Industrial Cybersecurity Insider – Détails, épisodes et analyse

OT Cybersecurity Engineer, Noah Duckworth, joins Dino Busalachi for this episode. They discuss the challenges and nuances of industrial cybersecurity, as he shares insights from his experience working in the OT (Operational Technology) cybersecurity space.

Noah talks about the complexities of integrating traditional IT cybersecurity measures within industrial networks, the specific tools and practices used, and the importance of safe, industry-specific approaches to vulnerability management.

He also provides a perspective on various industrial sectors, such as food and beverage and transportation, and how cybersecurity requirements vary across different verticals and environments.

This episode offers valuable insights into the evolving field of OT cybersecurity and practical advice for professionals interested in protecting critical infrastructure as well as entering the field of industrial cybersecurity.

Chapters:

• 00:00:00 - Introduction to Engineering Problem-Solving in Cybersecurity
• 00:00:46 - Guest Introduction: Meet OT Cybersecurity Engineer & Expert Noah Duckworth
• 00:00:58 - Noah’s Path into OT Cybersecurity and His Industry Experience
• 00:02:13 - Key Differences Between OT and IT Cybersecurity
• 00:03:01 - Addressing Common OT Cybersecurity Challenges and Tools
• 00:06:22 - Navigating Cybersecurity Across Industrial Sectors
• 00:08:06 - Insights for New Professionals in Industrial Cybersecurity
• 00:10:13 - The Evolving Landscape of OT Cybersecurity
• 00:15:22 - Inspiring the Next Generation of Cybersecurity Leaders
• 00:16:35 - Closing Thoughts: Practical Advice for Early-Career Professionals

Links And Resources:

• Velta Technology
• Noah Duckworth on LinkedIn
• Dino Busalachi on LinkedIn
• Jim Cook on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

This episode we dive into the critical strategies necessary for securing operational technology (OT) environments, with OT/ICS Strategy Lead at CISA, Danielle Jablanski.

Danielle explores the evolving role of CISA in assisting asset owners and government sectors, emphasizing the importance of collaboration and understanding in cybersecurity.

From building resilience against "shiny object syndrome" to prioritizing effective incident response and vendor relationships, this conversation provides valuable insights into crafting an actionable, sustainable OT security strategy.

Danielle also shares how workforce development is crucial in creating a robust cybersecurity posture and discusses CISA’s approach to integrating AI and machine learning into OT security cautiously and strategically.

Chapters:

• 00:00:00 - Understanding Outsourcing and Effective Incident Management in OT
• 00:01:21 - Welcoming Danielle Jablanski from CISA to the Show
• 00:01:47 - CISA’s Expanding Role in Supporting Critical Infrastructure Security
• 00:03:32 - Key Challenges Facing OT Cybersecurity Today
• 00:06:27 - Navigating the Convergence of IT and OT Security
• 00:11:36 - CISA’s Approach to Risk Management and Its Global Impact
• 00:13:40 - Overview of CISA Services and Regional Cybersecurity Initiatives
• 00:16:36 - Enhancing Incident Response Capacity and Cross-Agency Coordination
• 00:17:30 - Fusion Centers: Interagency Collaboration for Better Threat Intelligence
• 00:18:55 - Guiding Organizations in Reporting and Responding to Incidents
• 00:21:03 - Developing Effective Incident Response Playbooks for OT Environments
• 00:22:08 - Opportunities and Risks of AI in OT Cybersecurity
• 00:24:32 - Emerging Threats: Targeted Attacks on Control Systems
• 00:27:00 - Final Thoughts on Workforce Development and Building Cybersecurity Resilience

Links And Resources:

• Danielle Jablanski on LinkedIn
• Dino Busalachi on LinkedIn
• Jim Cook on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Chris Cockburn, Cybersecurity Advisor at CISA, shares his insights on how CISA supports industrial cybersecurity from critical infrastructure to elections.

