The PrOTect OT Cybersecurity Podcast – Details, episodes & analysis

Despite the growing attention on industrial cybersecurity, there is still much work to be done to keep pace with the increasing risks. To mature and comprehensively protect against cyber threats to operational technology (OT), it will take collaboration among key players from various sectors and industries.

The PrOTect OT Cybersecurity podcast brings together experts in the field of cybersecurity for critical infrastructure and industrial organizations. Join Aaron Crow, the Chief Technology Officer at Industrial Defender, and the OT security community as they explore the latest developments and challenges unique to protecting operational environments

Whether you want to learn the best practices and strategies for protecting power plants, water treatment facilities, food and beverage plants or automotive factories, this podcast is for you.

About Todd Beebe: Todd Beebe, a cybersecurity veteran since the early 90s, commenced his journey by thwarting attempts to hack his BBS. His expertise led to pivotal roles with an international organization, securing remote access, fortifying websites, and pioneering firewall deployment. Later, at Ernst & Young, he spearheaded the Attack & Penetration practice in Houston, penetrating Fortune 500 clients and contributing to the precursor of the Hacking Exposed book series. Todd's entrepreneurial spirit thrived as he founded cybersecurity companies, notably inventing the telecom firewall 'TeleWall' and the web application firewall 'eServer Secure,' holding nine US patents. His career includes fortifying the White House and Pentagon against cyber threats and building cybersecurity programs for multiple Fortune 500 organizations.

In this episode, Aaron and Todd Beebe discuss:

• Their journeys into cybersecurity careers
• Navigating the convergence of IT and OT security
• Finding common ground and overcoming historical hurdles
• Shared labs for enhanced understanding and effective problem-solving
• Cybersecurity challenges in critical infrastructure

Key Takeaways:

• In addressing cybersecurity challenges, it's crucial for IT and OT teams to collaborate closely, recognizing that the threat landscape targets common denominators such as IP addresses, ports, and Windows systems, and adopting a unified approach to securing both environments is essential in the evolving landscape of cyber threats.
• In navigating the convergence of IT and OT, the key lies in recognizing the shared technological foundation, fostering collaboration to merge expertise, and dispelling the misconception of a takeover, ultimately shifting the focus from being adversaries to allies in the pursuit of a secure and efficient operational landscape.
• Fostering collaboration between IT and OT teams through shared advisory roles, regular communication, and the establishment of a collaborative lab environment not only enhances technical expertise but also builds trust, camaraderie, and a common language, ultimately contributing to a more resilient and stable organizational infrastructure.
• While Todd is excited about the increasing diversity of people entering the cybersecurity field, he expresses concern about the SEC's decision to hold CISOs accountable for breaches and emphasizes the challenge of training junior analysts to effectively identify and respond to cyber threats in the evolving landscape. 

"I'm ready to continue learning. I believe that's the most important part for anyone in cybersecurity. It's whether they have that mindset: it's not failure, it's learning. If we can get that into the mindsets of the next generation, I think then we've done what we needed to do." — Todd Beebe

Connect with Todd Beebe:  

Email: tvbeebe@freeportlng.com

LinkedIn: https://www.linkedin.com/in/toddbeebe/

Connect with Aaron:

LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about Industrial Defender:

Website: https://www.industrialdefender.com/podcast 

LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/

Twitter: https://twitter.com/iDefend_ICS

YouTube: https://www.youtube.com/@industrialdefender7120

Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it. 

About Ron Fabela: Ron Fabela, a seasoned cybersecurity professional with over 20 years of experience, specializes in safeguarding Industrial Control Systems (ICS) and Operations Technology (OT). Currently serving as the Field CTO at XONA, Ron leads initiatives to establish secure industrial access, ensuring safe operations for asset owners globally. With a background rooted in hands-on experience across diverse critical infrastructure sectors such as power generation, offshore oil, and refineries, he excels in overcoming industry-specific challenges and possesses a unique skill set to articulate technical and business concepts effectively to a broad audience.

