))
Electricity. Finance. Transportation. Our water supply. In Hack the Plant, podcast host Bryson Bort looks for answers to the question: Does connecting these systems, and others, to the internet leaves us more vulnerable to attacks by our enemies? We often take these critical infrastructure systems for granted, but they’re all becoming increasingly dependent on the internet to function. From the ransomware threats of Colonial Pipeline to the failure of the Texas power grid, it is clear our in ...
…
continue reading
1
Supporting Ukrainian Electrical Grid Resilience in Wartime
32:19
32:19
Play later
Play later
Lists
Like
Liked
32:19
Joe Marshall is a Senior IoT Security Strategist at Cisco Talos Intelligence Group. When Russia invaded Ukraine in 2022, Joe helped coordinate a multinational, multi-company coalition of volunteers and experts to find a technological solution. Bryson and Joe sat down to discuss his efforts in Ukraine, how he got the go-ahead from Cisco leadership, …
…
continue reading
In this episode, Bryson Bort is joined by Paul Shaver, Global OT Security Practice Lead at Mandiant / Google Cloud to discuss the cyber threat landscape. How did Paul’s military background play a role in his decision to start working with control systems? What is the difference between an advanced persistent threat and a regular threat? What does P…
…
continue reading
Claroty is a cybersecurity company that helps organizations to secure cyber-physical systems across industrial (OT), healthcare (IoMT), and enterprise (IoT) environments: the Extended Internet of Things (XIoT). In this episode, Bryson Bort sits down with Claroty director of research and industrial control system (ICS) vulnerability expert Sharon Br…
…
continue reading
1
Securing, Defending, and Bringing Resilience to Infrastructure
36:41
36:41
Play later
Play later
Lists
Like
Liked
36:41
Psymetis creates Operational Technology (OT) security solutions that quickly and prevent electric grid outages and catastrophic infrastructure failures. Psymetis’ Werewolf system provides condition monitoring and threat mitigation for the power grid, detecting cyberattacks, equipment failures, and physical damage in real-time. In this episode of Ha…
…
continue reading
1
CISA’s Critical Infrastructure Protection Mission with Jen Easterly
50:54
50:54
Play later
Play later
Lists
Like
Liked
50:54
As America’s Cyber Defense Agency and the National Coordinator for Critical Infrastructure Security and Resilience, the Cybersecurity and Infrastructure Security Agency (CISA) leads the national effort to understand, manage, and reduce risk to the cyber and physical infrastructure that Americans rely on every day. In this episode of Hack the Plant,…
…
continue reading
I’m joined by Jesse Whaley, the Chief Information Security Officer at Amtrak, for this episode of Hack the Plant. Amtrak is the nation's largest passenger rail service provider and one of the most complex and critical transportation systems in the world. We discuss what it takes to oversee Amtrak’s digital assets and infrastructure, and what it tak…
…
continue reading
1
Open Source Data Visualization for Cyber Threats
39:24
39:24
Play later
Play later
Lists
Like
Liked
39:24
I’m joined by Dan Ricci, founder of the ICS Advisory Project, for this episode of Hack the Plant. The ICS Advisory Project is a free, open-source platform that helps asset owners across 16 critical infrastructure sectors stay secure by identifying threats in their environments. “I saw a gap in the community. There's good data that's coming at us…bu…
…
continue reading
1
Cyber Threat Intelligence Over the Past 25 Years
49:05
49:05
Play later
Play later
Lists
Like
Liked
49:05
I’m joined by Jason Healey, a Senior Research Scholar at Columbia University’s School for International and Public Affairs, for this episode of Hack the Plant. Jason is a pioneer of cyber threat intelligence, with experience spanning fifteen years across the public and private sectors. Today, we discuss a recent article Jason published at Lawfare, …
…
continue reading
I’m joined by David Patrick Emmerich, the Principal Cyber-Physical Range Architect at the University of Illinois, for this episode of Hack the Plant. We’re here today to talk about RADICS, a DARPA project. RADICS stands for Rapid Attack Detection, Isolation and Characterization Systems. We discuss David’s role in building automated data collection …
…
continue reading
1
Managing Incident Responses to Critical Infrastructure Attacks
43:11
43:11
Play later
Play later
Lists
Like
Liked
43:11
For today’s episode, I’m joined by Lesley Carhart. Lesley is the Director of Incident Response for North America at the industrial cybersecurity company Dragos, Inc. She leads incident response and proactively hunts for threats in customers’ ICS environments. Lesley was the incident response team lead at Motorola Solutions, and retired from the Uni…
…
continue reading
1
Idaho National Labs and the Next Generation of Critical Infrastructure Security
32:20
32:20
Play later
Play later
Lists
Like
Liked
32:20
For today’s episode, I’m joined by Zach Tudor, the Associate Laboratory Director at Idaho National Laboratory (INL). INL is a Department of Energy national laboratory, is the nation's leading center for nuclear energy research and development. Zach is responsible for INL’s Nuclear Nonproliferation, Critical Infrastructure Protection and Defense Sys…