We explore the impact of state-sponsored cyber threats, the importance of securing emerging technologies like AI through the "Secure by Design" initiative, and the role of government-private sector partnerships in building a resilient cybersecurity posture.

He shares the free resources available to support industrial cybersecurity including Fusion Centers. Whether it's defending against sophisticated cyber attacks or ensuring the integrity of our election systems, this episode provides essential guidance for securing the future of critical infrastructure.

Chapters:

• 00:00:00 - Introduction to AI security concerns in critical infrastructure
• 00:00:59 - Meet Chris Cockburn, cybersecurity expert from CISA
• 00:01:10 - Chris Cockburn’s journey from DoD to CISA
• 00:02:21 - Overview of global industrial cybersecurity challenges
• 00:03:35 - How CISA collaborates to strengthen cybersecurity
• 00:04:52 - Regional cybersecurity support for critical sectors
• 00:05:49 - Tackling resource challenges in cybersecurity
• 00:08:03 - Continuous efforts to secure election systems
• 00:09:26 - Navigating the complexities of IT/OT convergence
• 00:12:36 - Making the most of cybersecurity insurance
• 00:15:08 - Ensuring AI is secure by design
• 00:19:06 - CISA’s partnership with Idaho National Lab for cybersecurity training
• 00:20:48 - Key strategies for building cyber resilience
• 00:22:09 - Fusion Centers: Enhancing collaboration in cybersecurity
• 00:23:53 - Final thoughts on the future of cybersecurity

Links And Resources:

• Chris Cockburn on LinkedIn
• CISA Cybersecurity Resources and Tools
• Dino Busalachi on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, YouTube, and Google Podcasts to leave us a review!

In this episode, Dino and Craig dive into the complexities of cybersecurity in the operational technology (OT) space, focusing on the challenges posed by vendor lock, version lock, and outdated systems. 

They explore the disconnect between IT and OT teams, emphasizing the need for collaboration to secure industrial environments effectively. 

The discussion highlights practical strategies like virtual patching and microsegmentation to mitigate risks, stressing the importance of working with the right partners to protect legacy systems while maintaining production efficiency.

Chapters:

• 00:00:00 - Introduction to Equipment Life Cycle
• 00:00:56 - Key Challenges in Operational Technology (OT)
• 00:01:24 - The OEM Blockade: A Barrier to Progress
• 00:02:09 - Unpatched Vulnerabilities in Newly Installed Equipment
• 00:04:22 - Bridging the Gap: IT and OT Collaboration Issues
• 00:05:40 - Practical Solutions: Compensating Controls
• 00:06:48 - The Realities of IT and OT Convergence
• 00:09:00 - Shared Infrastructure Risks
• 00:12:00 - The Gap in Due Diligence on the Plant Floor
• 00:14:00 - The Need for Better OT Cybersecurity Practices
• 00:16:00 - Finger-Pointing in OT Environments
• 00:19:21 - Why Process Integrity Matters in OT
• 00:24:02 - Final Thoughts: Moving Forward in OT Security

Links And Resources:

• Dino Busalachi on LinkedIn
• Jim Cook on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, YouTube, and Google Podcasts to leave us a review!

In this episode, Dino Busalachi and Craig Duckworth dive into the complexities of human factors and industrial cybersecurity. They discuss the need for robust cybersecurity awareness at all levels, and the challenges of integrating IT and OT environments.

The conversation highlights real-world scenarios, from phishing attacks to internal threats, and emphasizes the importance of building a strong cybersecurity culture.

Dino and Craig also explore strategies for improving visibility, managing remote access, and ensuring compliance with industry regulations, offering actionable insights for industrial professionals.