In this episode, Aaron and Ron Fabela discuss:

• Adopting secure remote access in OT as an operational requirement
• The complex landscape of active scanning in ICS
• Building trust and bridging the gap between cybersecurity and OT
• Balancing innovation, risk, and security in a changing landscape

Key Takeaways:

• In the dynamic world of ICS, securing remote access is not just a cybersecurity necessity but a practical operational requirement, as witnessed through the evolution from air gaps to accepted industry practices, embracing the concept of zero trust while facilitating secure access is not only a cybersecurity feat but a collaborative effort aligning operational needs with stringent security measures.
• The shift from passive to active scanning is crucial for effective threat detection and asset visibility; while skepticism persists, bridging the gap between security and operations through trust-building and advocacy is essential to navigate the challenges and seize the opportunities in securing critical infrastructure.
• To establish trust and enhance cybersecurity in operational environments, genuine collaboration, understanding the challenges of control system engineers, and acknowledging small victories are crucial steps toward securing critical infrastructure and ensuring operational resilience.
• The future of industrial cybersecurity brings excitement and concern with the shift to advanced systems like cloud, edge, and virtualization, offering scalability but inheriting a substantial attack surface. This underscores the importance of a strategic security approach in this evolving landscape. 

"I appreciate where I'm at. That's why I stay in the community. I don't think I could ever go back to enterprise and have that same feeling of mission and importance without letting it get to you. Early on, a lot of us were like, "We're saving the world." It's like, "No, no, no. We're just trying to help people, and we're helping ourselves in the process." That's why I love the community." — Ron Fabela

Connect with Ron Fabela:  

Email: ron@fabela.co (unofficial business) & ron@xonasystems.com (official business)

LinkedIn: https://www.linkedin.com/in/ronniefabela/

Twitter: https://twitter.com/ron_fab

Connect with Aaron:

LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about Industrial Defender:

Website: https://www.industrialdefender.com/podcast 

LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/

Twitter: https://twitter.com/iDefend_ICS

YouTube: https://www.youtube.com/@industrialdefender7120

Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.

About Nick Tsamis: Nick currently serves as Department Chief Engineer within the Cybersecurity Infrastructure Protection Innovation Center (CIPIC) at The MITRE Corporation where he works to develop strategies for protection against emerging threats on critical infrastructure. Nick led the technical efforts for the first release of Caldera for OT. He holds degrees in computer science and aerospace engineering, and resides in Honolulu, HI.

In September, MITRE and CISA announced that MITRE Caldera™ for OT is now publicly available as an extension to the open-source Caldera platform, allowing security teams to run automated adversary emulation exercises that are specifically focused on threats to operational technology (OT).

Our nation’s critical infrastructure—including public transportation, commerce, clean water, and electricity—relies on operational technology, but that technology often has weak security spots. Caldera for OT empowers security teams with new tools to help ensure the safe and secure function of critical infrastructure, thus improving our nation’s resiliency posture.

Caldera for OT is now available on GitHub. As an open-source platform, Caldera for OT will continue expanding to new environments, protocols, and attacks. MITRE partnered with CISA through the HSSEDI (Homeland Security Systems Engineering and Development Institute) to develop the first set of modules and continues to work internally, with CISA, and other organizations to develop and release the next set of Caldera for OT open-source modules.

In this episode, Aaron and Nick Tsamis discuss:

• Creating a common vernacular and building risk-appropriate solutions
• Standardizing cybersecurity practices in OT environments
• Enhancing OT security through customized Red Team assessments and protocol familiarization
• Navigating the intersection of human expertise and machine learning in cybersecurity

Key Takeaways:

• In bridging the worlds of IT and OT cybersecurity, the key is establishing a common language, understanding the crucial emphasis on availability and safety, and developing tools like Caldera to operate within OT protocols, ultimately shifting towards a balanced risk appetite in the industrial control sector.
• The adoption of Caldera for OT marks a transformative shift in cybersecurity testing, enabling standardized, real-world simulations in operational environments, bridging the IT-OT gap, fostering collaborative language, and empowering organizations to take calculated, transparent steps toward robust cyber defense strategies.
• Effective communication, trust-building, and tailored red teaming activities in OT environments empower teams to ask critical questions, understand protocols deeply, and conduct standardized tests, enhancing detection and asset identification, reducing barriers, and strengthening internal security.
• In the evolving landscape of OT and cybersecurity, we must harness the power of machine learning to assist human operators while maintaining vigilance in verifying the trustworthiness of data to avoid misinformed actions.

