focus on Meaningful Security Metrics 56:30 Rapid AI Adoption vs. Internet 01:02:12 Cybersecurity: Small Targets are Vulnerable About the guest :  Brian Proctor is a cybersecurity leader with over 20 years of experience protecting critical infrastructure across energy, industrial automation, and operational technology sectors. As the co-founder and CEO of Frenos, he empowers critical infrastructure operators to proactively secure their environments against evolving cyber threats. Brian built his foundation in ICS/OT cybersecurity during his 13+ year tenure at two progressive California Investor Owned Utilities, San Diego Gas & Electric and Southern California Edison serving the 2nd and 8th largest cities in the United States. He managed a team of 15 security engineers and researchers across 150+ projects, established OT security roadmaps, and co-invented an R&D Magazine Top 100 award-winning GPS anti-spoofing mitigation technology that earned him a patent. Brian has published IEEE papers on security monitoring, served as Critical Infrastructure Co-Chair for Securing Our eCity, and regularly speaks at conferences to educate and build the ICS/OT cybersecurity community. He holds technical certifications including GICSP, CISSP, and CRISC, along with a Business Administration degree from the University of San Diego. Links:  https://frenos.io/services - Learn more about Optica, the industry's first tech-enabled rapid OT visibility service  https://frenos.io/autonomous-ot-security-assessment-platform - Learn more about how to automate OT security risk assessments Connect Brian : https://www.linkedin.com/in/brianproctor67/ Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: [email protected]  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at [email protected]   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Casos de Ciberseguridad IndustrialEpisode: 4/4 Desenlace incorporando ciberseguridad en el diseño de tecnología industrialPub date: 2025-06-23Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationEn este episodio se muestran recomendaciones para quien esté empezando a considerar la ciberseguridad como parte del desarrollo de una nueva tecnología y cambios estructurales o culturales necesarios para seguir avanzando.The podcast and artwork embedded on this page are from Centro de Ciberseguridad Industrial, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Steven Sim on OT-ISAC and the State of Information SharingPub date: 2025-06-23Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationSteven Sim, Chair of the OT-ISAC Advisory Committee, joins the Nexus Podcast to catch us up on the ISAC's activities, and some of the upcoming community-driven initiatives sponsored by the group. Steven shares the processes by which member organizations share incident, threat, and vulnerability information. He also discusses how member organizations contribute and participate in discussions and events that level up the maturity of cybersecurity practices within OT asset-heavy enterprises. Listen to the Nexus Podcast on your favorite podcast platform.The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Secure Insights with NDK CyberEpisode: AI-Native OT Security with FRENOS’ Harry Thomas and Colin MurphyPub date: 2025-06-19Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationSend us a textThis week on Secure Insights, we're joined by FRENOS Founder Harry Thomas and Chief Hacking Officer Colin Murphy. Frenos is an innovative organisation revolutionising OT security through the use of AI and next-generation tech. In this episode, we shine a light on some of the most overlooked challenges in the OT space, exploring whether the traditional ways of assessing risk still hold up, and how scalable the Frenos approach really is. We dive into what's working, what's not, and where the future of OT security is headed. From critical vulnerabilities to smarter, AI-driven solutions, we unpack it all giving you real insight into where businesses are falling short, where they’re leading the charge, and what needs to change to secure our infrastructure for the long haul.Get in touch with host James hereGet in touch with Harry here.Get in touch with Colin here.The podcast and artwork embedded on this page are from NDK Cyber, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: OT Security Made SimpleEpisode: Wer ist für die Cybersicherheit der Windparks verantwortlich? | OT Security Made SimplePub date: 2025-06-19Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationMohamed Harrou erklärt als OT-Sicherheitsingenieur beim Energieversorger Amprion den Mehrwert von OT-Sicherheit in Windparks und PV-Anlagen. Mit seinem 12 Jahren Erfahrung im Bereich erneuerbarer Energieanlagen liefert er praxisnahe Einblicke zu den technologischen und organisatorischen Herausforderungen moderner Windparks und gibt eine überraschende und eher beunruhigende Antwort auf die Frage nach den Verantwortlichkeiten. The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Sarah Fluchs on the Cyber Resilience ActPub date: 2025-06-17Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCybersecurity and technology expert Sarah Fluchs joins the 100th episode of the Nexus Podcast to discuss the EU's Cyber Resilience Act and what it means for manufacturers of "products with digital elements" as they aim toward a 2027 compliance deadline. Sarah provides her insight on the regulation's essential requirements, its focus on secure-by-design and overall cyber resilience of products, and the milestones manufacturers need to hit as their compliance efforts get under way. Sarah also discusses her thought leadership and work in bringing cybersecurity to engineers, asset operators, and other non-security teams. It's important, she says, to eliminate cybersecurity's innate complexity and bring these concepts to engineers and others on their terms. Listen to the Nexus Podcast on your favorite podcast platform.The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: The Industrial Security Podcast (LS 36 · TOP 3% what is this?)Episode: Credibility, not Likelihood [The Industrial Security Podcast]Pub date: 2025-06-17Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationSafety defines cybersecurity - Kenneth Titlestad of Omny joins us to explore safety, risk, likelihood, credibility, and deterministic / unhackable cyber defenses - a lot of it in the context of Norwegian offshore platforms.The podcast and artwork embedded on this page are from PI Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.