Chapters:

• 00:00:00 - Kicking Off: Why Industrial Cybersecurity Matters
• 00:01:17 - The Human Element: Cybersecurity's Biggest Challenge
• 00:02:14 - Plant Floor Realities: Tackling Cyber Threats on the Ground
• 00:03:20 - Boosting Awareness: Training for a Secure Future
• 00:05:41 - Breaking Barriers: Overcoming OEM and IT Hurdles
• 00:08:10 - Culture Shift: Building a Cybersecurity-First Organization
• 00:09:32 - Top-Level Insight: Managing Executive Challenges and Costs
• 00:16:10 - Outsourcing Excellence: Best Practices for OT Cybersecurity
• 00:25:26 - Zero Trust Unpacked: Enhancing Cyber Hygiene
• 00:26:49 - Wrapping Up: Key Takeaways and Final Thoughts

Links And Resources:

• Velta Technology
• Dino Busalachi on LinkedIn
• Jim Cook on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, YouTube, and Google Podcasts to leave us a review!

Dino Busalachi sits down with Debbie Lay, Senior Solutions Architect from TXOne Networks, in this week's episode, to discuss challenges and innovative solutions in OT cybersecurity.

They cover the ongoing issues of outdated systems, the complexities of IT and OT convergence, and the benefits of virtual patching as a method for securing OT environments and legacy equipment. They also address the impact of the Crowdstrike event on Industrial OT environments.

Debbie shares her extensive experience and insights into how industries can safeguard their operations from ransomware and other threats without disrupting production.

This episode provides perspectives on managing cybersecurity in industrial environments, and the importance of collaboration between IT and OT teams.

Tune in to understand how virtual patching can be an effective approach to protect critical assets on the plant floor!

Chapters:

• 00:00:00 - Introduction to OT Cybersecurity
• 00:01:02 - Debbie Lay's Journey into OT Cybersecurity
• 00:02:13 - Challenges of Implementing IT Solutions in OT
• 00:04:17 - Virtual Patching in OT Environments: Securing Legacy Equipment
• 00:07:17 - IT and OT Convergence: Complexities and Solutions
• 00:08:21 - Bridging the IT-OT Gap: Importance of Collaboration
• 00:12:57 - TXOne Technologies for Enhancing OT Security
• 00:14:40 - The Impact of Cloud-Based Solutions on OT Operations
• 00:18:46 - Collaboration: A Critical Component in OT Security
• 00:20:12 - Industry Trends and Key Challenges in OT Cybersecurity
• 00:23:49 - Conclusion and Insights on Future Discussions

Links And Resources:

• Dino Busalachi on LinkedIn
• Jim Cook on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, YouTube, and Google Podcasts to leave us a review!

Craig and Dino dig into the differences and nuances of patch management and software updates comparing IT versus Operational Technology (OT) environments. 

They explore the distinct challenges that OT systems face with software updates, and risks associated with patch management, including potential operational disruptions and risks of downtime. 

They discuss the importance of IT understanding the OT risks and challenges of updating software and implementing patches to ICS and OT equipment.

The conversation highlights innovative solutions like virtual patching, the role of OEMs, and the critical need for a strategic, collaborative approach to cybersecurity in industrial settings.

Chapters:

• 00:00:00 - Introduction to Patching Challenges
• 00:01:08 - IT vs OT Patching: Key Differences
• 00:02:55 - Understanding the Cost of Downtime in OT
• 00:03:32 - Overcoming Challenges with Legacy Systems
• 00:05:21 - Navigating OEMs and Safety Concerns
• 00:06:45 - The Role of Safety in OT Patching
• 00:08:52 - Exploring Virtual Patching Solutions
• 00:13:11 - Enhancing Vendor Collaboration and Risk Management
• 00:16:48 - Impact of Mergers and Acquisitions on Cybersecurity
• 00:18:33 - Addressing Insurance and Compliance Issues
• 00:20:12 - Significant Consequences of Not Patching
• 00:23:14 - Building an Effective Collaborative Cybersecurity Strategy
• 00:24:03 - Conclusion and Actionable Insights

Links And Resources:

• Velta Technology
• Dino Busalachi on LinkedIn
• Jim Cook on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, YouTube, and Google Podcasts to leave us a review!