"Misinformation is a real thing, and if we're not trusting the information that's being provided at real time, the actions that I'm taking from a cybersecurity perspective may potentially do more harm than good." — Nick Tsamis

Connect with Nick Tsamis:  

Mitre Blog: https://medium.com/@mitrecaldera

Mitre Email: OT@mitre.org

Website: https://www.mitre.org/

Email: slytle@mitre.org

LinkedIn: https://www.linkedin.com/in/nicktsamis/

Connect with Aaron:

LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about Industrial Defender:

Website: https://www.industrialdefender.com/podcast 

LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/

Twitter: https://twitter.com/iDefend_ICS

YouTube: https://www.youtube.com/@industrialdefender7120

Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.

About Chris Bihary: Chris Bihary is the CEO and Co-Founder of Garland Technology, a leading USA-based manufacturer specializing in Network TAPs, Network Packet Brokers, Hardware Data Diodes, and Inline Bypass solutions. With a rich background spanning over 30 years in IT and OT cybersecurity, Chris has fostered collaborative partnerships with tech firms to guarantee robust network performance and security across various industries. His entrepreneurial journey began by owning an IT reseller focused on constructing 9-1-1 call center network infrastructure, sparking his lifelong commitment to ensuring the resilience of all networks.

In this episode, Aaron and Chris Bihary discuss:

• Leveraging TAPs for independent, reliable, and unintrusive network monitoring
• Optimizing network security and operational efficiency
• Exploring the importance of data diodes in critical infrastructure environments
• Challenges and exciting developments in OT environments

Key Takeaways:

• Implementing TAPs in OT networks offers a secure, independent, and foolproof method of monitoring critical assets, ensuring 100% packet capture and reducing the risks associated with relying solely on traditional methods like SPAN ports, making it essential for robust and reliable network security.
• In navigating the complexities of network security, the key lies in strategically deploying purpose-built tools like data diodes and aggregators, ensuring comprehensive packet inspection without overwhelming IT staff; finding the delicate balance between data capture and streamlined management is the linchpin to effective and efficient cybersecurity.
• Building a secure network foundation, tapping into live data, ensuring compliance without vulnerabilities, and centralizing access are vital for successful tech implementation in critical infrastructures, fostering adaptability and innovation in today's rapidly changing tech landscape.
• Simplicity and ease of implementation are not just preferences, they're essential requirements; in an industry where awareness is growing, skilled personnel are scarce, and regulations are tightening, the ability to deploy robust, effective solutions quickly and efficiently is the linchpin to securing critical infrastructures worldwide.

"Some really good high tech companies that were never in OT are coming into OT and they're getting their folks trained up. They're educating them and this is super positive for our space. So I'm excited that the awareness is there and more and more people know they have to move forward. More people are getting involved in this space and I'm just looking forward to being part of it and seeing how we can help companies get their network secure, resilient, and reliable, and work with great companies." — Chris Bihary

Connect with Chris Bihary:  

Website: www.garlandtechnology.com

Email: chris.bihary@garlandtechnology.com

LinkedIn: https://www.linkedin.com/company/garland-technology-llc/ and https://www.linkedin.com/in/chrisbihary/

Connect with Aaron:

LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about Industrial Defender:

Website: https://www.industrialdefender.com/podcast 

LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/

Twitter: https://twitter.com/iDefend_ICS

YouTube: https://www.youtube.com/@industrialdefender7120

Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it. 

About Raphael Arakelian: Raphael Arakelian is a distinguished figure in the field of cybersecurity, serving as a manager within PwC Canada's OT & IoT cybersecurity team. With a national leadership role, he directs PwC Canada's efforts in OT monitoring implementation services, overseeing proof-of-concept evaluations and implementations across diverse industries. Raphael's unwavering commitment to securing critical infrastructure and industrial systems against cyber threats showcases his profound passion for advancing OT monitoring technology and staying at the forefront of cybersecurity innovation.

