The Industrial Security Podcast

Breaking into tenant enterprise networks via building automation networks, say from a public coffee shop: Barry Coflan, a Strategy Consultant at Tower Hill Analytics, provides a perspective on the growing attack surface in modern buildings.

Patrick Coyle - long-time blogger at Chemical Facility Security News explores the state of CFATS regulations, new cybersecurity spending bills in the pipe, and his new blog: Future ICS Security News

Cybersecurity for rolling stock (trains) is trickier and even more safety critical than we imagine. Join Shannon Ramsaywak, Managing Partner at Nathanial Rand as we explore automation, security and safety issues for passenger rails.

Join us to explore building automation for skyscrapers, cybersecurity, and attack examples with Fred Gordy of Intelligent Buildings.

A timely and insightful exploration of supply chain security issues with Spencer Wilcox, the CSO and Executive Director of Technology at PNM Resources.

Daniel Ehrenreich joins us to explore practitioner experience of IT/OT Integration, 62443 training and the ICS CyberSec conference every year in Israel.

P&I diagrams connect process engineering to control engineering. Sarah Fluchs of Admeritia explains what we need to connect control engineers with security engineers.

Ransomware continues to evolve and sophisticated phishing attacks are the most popular attack vector. James McQuiggan of KnowBe4 explores ransomware, phishing and what we can do about it.️

Internet communications are creeping into electric distribution systems. James McCarthy and Don Faatz join us from the NIST NCCoE to talk about this project & others where they provide detailed “how to” industrial security documentation️

Learn about the Beer ISAC movement, the Beer ISAC Podcast, the Russian industrial security community and other initiatives with Anton Shipulin and Vladimir Dashchenko of Kaspersky️

Explore a targeted ransomware attack at a pharmaceuticals plant, the incident response and how hard it is to just "restore from backup" with Ofer Shaked, Co-Founder & Chief Technology Officer at SCADAfence.

Author, researcher and industrial security pioneer Jake Brodsky explores the security and operational benefits of configuring self-consistency checks into industrial control systems. He argues that these checks quickly pay for themselves through operational benefits, and substantially improve our ability to detect the most sophisticated of cyber attacks as well.

Derek Harp, CEO and Co-Founder of CS2AI and Founder of The Cyber List speaks to the history and future of CS2AI, and provides some insights into cyber security training for non-cyber-savvy audiences.

Roman Arutyunov, Co-Founder of Xage Security, explores intrinsically-distributed, authority-based blockchains for industrial security in the form of the Xage Security Fabric️

Marco Blume, Product Manager for Embedded at WIBU Systems introduces discrete manufacturing and explores how intellectual property protection, safety and cybersecurity work in that vertical and others.️

Phil Neray, VP Industrial Security of CyberX reviews findings, remediations and C-level responses for security assessments at 1800 industrial sites️

Industrial Defender was a pioneer of Industrial Security, but the brand dropped off the radar for several years. As of January though, Industrial Defender has returned. Phil Dunbar, CTO of the new Industrial Defender joins us to explore the significance of the firm's historical contributions, and where the new Industrial Defender is headed today.

Andy Bochman of Idaho National labs describes CCE, a new methodology for industrial security with a focus on mission assurance, which means different things in different industries️

Robert Pitcher of Public Safety Canada explores Canadian industrial security, including very popular attack training/awareness sessions and the annual industrial security symposium.

Security PHA Review - a new methodology for protecting safe operations. Join our discussion with one of the authors of the new ISA book describing a robust connection between safety and cybersecurity.

Paul Feldman joins us to explore cybersecurity governance topics for boards of directors in the North American electric sector. Paul is a former director of WECC and MISO, among many other roles. He talks to us about what are the responsibilities of boards of directors for cybersecurity and what kinds of cybersecurity discussions he sees taking place at the board level.This podcast is produced by P.I. Media for Waterfall Security Solutions.

Sven Shrecker is not just an expert in the internet of things—he's a well-versed, experienced public speaker. A Chief Architect at IBM, Sven is not only at the cutting-edge of IoT security, but someone who can magically make the work he does sound both engaging and understandable to just about anyone. In this pilot episode of The Industrial Security Podcast, Sven will be taking us through the emerging field of IoT in ICS, and how connecting the grid to the grid presents new problems, and new solutions, for security professionals.This podcast is produced by P.I. Media for Waterfall Security Solutions.Theme music: Waterfall by Headshock Music

Harry Paul's product is, well, complicated. His company produces what are called “data sheets”, addressing threat assessment and vulnerability mitigation for industrial cyber systems…and that's just about the simplest, most basic part of it. Andrew's got a big task in today's show—to take on some of the very highest-concept work going on in the SCADA private sector today, and translating it for the rest of us.This podcast is produced by P.I. Media for Waterfall Security Solutions.Theme music: Waterfall by Headshock Music

Jonathan Pollet, CEO of Red Tiger Security, walks us through how his crew does control system penetration testing, often with live, running systems as a target, with examples of findings and how customers use those findings.This podcast is produced by P.I. Media for Waterfall Security Solutions.Theme music: Waterfall by Headshock Music

We caught Jens Weisner at S4 and he talks about cybersecurity in Germany – progress, challenges and a little comparing of the German approach to what he sees happening in North America.This podcast is produced by P.I. Media for Waterfall Security Solutions.Theme music: Waterfall by Headshock Music