In this episode, cybersecurity expert Sandeep Lota, Nozomi Networks Field CTO, joins Dino Busalachi to discuss the challenges and innovations in OT cybersecurity.

Key topics they explore include dealing with the evolution of OT security tools, the challenges with IT-OT convergence, and the increasing importance of continuous monitoring.

Sandeep also talks about the role of OEM partnerships and the rising trend of managed services. Tune in to stay ahead of the curve!

Chapters

• 00:01:00 - Meet Sandeep Lota of Nozomi Networks
• 00:02:00 - Cybersecurity Journey and Milestones
• 00:03:00 - IT vs OT: The Convergence Challenge
• 00:05:00 - OEM Partnerships in Security
• 00:07:00 - Future Trends in OT Security
• 00:10:00 - Why Continuous Monitoring Matters
• 00:11:00 - The Boom in Managed Services
• 00:18:00 - Nozomi Networks' Global Impact
• 00:19:00 - Key Takeaways and Final Thoughts

Links And Resources:

• Sandeep Lota on LinkedIn
• Nozomi Networks
• Velta Technology
• Dino Busalachi on LinkedIn
• Jim Cook on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, YouTube, and Google Podcasts to leave us a review!

This episode focuses on the critical intersection of IT and OT in industrial cybersecurity.

Featuring discussions on strategic partnerships and validated designs, the episode addresses the challenges of data protection, digital safety, and asset inventory.

The conversation goes into how companies can better secure their operations by integrating IT and OT, leveraging new technologies, and improving operational efficiency.

The speakers also share insights on the evolving landscape of cybersecurity and the importance of collaboration between different departments within organizations to mitigate risks and ensure safety.

Chapters:

• 00:00:00 - Welcome to Industrial Cybersecurity Insiders!
• 00:01:20 - Cybersecurity and Data Protection in Modern Manufacturing with Jim Fledderjohn, Dell Technologies
• 00:07:12 - The Future of Cybersecurity Insurance with Observatory Holding’s CEO, Gerry Kennedy
• 00:13:59 - Unmasking Industrial Cybersecurity Threats and Solutions with Dave Purdy of TXOne Networks
• 00:23:21 - Cybersecurity A-Z in Manufacturing and Industrial Sectors with Armis CTO, Mick Coady

Links And Resources:

• Velta Technology
• Dino Busalachi on LinkedIn
• Jim Cook on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, YouTube, and Google Podcasts to leave us a review!

Craig Duckworth and Dino Busalachi discuss the pressing issue of cybersecurity compliance for publicly traded companies under new SEC regulations.

They discuss the reasons behind the low number of reported breaches, including national security exemptions and potential corporate negligence.

Craig and Dino address the challenges companies face in safeguarding their operations, from inadequate incident response plans to the ins and outs of securing industrial control systems.

Tune in to understand why transparency and proactive measures are essential for protecting both companies and their investors.

Chapters:

• 00:00:00 - Introduction: The True Cost of Cybersecurity Neglect
• 00:01:00 - Craig and Dino Unpack the SEC Rulings for Public Companies
• 00:02:29 - National Security Exemptions: A Double-Edged Sword
• 00:03:42 - The Complexities of Supply Chain Cybersecurity
• 00:05:32 - The CISO's Dilemma: Balancing Security and Operations
• 00:08:32 - Financial Fallout from Cybersecurity Failures
• 00:10:03 - Incompetence or Intentional? Unveiling Cybersecurity Failures
• 00:17:10 - The Role of Insurance in Cybersecurity Breach Mitigation
• 00:18:00 - Call to Action: Practical Steps to Improve Cybersecurity
• 00:21:47 - Conclusion and Final Thoughts: Taking Responsibility

Links And Resources:

• Velta Technology
• Dino Busalachi on LinkedIn
• Jim Cook on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, YouTube, and Google Podcasts to leave us a review!