Error Code

The surge in renewables and decentralized power is reshaping grids—and exposing them to new operational and cyber risks. In this episode, Rafael Narezzi, Co-Founder & CEO of Centrii, explains how rising connectivity widens the attack surface, leaving energy infrastructure increasingly vulnerable.

Kerberos, a decades-old authentication protocol, creates hidden risks in OT environments. Dor Segal, security researcher team lead at Silverfort, discusses delegation abuse, cipher downgrade attacks, and person-in-the-middle threats—highlighting why legacy encryption, patching challenges, and operational constraints make identity security critical in industrial networks.

Rising software complexity in safety-critical industries is forcing cybersecurity requirements on systems previously not thought about before. David Sequino, CEO of OmniTrust (formerly ISS), talks about the need to secure digital certificates on life critical systems like cars and planes and the challenges in doing so.

Many devices on modern networks aren’t what their labels claim. This episode, Rob King, Director of Applied Security Research at runZero, explores white-labeled surveillance and IoT hardware, why some vendors are banned by governments, and how hidden risks can spread across enterprises. Discovery, device fingerprinting, and protocol analysis reveal what’s really connected—and why knowing your true inventory is now essential for security, compliance, and trust.

The growing importance of OT security, highlighting overlooked risks in critical infrastructure, legacy systems, and supply chains. Through real-world examples, Eric Durr, Chief Product Officer at Tenable, shows why OT security differs from IT, emphasizing visibility, resilience, and risk prioritization to protect safety, operations, and business continuity.

At Black Hat USA 2025, Dan Berte, IoT Director at Bitdefender, discusses the successes and failures of ride-sharing autonomous vehicles in San Francisco, and how these lessons might help design better IoT integrations of cities and AVs in the future.

Do you really know what’s on your network? A lot of OT devices are white labeled, meaning they have a brand name but under the hood they’re made by someone else. Sean Tufts, Field CTO for Claroty, explains how his team is using AI to sift through all the available data and build a cyber physical library that starts to add specificity to remediation operations, and improve cyber physical security overall

Diversity in healthcare devices complicates segmentation, security controls, and zero-trust approaches. New certifications aim to help. Bob Lyle, CRO of Medcrypt, identifies how layered defenses, rigorous cybersecurity requirements for new devices, continuous monitoring, and dark-web credential surveillance can reduce risk.

At Black Hat USA 2025, Dan Berte, IoT Director at Bitdefender, revisits his talk last year about hacking solar panels in light of the blackout in Spain and Portugal. While the Iberian Peninsula blackout wasn’t an attack, it shows how sensitive these systems are when mixing old and new technologies, and how living off the land attacks might someday take advantage of that.

At Black Hat USA 2025, Noam Moshe from Claroty’s Team 82 revealed several vulnerabilities in Axis Communications’ IP camera systems, including a deserialization flaw that could let attackers run remote code. The team worked with Axis to patch the issues. Moshe says that this case highlights the broader security risks still common in the billions of common IoT devices in the world today.

Ad fraud driven by both humans and AI agents require new signals beyond traditional bot-vs-human checks. Gavin Reid and Lindsay Kaye from HUMAN Security discuss how monetization includes ad and click fraud (peach pit), selling residential proxy access, and operating botnets for hire and preventing harm requires dismantling criminal infrastructure and collaboration across industry, since many infected devices cannot be practically cleansed by end users.

Certification exams increasingly reflect the IT OT convergence, acknowledging that many protections apply across both domains requiring holistic security approaches rather than siloed solutions. John France, CISO at ISC2, explains that as threats grow more complex, certifications, continuous learning, and diverse skills are essential to building a resilient global workforce.

The EU’s new Cyber Resilience Act (CRA) sets higher security requirements but leaves many technical details undecided. This puts pressure on vendors of connected or software-based products to either redesign, retrofit, or withdraw from the market. According to Roland Marx, Senior Product Manager at Swissbit, the CRA’s three-year rollout is meant to give companies time to adapt while regulators finalize the specifics.

Healthcare organizations are prone to the same weaknesses that any other office or manufacturing site may have. Sonu Shankar, Chief Product Officer at Phosphorus Cybersecurity, explains how the devices you might not suspect might be the ones to bring down your organization if they’re not secured. That includes the printer used to print patient wristbands.

Quantum computers could break today’s encryption, leaving many OT systems—which often lack encryption entirely—at even greater risk. Dave Krauthamer, Field CTO at QuSecure, warns that nation-state attackers may target critical infrastructure like power, water, and food supplies first, making it urgent to adopt quantum-resistant cryptography across both IT and OT systems.