…
continue reading
1
Resilience and Safety for Electric Co-Ops
33:39
33:39
Play later
Play later
Lists
Like
Liked
33:39
“One of my favorite topics is disaster resilience. We do quite a bit of work on what mutual assistance looks like and how to improve mutual assistance, how to rebuild systems once they've been hit by something terrible. My more recent interesting example was when a tornado had gone through a co-op and they were looking for what to do when their dat…
…
continue reading
“What's been most concerning is the rise of wiper malware. Threat actors are no longer interested in hey we're going to lock up all of your data. We're going to encrypt everything and force you to pay a ransom and then maybe give you the decryption key. Now with wiper malware they're just completely wiping it. … This year there's been a total of 5 …
…
continue reading
1
Accelerating Innovation in Electric & Gas
33:39
33:39
Play later
Play later
Lists
Like
Liked
33:39
“Most industrial economies only consume about 20% our total end use energy in the form of electricity. The rest, we consume by basically combusting fossil fuel … You could get all of your electricity from wind and solar and you've still only solved 20% of your carbon problem. A lot of the investments we've made at Energy Impact Partners are actuall…
…
continue reading
1
Cyber threats to agriculture and food production
34:25
34:25
Play later
Play later
Lists
Like
Liked
34:25
“Agriculture and cybersecurity has just run under the radar. We're talking about something that's one fifth of the us economy right? This is this is a huge deal here in the US, and globally as well … We can begin get the right expertise and collateral assembled so we're not the next ransomware victim or we have enough resiliency built into our oper…
…
continue reading
1
Training the Cyber Workforce of the Future
29:21
29:21
Play later
Play later
Lists
Like
Liked
29:21
“You can only cover about 65% of the cybersecurity workforce demand with the existing workforce today. So we need to do something to address that gap. We need to either build that workforce or re-skill existing individuals that are looking to get into new fields. That's the approach that we're taking. So the need is there. We know that cyber risk i…
…
continue reading
“How do we talk about all the great things we're doing in our communities, in optimizing and trying to reduce carbon, and looking at new solutions and coming up with different technologies that can help advance to help keep prices down and keep reliability up. We're really spoiled at times in the US with how often we have our power. I've had to tra…
…
continue reading
“I've been educating now for about eight years within the college system and that hands-on experiential learning is critical. When I have students do something that's like a scenario based off of different security assessments I've done or just weaving in some real world stuff, they thrive. They really get excited. They walk away from it energized.…
…
continue reading
1
INL - Wind energy and cybersecurity challenges
41:06
41:06
Play later
Play later
Lists
Like
Liked
41:06
Wind energy is one of the most rapidly growing energy generation sources in the US - how can these renewable systems stay resilient in the face of cyber attacks as the industry grows? In this episode, we hear from Megan Culler and Keith Mecham of Idaho National Labs (or INL). Megan Culler is a Power Engineer and Researcher; Keith Mecham is a Critic…
…
continue reading
1
Cyber Challenges to Securing Our Electric System - California and Beyond
40:01
40:01
Play later
Play later
Lists
Like
Liked
40:01
“Initially it was looking at specific types of attacks and thinking how those could be utilized against our systems, but then it became more sophisticated in thinking of how these attacks could be coordinated together by larger actors? …. I think that regulation's role is more to draw attention and provide you with a base minimum, and then from the…
…
continue reading
“We had to go out and talk to experts and just have the conversations and then be brutally honest about what those people were telling us about the problem. In many cases, we didn't even tell them what we were thinking about doing. We would call them up and say, "How are you securing your industrial control systems today?" and just listen.” - Joshu…
…
continue reading
When will hard infrastructure have machine learning capabilities? It might be sooner than you think. Ariel Stern, formerly an engineer in the Israeli Ministry of Defense and a civil infrastructure project manager, currently CEO of Ayyeka, which offers remote monitoring for industrial Internet of Things (IoT) systems. Ariel has a forward-looking app…
…
continue reading
1
Biden Admin's Cybersecurity Executive Order
39:19
39:19
Play later
Play later
Lists
Like
Liked
39:19
On May 12, 2021, the Biden Administration issued an Executive Order “On Improving the Nation’s Cybersecurity.” This came in the wake of ransomware attacks drawing national attention: Solar Winds, Colonial Pipeline, and more. We take a deep dive into the Executive Order, and what it means for public and private efforts to keep our critical infrastru…
