loader from loading.io

Cyber Hygiene?

Unsolicited Response Podcast

Release Date: 05/15/2018

Megan Samford on ICS4ICS show art Megan Samford on ICS4ICS

Unsolicited Response Podcast

Dale Peterson interviews Megan Samford of Rockwell Automation in the S4x20 Green Room.

info_outline
Interview with DHS CISA Director Chris Krebs show art Interview with DHS CISA Director Chris Krebs

Unsolicited Response Podcast

This episode is my ~30 minute interview with DHS CISA Director Chris Krebs in the S4x20 Green Room.

info_outline
An Interview with Marina Krotofil show art An Interview with Marina Krotofil

Unsolicited Response Podcast

Marina Krotofil has been able to view the ICS security world from a number of perspectives. Beginning as an academic; working for an ICS vendor (Honeywell); working for an ICS security products and services company (FireEye); and now working for a large European petrochemical company.

info_outline
Sean McBride on ICS Security Education and Degree Programs show art Sean McBride on ICS Security Education and Degree Programs

Unsolicited Response Podcast

Sean McBride was on some of the earliest Unsolicited Response episodes when he was a Founder and Analyst with Critical Intelligence, the first ICS Threat Intel company. The first 10 minutes of the interview discuss the state of ICS threat intel today.

info_outline
An Interview with Patrick Miller show art An Interview with Patrick Miller

Unsolicited Response Podcast

I sat down with Patrick Miller in Sochi, Russia after we both presented at the Kaspersky KICS event. We cover the electric sector beyond NERC CIP, recruiting and retaining ICS security talent, what Patrick is currently passionate about in ICS security and more.

info_outline
S4x19 Closing Panel show art S4x19 Closing Panel

Unsolicited Response Podcast

The S4 Closing Panel is always a candid discussion on where the community is in securing ICS, where we are succeeding and where need to do better. This year I was joined by Rob Lee of Dragos and Zach Tudor of INL.

info_outline
Rockwell Automation Cybersecurity show art Rockwell Automation Cybersecurity

Unsolicited Response Podcast

In this episode I interview Megan Samford and Rick Cherney of Rockwell Automation. First, we discuss how they are dealing with vulnerabilities reported to them by researchers and other means. Second we discuss the Rockwell Automation getting past the Insecure By Design issue that has plagued the Level 1/PLC devices. Most notably the signed firmware and ICS protocol security in CIP Security. We also delve into the challenges of getting CIP Security deployed in both green field and legacy systems.

info_outline
Forescout's Strategy Post SecurityMatters Acquisition show art Forescout's Strategy Post SecurityMatters Acquisition

Unsolicited Response Podcast

Forescout's acquisition of SecurityMatters for $113M in cash was the first major exit from the OT Detection Space (or broader passive monitoring market as you will hear in the podcast). I spoke with Brian Proctor about:

info_outline
An Interview With Jonathan Homer of DHS show art An Interview With Jonathan Homer of DHS

Unsolicited Response Podcast

In this episode, I interview Jonathan Homer, the Chief of the ICS Group/Hunt & Incident Response Team at DHS. We discuss: 1) What changes will asset owners see with the creation of CISA in DHS? 2) A detailed discussion of the metrics DHS will use to determine if they are successful / having an impact? 3) Why or if DHS is competing with industry in many of their ICS security services. 4) The CISA Strategic Risk Management Process and how it will prioritize ICS security related efforts.

info_outline
ICS Firewall Market & Scoring SW/FW show art ICS Firewall Market & Scoring SW/FW

Unsolicited Response Podcast

The ICS Detection Market has achieved almost all of the funding and attention the last two years, including my analysis. So I decided to get the creator of the industrial firewall / gateway market, Eric Byres, on the podcast to help me analyze this market in 2019 and where it will go in the future.

info_outline
 
More Episodes

The buzzwords "cyber hygiene" is being said and written by many of the guru's in the ICS security community. It's hard to argue that basic hygiene is bad, but what is and isn't cyber hygiene?

I recorded a 3-person pod with Marty Edwards of the Automation Federation and Michael Toecker of Context Industrial Security. They were selected because they used the term, and all three of us had different views on what cyber hygiene means and the usefulness of the term. For example is applying security patches cyber hygiene? Is there a difference between cyber hygiene and cyber maintenance.

Amazingly, for three experienced and opinionated people, we all ended up changing our viewpoint and reached a basic agreement. Take a listen and see if you agree with where we ended up.

----

This episode was sponsored by CyberX. Founded by military cyber experts with nation-state expertise defending critical infrastructure, CyberX has developed an end-to-end platform for continuous ICS threat monitoring and risk mitigation.

Check out the CyberX Global ICS and IIoT Risk Report and my podcast from last year on the report with Phil Neray.