In this episode, Aaron and Raphael Arakelian discuss:

• Evaluation OT security solutions beyond technological features
• Maturing implementation considering technical requirements, business requirements, and organizational factors
• Exploring the integration of active scanning in OT cybersecurity protocols
• Achieving comprehensive OT asset management and cybersecurity monitoring
• Bridging the gap between OT and cybersecurity
• The evolving role of OT cybersecurity

Key Takeaways:

• To build a robust OT cyber monitoring program, organizations must embrace a collective approach involving a combination of tools, people, active and passive methods, and meticulous asset inventory management to enhance their security posture in an evolving threat landscape.
• In the world of OT cybersecurity, it's not enough to simply have tools; success hinges on a meticulous understanding of assets, ongoing monitoring, and a proactive approach to vulnerabilities, even if achieving 100% coverage remains elusive.
• It's crucial to move beyond black-and-white thinking, embrace active scanning safely, involve vendors collaboratively, and establish hybrid roles to take ownership and advance visibility for more robust OT cybersecurity practices.
• In the next 5 to 10 years, we'll witness a pivotal shift towards more comprehensive and collaborative OT cybersecurity practices, embracing advanced monitoring technologies and the active involvement of OEMs, as the critical importance of safeguarding operational technology becomes increasingly evident.

"Most of the time, it's too much of a burden to be able to take care of the technology parts, but also influence on both sides the culture to be able to have a successful OT cyber program." — Raphael Arakelian

Connect with Raphael Arakelian:  

Email: raphael.arakelian@pwc.com

LinkedIn: https://www.linkedin.com/in/raphael-arakelian/

Raphael will be presenting a paper at S4 this March 2024 around active scanning of OT PLCs: https://s4xevents.com/page/4/?et_blog

Connect with Aaron:

LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about Industrial Defender:

Website: https://www.industrialdefender.com/podcast 

LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/

Twitter: https://twitter.com/iDefend_ICS

YouTube: https://www.youtube.com/@industrialdefender7120

Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.

About Jonathan Tubb: Jonathan Tubb is a seasoned cybersecurity expert, renowned for his proficiency in crafting innovative solutions to address the most pressing security issues in the power generation sector. With a background in Computer Engineering from Ohio State University and a Professional Engineer (P.E.) license, he has over 15 years of hands-on experience. Currently serving as the Director of Industrial Cyber and Digital Security at Siemens Energy, Inc., Jonathan also imparts his knowledge as a lecturer for a master's course in Operational Technology Cyber Security at Duke University's Pratt School of Engineering.

In this episode, Aaron and Jonathan Tubb discuss:

• Navigating the evolving landscape of OT cybersecurity
• Implementing cybersecurity measures for small modular reactors in the energy industry
• Cross-disciplinary expertise in OT cybersecurity and the need for specialized training programs
• The future of IT-OT convergence

Key Takeaways:

• In the evolving landscape of industrial cybersecurity, the shift from minimal compliance to recognizing the real-world impact and the urgent need for cross-training in IT and OT is crucial to bridging the knowledge gap and securing critical infrastructure effectively.
• As the energy industry progresses with new technologies like small modular reactors, the existing regulatory frameworks and cybersecurity practices face challenges in adapting to these changes, highlighting the need for flexible and scalable cybersecurity solutions in critical infrastructure.
• In the complex world of OT cybersecurity, the key to success lies in having the right people with a deep understanding of both engineering and cybersecurity, bridging the gap between the two worlds to protect critical infrastructure and ensure reliability in an ever-evolving landscape.
• The future of IT/OT convergence holds both excitement and concern, as the integration of these systems could lead to unprecedented efficiencies and insights, but a heavy-handed approach may risk pulling the plug on progress, hindering the potential benefits for both cybersecurity and operations.

"I hope that the outcome of all this is positive for both sides of the industry, for practitioners, for the business side, like I see a destination where cybersecurity and operations are holding hands, skipping through a field." — Jonathan Tubb

Connect with Jonathan Tubb:  

Email: jonathan.tubb@gmail.com

LinkedIn: https://www.linkedin.com/in/jonathan-tubb

Hackers Teaching Hackers Event: https://www.hthackers.com

GridSecCon 2023: https://www.nerc.com/pa/CI/ESISAC/Pages/GridSecCon.aspx

Connect with Aaron:

LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about Industrial Defender:

Website: https://www.industrialdefender.com/podcast 

LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/

Twitter: https://twitter.com/iDefend_ICS

YouTube: https://www.youtube.com/@industrialdefender7120

Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.

