loader from loading.io

Calculating OT Cyber Risk With Ilan Barda of Radiflow

Unsolicited Response Podcast

Release Date: 10/13/2021

Book Interview: Introduction To SBOM And VEX show art Book Interview: Introduction To SBOM And VEX

Unsolicited Response Podcast

info_outline S4x24 Closing Panel show art S4x24 Closing Panel

Unsolicited Response Podcast

info_outline Q1: ICS Security In Review show art Q1: ICS Security In Review

Unsolicited Response Podcast

Emma Stewart joins Dale to discuss the 3 big OT & ICS security stories from the first quarter. They end by giving their win, fail and prediction for Q1.

info_outline S4x24 Preview show art S4x24 Preview

Unsolicited Response Podcast

info_outline Predictions Analyzed show art Predictions Analyzed

Unsolicited Response Podcast

In this solosode episode Dale reviews the status of his three predictions from the Q1, 2 and 3 quarter in review episodes and answers a listener question.

info_outline Q4 ICS Security Quarter In Review show art Q4 ICS Security Quarter In Review

Unsolicited Response Podcast

info_outline CISA Attack Surface Scanning Service show art CISA Attack Surface Scanning Service

Unsolicited Response Podcast

Dale is joined by Steve Pozza, CISA Section Chief of Operational Resilience, and Tom Millar, CISA Branch Chief of Resilience, to discuss some of CISA's security services for asset owners. They discuss: The Internet accessible attack surface enumeration and vulnerability scanning surface. Asset owners can buy products or services to do this. Why is the government doing this? What CISA is doing with this attack surface data? How is CISA measuring the success of this service offering? Other broadly available services and tools, the cybersecurity performance goals (CPG assessment) ~500 done in...

info_outline Engineering-Grade OT Security with Andrew Ginter show art Engineering-Grade OT Security with Andrew Ginter

Unsolicited Response Podcast

Andrew Ginter published his third book this year: . Dale interviews Andrew on the book including: Who was the target reader that Andrew wrote the book for? Do (should) professional engineers lose their licenses for poor and dangerous cybersecurity design and deployments? The use of the term engineering grade, and how he defines it. Unhackable protection and safety controls as a major part of engineering grade. Unidirectional (one-way) network devices as the only security control listed as engineering grade. Is one-way from the enterprise network to the OT network engineering grade? Given the...

info_outline Asset Inventory, Lawyers, and AI show art Asset Inventory, Lawyers, and AI

Unsolicited Response Podcast

This week is a Dale Peterson solosode. Updates and Announcements Dale provides updates about S4x24 ticket sales and announces the Women In ICS Security program and sponsor package. Main Topics Asset Inventory in Cybersecurity: Dale challenges the common security mantra "You can't protect what you don't know," using examples from both physical and cyber domains. He notes many of the comments on this week's article missed the main point, and he gives hints on the next two asset inventory articles. Legal and Regulatory Issues in Cybersecurity: Dale emphasizes the importance of domain expertise...

info_outline Is The Purdue Model Dead (E) show art Is The Purdue Model Dead (E)

Unsolicited Response Podcast

info_outline
 
More Episodes
This episode dives deep into the risk score methodology of Radiflow's Ciara product. It attempts to use interview, asset inventory, and simulation to identify a risk score for a zone or site. It also then uses simulation to determine what security controls would most improve the risk score / reduce risk. Obviously this is a detailed talk on a specific vendor approach, so if that sort of thing bothers you this episode might not be for you.
 
We also talk about whether the visibility / detection product segment will be separate from the OT cyber risk product, and we end with a discussion of how a company the size of Radiflow competes with the Claroty/Dragos/Nozomi of the world that have raised $100M+.