The Industrial Security Podcast

We don't have budget to fix the problem, so we accept the risk? Tim McCreight of TaleCraft Security in his (coming soon) book "I don't sign s**t" uses story-telling to argue that front line security leaders should not be accepting multi-billion dollar risks on behalf of the business. We need to escalate those decisions - with often surprising results when we do.

NIS2 legislation is late in many EU countries, and the new CRA applies to most suppliers of industrial / OT computerized and software products to the EU. Christina Kiefer, attorney at reuschlaw, walks us through what's new and what it means for vendors, as well as for owner / operators.

Hundreds of subsystems with the same IP addresses? Thousands of legacy devices with no modern encryption or other security? Constant, acquisitions of facilities "all over the place" network-wise and security-wise? What most of us need is "network duct tape". Tom Sego of Blastwave shows us how their "duct tape" works.

Safety defines cybersecurity - Kenneth Titlestad of Omny joins us to explore safety, risk, likelihood, credibility, and deterministic / unhackable cyber defenses - a lot of it in the context of Norwegian offshore platforms.

How did they get in? How did we find them when they got in? What can we do in future to clean up the mess faster? Chris Sistrunk reflects on a decades' industrial cyber incident response experience at Mandiant (Google).