About Josh Varghese: Josh Varghese, founder of Traceroute, is a seasoned industrial networking expert who has dedicated himself to serving the dynamic industrial/OT market. With nearly a decade of experience as a technical lead at Industrial Networking Solutions, where he established their technical support and application engineering department, Josh cultivated a deep understanding of the industry. He now leads Traceroute, offering a comprehensive suite of services including consulting, design, solution architecture, and more, while maintaining invaluable relationships with clients and vendors forged during his career.

In this episode, Aaron and Josh Varghese discuss:

• Navigating vendor dependence and networking complexity in industrial environments
• Overcoming resistance to technology advancements in industrial settings
• The challenges of IT-OT convergence and the importance of OT knowledge transfer
• The importance of empathy and collaboration in an SDN-driven future

Key Takeaways:

• In the world of industrial networking, the critical importance of bridging the gap between vendors, asset owners, and complex OT environments becomes glaringly evident, as a lack of expertise and responsibility often leads to network disasters and production outages, emphasizing the need for specialized support and education in this field.
• Getting burned by poorly configured solutions in the industrial technology realm has led to a reluctance to embrace advancements; however, with proper configuration and understanding, these advancements can be highly beneficial.
• Bridging the gap between IT and OT, and improving basic understanding of network concepts, is crucial for overcoming resistance to new technology adoption and ensuring operational resilience in a world where automation and physical processes intersect in every aspect of business.
• In the evolving landscape of IT and OT collaboration, the key to success lies in fostering understanding, empathy, and effective communication between the two sides, rather than imposing complexity or hierarchies, while emerging technologies like SDN offer promise but must address the challenge of simplifying network management in the OT space.

"So much of what has happened in the last five to ten years in our space has been around wanting to look at lateral traffic movement or visibility to more traffic. And it's all been very difficult to accomplish because the architecture and the technology available in traditional networking makes it so. You and I have talked about wanting to fast forward to a scenario with sensors in the switch, full visibility, and all this stuff. SDN gets us there like in the snap of a finger." — Josh Varghese

Connect with Josh Varghese:  

Website: www.traceroutellc.com

Email: josh@traceroutellc.com

LinkedIn: https://www.linkedin.com/in/varghesejm

Traceroute’s OT networking training in Dallas-Fort Worth on February 8-9, 2024:

https://www.traceroutellc.com/s/Traceroute-DFW-Training-Flyer.pdf

The best (or arguably “worst”) kept secret in OT networking is Software Defined Networking: https://www.linkedin.com/posts/varghesejm_industrialnetworking-otnetworking-otsdn-activity-6963503182421377024--52t/

Connect with Aaron:

LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about Industrial Defender:

Website: https://www.industrialdefender.com/podcast 

LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/

Twitter: https://twitter.com/iDefend_ICS

YouTube: https://www.youtube.com/@industrialdefender7120

Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.

About Fred Gordy: Fred Gordy is a pioneering figure in the SmartBuilding industry, with two decades of expertise in developing and implementing secure control systems for Fortune 500 companies across the globe. A trailblazer in addressing the inherent cybersecurity risks posed by control system technology, he has authored over 100 articles on building control cybersecurity, with his insights featured in prominent publications like the Wall Street Journal, CNBC, and healthcare journals. Fred's extensive knowledge and commitment to the field have led him to develop cutting-edge control system cybersecurity assessment methodologies and tools, while also serving as a technical advisor on various industry boards and holding multiple certifications in control technology.

In this episode, Aaron and Fred Gordy discuss:

• The critical intersection of convenience and cybersecurity in modern infrastructure and control systems
• Building cybersecurity certifications and their impact on commercial real estate
• Overcoming cultural barriers in implementing cybersecurity measures for critical infrastructure
• The importance of people-centered approaches in business and cybersecurity

Key Takeaways:

• In the ever-evolving world of technology and cybersecurity, the importance of resilience and adaptability shines through, reminding us that regardless of the specifics, whether it's elevators, critical infrastructure, or complex IT systems, preparedness and proactive action matter most when unexpected challenges arise.
• Achieving bronze, silver, or gold certification levels is all about tailoring your security measures to the criticality of your building, ensuring that you're prepared to safeguard your occupants and assets accordingly, whether you're running a standard commercial office space or housing national security agencies.
• In building cybersecurity, addressing the foundational questions of what you have, how it's connected, and who has access is crucial to building trust and resilience, even if it means challenging established cultural norms and embracing new technologies.
• Embrace the power of compromise and understanding, for it's not about being right or wrong, but about collectively navigating the complex landscape to reach our desired destination, one step at a time, even as new technological challenges loom on the horizon.