…
continue reading
In February, severe winter storms and an electricity generation failure left almost 5 million people in Texas without power, leading to hundreds of deaths, and a shortage of heat, food and water. The Electric Reliability Council of Texas (ERCOT) manages the flow of electric power to more than 26 million Texas customers. How did the massive power fa…
…
continue reading
1
Department of Defense Policy and ICS Security
45:02
45:02
Play later
Play later
Lists
Like
Liked
45:02
Daryl Haegley is the Director of Cyberspace Mission Assurance and Deterrence at the Department of Defense. Daryl oversees cybersecurity efforts to secure control systems (ICS) and operational technology (OT), and focuses on bringing awareness to the ever-increasing cyber threats. He has 30 years of military, civilian and commercial consulting exper…
…
continue reading
1
The Congressman, The Commission, and Our Critical Infrastructure
56:38
56:38
Play later
Play later
Lists
Like
Liked
56:38
Congressman Mike Gallagher (R-Wis.) has been instrumental in setting up the Cyberspace Solarium Commission, a bipartisan, intragovernmental body whose goal is to help create a strategic approach to defending the United States from cyber attacks of significant consequence (and for listeners of this podcast, that definitely means attacks on our criti…
…
continue reading
Rob Lee, the CEO and founder of the industrial cybersecurity company, Dragos, is a pioneer in the ICS threat intelligence and incident response community. Before Dragos, Rob served as a cyber operations officer in the U.S. Air Force tasked to the National Security Agency, helping protect industrial infrastructure - an issue that leaders around the …
…
continue reading
The Army Cyber Institute has been testing the cybersecurity preparedness of cities around the country in an experiment called Jack Voltaic. It is a major, multi-sector public private exercise aimed at understanding critical infrastructure dependencies on force deployment. We're joined by Lt. Col. Douglas Fletcher - chief data scientist - and Lt. Co…
…
continue reading
For today's episode, I'm joined by Dale Peterson, who is on the leading edge of helping security conscious asset owners in a range of sectors effectively manage and reduce cyber risk to their Industrial Control Systems (known as an “ICS”). ICS is a computer system that monitors or controls a physical process. They exist everywhere: power generation…
…
continue reading
1
Critical Response for Critical Infrastructure
34:48
34:48
Play later
Play later
Lists
Like
Liked
34:48
Megan Samford is the first woman Chief Product Security Officer in industrial control systems (ICS) manufacturing. She's spent time in both the private and public sectors, from Rockwell Automation and General Electric to serving two governors of Virginia and their offices of homeland security. She is also spearheading a project to develop a common …
…
continue reading
Patrick Miller sits at the intersection of cybersecurity and regulation because, as he likes to say, "those two don't fit well." Beyond his decades of work in the space, he also co-founded BEER-ISAC, a network of individuals who comprise the human component of critical infrastructure security. They share war stories, information, intelligence and -…
…
continue reading
1
Oil, Gas and Cybersecurity in the Middle East
42:40
42:40
Play later
Play later
Lists
Like
Liked
42:40
"Securing and having the right measures of cybersecurity relates to the national security of the whole country and our national income." Reem Al-Shammari is the chief information security officer for the Kuwait Oil Company. She sits at the intersection of a massive swath of her country's economy - oil and gas - and the need to secure it against eme…
…
continue reading
The second half of our interview with author and strategist P.W. Singer. He discusses his latest book - Burn In - where he translates real-world research about Artificial Intelligence into a glimpse at a future we’re not too far away from if things go wrong and we do not protect ourselves. "In our lifetime for the next year 10 or 20 years, artifici…
…
continue reading
Hackers may be our best, last hope as our dependence on connected technology is increasing faster than our ability to safeguard ourselves. This episode you will learn about I Am the Cavalry - a volunteer organization of cybersecurity experts devoted to improving the security of medical devices, transportation, connected homes, and infrastructure - …
…
continue reading
“Our dependence on connected technology is growing faster than our ability to secure it, especially in areas affecting public safety and human life.” Author and strategist P.W. Singer examines the future of war, and explains the difficulty in securing critical infrastructure against cyber attacks and technologies that are cheaper and easier for for…
…
continue reading
Learn more about ICS village at http://www.icsvillage.com. Learn more about the R Street Institute at http://www.rstreet.org. Follow Bryson Bort on Twitter @BrysonBort. Follow the R Street Institute on Twitter @RSI.By Bryson Bort
…
continue reading