Buki Carmeli walks us through the evolution of government programs and legislation for securing Israel's critical infrastructure.This podcast is produced by P.I. Media for Waterfall Security Solutions.Theme music: Waterfall by Headshock Music

Marty Edwards discusses the need for a standard way to classify the criticality of industrial control systems – eg: safety-critical vs. equipment-critical vs. reliability-critical systems, and what implications such classification should have for industrial security programs.This podcast is produced by P.I. Media for Waterfall Security Solutions.Theme music: Waterfall by Headshock Music

The differences between IT and OT teams and approaches both make life difficult and represent opportunities to improve industrial operations.This podcast is produced by P.I. Media for Waterfall Security Solutions.Theme music: Waterfall by Headshock Music

Gabi Siboni joins us to talk about standards, challenges and current initiatives in Israel – perhaps most thoroughly-cyber-protected nation on the planet.This podcast is produced by P.I. Media for Waterfall Security Solutions.Theme music: Waterfall by Headshock Music

Patrick Miller discusses how technology advances in Industrial Control Systems are out-pacing existing industrial cybersecurity and business risk management programs and what needs to change to keep pace.This podcast is produced by P.I. Media for Waterfall Security Solutions.Theme music: Waterfall by Headshock Music

Industrial security insights regarding risks, programs, budgets and technology at the City of Calgary Water Services, with Darrol Weiss.This podcast is produced by P.I. Media for Waterfall Security Solutions.Theme music: Waterfall by Headshock Music

A wide-ranging conversation with Greg Hale, Editor and Founder of Industrial Safety and Security Source (ISSSource), about where we are today, how security relates to safety, how to sell security as improving efficiency and other topics.

Mark Lindike explores industrial systems and security challenges at the Munich International Airport, as well as how the new Munich ISH training facility is helping the airport and others.This podcast is produced by P.I. Media for Waterfall Security Solutions.Theme music: Waterfall by Headshock Music About this episodes guest: Mark Lindike - Head of cyber defense an Munich Airport and Head of Munich (ISH) Information

Meg Duba, a recruiter at Idaho National Labs talks about techniques, tips and challenges for industrial security recruitment and job hunting.Guest: Meg Duba, Recruiter, Idaho National LaboratoriesThis podcast is produced by P.I. Media for Waterfall Security Solutions.Theme music: Waterfall by Headshock Music

Asset inventory is the foundation of industrial security, which is essential to IT/OT convergence. Rick Kaun talks about asset inventory concepts and the Verve Industrial technology for inventory.Guest: Rick Kaun – VP Solutions at Verve Industrial ProtectionThis podcast is produced by P.I. Media for Waterfall Security Solutions.Theme music: Waterfall by Headshock Music

Lyndon is routinely called on for the first-ever security assessment at industrial sites. He explains how he does that and what he finds.This podcast is produced by P.I. Media for Waterfall Security Solutions.Theme music: Waterfall by Headshock Music

Mark Fabro explores how robust cyber/physical risk assessments help "stay left of boom" at industrial sites.Guest: Mark Fabro, President and Chief Security Scientist at Lofty PerchThis podcast is produced by P.I. Media for Waterfall Security Solutions.Theme music: Waterfall by Headshock Music

Industrial security pioneer Eric Byres speaks to software supply chain trust issues and some of the technology his new venture Adolus Inc. is developing to help.Guest: Eric Byres – CEO of AdolusThis podcast is produced by P.I. Media for Waterfall Security Solutions.Theme music: Waterfall by Headshock Music

Explore out of band security and operational anomaly detection with Ilan Gendelman and Hadas Levine of SIGA OT Solutions.

Industrial security pioneer Joe Weiss explains how there are 3 networks, not two – IT, OT and Engineering, with examples from the 2007 aurora test.This podcast is produced by P.I. Media for Waterfall Security Solutions.Theme music: Waterfall by Headshock Music

Build, break & secure with a 1000-lb portable lab – Matthew Luallen of Cybati explores modern industrial security training.This podcast is produced by P.I. Media for Waterfall Security Solutions.Theme music: Waterfall by Headshock Music

Jens Wiesner of the German BSI explores Malcolm, a new (free, open source) tool for OT network visibility, brought to us by the U.S. Idaho National Labs (INL).This podcast is produced by P.I. Media for Waterfall Security Solutions.Theme music: Waterfall by Headshock Music

How do we estimate the probability of an attack that has never happened? Ron Brash of Verve Industrial explains.This podcast is produced by P.I. Media for Waterfall Security Solutions.Theme music: Waterfall by Headshock Music

Rick Driggers of CISA describes cyber, physical and industrial security priorities at the new US DHS CISA agency.This podcast is produced by P.I. Media for Waterfall Security Solutions.Theme music: Waterfall by Headshock Music

Pointing fingers at vendors is easy. Creating "secure" products is a real challenge, supply chain is a big part of that challenge, and vendors cannot solve the problem in isolation. Kenneth Crowther, a Product Security Leader at GE to explores what a leader in the space is doing.This podcast is produced by P.I. Media for Waterfall Security Solutions.Theme music: Waterfall by Headshock Music

How education differs from training, with examples from Dr. Art Conklin at the University of Houston.

And other topics such as analog control systems, IIoT at nuclear sites and control system product "labeling" for security. Join Matt Gibson from the Electric Power Research Institute (EPRI) to explore these and other applied research insights for industrial security.