"In the IT world, everything is CIA: confidentiality, integrity, and availability. In our world, you know, availability's number one. So confidentiality was never taken into account. So now you've got all of these systems being connected together as highly available as possible." — Fred Gordy

Connect with Fred Gordy:  

Website: https://mbakerintl.com/en/

Email: fred.gordy@mbakerintl.com

LinkedIn: https://www.linkedin.com/in/fredgordy/

Twitter: https://twitter.com/FGordy

Connect with Aaron:

LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about Industrial Defender:

Website: https://www.industrialdefender.com/podcast 

LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/

Twitter: https://twitter.com/iDefend_ICS

YouTube: https://www.youtube.com/@industrialdefender7120

Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it. 

About Matthew Scott: Matthew Scott is a technical leader with over three decades of experience in industrial automation, specializing in the design, deployment, and maintenance of cutting-edge SCADA systems across critical infrastructure sectors such as transit, oil & gas, energy, and water/wastewater. His expertise spans a wide range of hardware and software platforms. A trailblazer in cybersecurity, Matthew's contributions extend beyond his role as an OT security professional, as he has authored peer-reviewed publications and presented at technical conferences. With a commitment to fostering innovation and promoting a "Fail Fast, Fail Forward" ethos, he leads cross-functional teams in the development of secure and resilient industrial control solutions that ensure the reliable delivery of essential services.

In this episode, Aaron and Matthew Scott discuss:

• Implementing security by design in legacy industrial control systems
• Enhancing OT cybersecurity through code quality and dynamic rule sets
• A step-by-step approach to improve cybersecurity and system resilience
• Balancing regulations and technological advancements in OT cybersecurity

Key Takeaways:

• The crucial strategy for securing OT involves a holistic approach, combining identification of exploits, rule creation, and integrated defensive programming within system design to counter malicious actions and ensure process reliability and security, moving beyond mere patching or hardware replacements.
• In the rapidly evolving landscape of OT cybersecurity, the fundamental importance of well-disciplined code and comprehensive input validation is resurfacing as a potent strategy, enabling organizations to proactively mitigate a substantial portion of vulnerabilities and exploits, with the potential for machine learning to dynamically adapt and reinforce security measures over time.
• Recent progress in system security has shifted from insecure designs to security-focused thinking, bolstering code against vulnerabilities in complex environments, yet the challenge remains in safeguarding legacy systems and maintaining uniform standards.
• Amidst the focus on looming threats, the key lies in addressing foundational cybersecurity concerns, highlighted by upcoming regulations for industrial control systems, while cautioning against prioritizing advanced tech over resolving core technical issues.

"I don't necessarily see that AI is gonna make malicious actors more prevalent and more powerful. But I think we're gonna see the emphasis move to that. So until we have a regulation that forces us to clean up our code and be disciplined, we're gonna see organizations go out and spend money." — Matthew Scott

Triton Malware Exploited Zero-Day in Schneider Electric Devices: https://www.securityweek.com/triton-malware-exploited-zero-day-schneider-electric-devices/

Connect with Matthew Scott:  

Learn how to protect your ICS with PLC defensive programming techniques! Join Matthew and his colleague Tyler Lentz at the INCOSE Western States Regional Conference: https://www.pnnl.gov/events/incose-western-states-regional-conference

Website: https://plc-security.com/

Email: mjs672@nau.edu

LinkedIn: https://www.linkedin.com/in/matthew-j-scott-mcit/

Connect with Aaron:

LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about Industrial Defender:

Website: https://www.industrialdefender.com/podcast 

LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/

Twitter: https://twitter.com/iDefend_ICS

YouTube: https://www.youtube.com/@industrialdefender7120

Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.