Unsolicited Response Podcast

Unsolicited Response Podcast

Dale Peterson interviews guests who are pushing and prodding the ICS community to improve cyber security, as well as those in related fields with innovative ideas the ICS community should consider. Dale began his career as a NSA Cryptanalyst, has been securing ICS for over 15 years, and is the founder and program chair of the S4 Conference.... Show More

Episodes

October 6, 2019 51 min

I sat down with Patrick Miller in Sochi, Russia after we both presented at the Kaspersky KICS event. We cover the electric sector beyond NERC CIP, recruiting and retaining ICS security talent, what Patrick is currently passionate about in ICS security and more.

Share
Mark as Played
August 14, 2019 37 min

The S4 Closing Panel is always a candid discussion on where the community is in securing ICS, where we are succeeding and where need to do better. This year I was joined by Rob Lee of Dragos and Zach Tudor of INL.

Also note that the S4x20 Call For Presentations closes on Thursday (August 15).

Links

  • S4x20 Call For Presentations<... Read more

    Share
    Mark as Played
  • July 16, 2019 68 min

    In this episode of the Unsolicited Response Podcast I interview Megan Samford and Rick Cherney of Rockwell Automation.

    We cover two main topics. First, we discuss how they are dealing with vulnerabilities reported to them by researchers and other means. We focus on how this has progressed over the years as well as how vendors could provide more useful vulnerability and remediation information to their cus... Read more

    Share
    Mark as Played

    Forescout's acquisition of SecurityMatters for $113M in cash was the first major exit from the OT Detection Space (or broader passive monitoring market as you will hear in the podcast). I spoke with Brian Proctor about a number of issues including:

  • What it was like moving from an asset owner to a vendor
  • The best way for an asset owner to recruit or develop ICS security talent in this high dem... Read more

    Share
    Mark as Played
  • In this episode, I interview Jonathan Homer, the Chief of the Industrial Control Systems Group / Hunt and Incident Response Team at DHS.

    We discuss:

  • What changes will asset owners see with the creation of CISA organization in DHS?
  • A detailed discussion of the metrics DHS will use to determine if they are successful / having an impact?
  • Why or if DHS is competing with indust... Read more

    Share
    Mark as Played
  • The ICS Detection Market has achieved almost all of the funding and attention the last two years, including my analysis. Last month Baysh... Read more

    Share
    Mark as Played
    May 14, 2019 38 min

    This recording is from a panel discussion on understanding and reducing the consequence side of the risk equation (risk = consequence * likelihood). Joining me in this discussion are:

  • John Cusimano of aeSolutions and their CyberPHA
  • Andy Bochman of INL and their Read more

    Share
    Mark as Played
  • April 2, 2019 52 min

    In a recent article a researcher proclaimed it's "not hard for a hacker to capsize a ship at sea". This was quickly followed by the Viking Sky cruise ship having its engines shut off due to a sensor reading.

    Not knowing much about maritime control systems I brought two experts from Moran Cyber on the podcast t... Read more

    Share
    Mark as Played
    March 20, 2019 25 min

    I went back to the RSA Conference for the first time in over a decade. Here is my 25-minute report on the event for those considering attending or participating in the future.

    Includes:

  • the first RSA Conferences and when cybersecurity first looked like a real market
  • tips on working the massive RSA Expo Floor
  • interview with Thomas Van Norman on the ICS Village at RSA
  • should an ICS security v... Read more

    Share
    Mark as Played
  • February 27, 2019 41 min

    I interviewed Robert Graham on the S4x19 Main Stage. Robert has an illustrious career in cyber security products including the creator of BlackIce and the first network IPS. We brought him to the S4 Stage for his contrarian views.

    Some of the topics we discussed in the podcast:

  • The downside to IoT regulation and virtue signaling
  • Likely threat agents, broad not specific targets and the birthday paradox
  • ... Read more

    Share
    Mark as Played
    February 11, 2019 34 min

    This episode of the Unsolicited Response Podcast features a discussion on the S4x19 Main Stage with Brad Hegrat, Joel Langill and Dale Peterson. The question: Is the Purdue Model Dead? The three coalesced around an answer (unexpected). And it's not dead, but also not terribly useful going forward in helping with OT network architecture. Have a listen, maybe you will get a different takeaway. Links S4 Events YouTube Channel Dale's... Read more

    Share
    Mark as Played

    The first Unsolicited Response episode of 2019 is a shorter solo-sode. It begins with my four major takeaways from 2018 Finally figuring out the OT / IT issue Consequence based risk reduction Detection market acceleration and shake out The ICS bane called Cyber Hygiene And then at 10:20 in the podcast I've included my S4x19 minute mini-keynote Create The Future, with a bit of help from Patrick Miller, Eireann Leverett and Rob Lee... Read more

    Share
    Mark as Played
    November 8, 2018 60 min

    In this Unsolicited Response episode I interview Rob Lee of Dragos and Rob Smith of INL on a Department of Energy funded program called Neighborhood Keeper. The program attempts to provide threat detection and intelligence in an easy and affordable way to small and medium sized asset owners. Originally these are in the Energy sector, given the funding source. While Dragos is providing the technology and service, there are a lot of ... Read more

    Share
    Mark as Played
    October 17, 2018 21 min

    I’m trying something a bit different in this short 22 minute episode. I rant about two flawed ICS mantras that are gaining traction and detract from useful discussions, and there is an overview of the S4x19 agenda and OnRamp training. 1:47 Mantra: “If you are in critical infrastructure, you will be targeted. If you are targeted, you will be compromised”. Andy Bochman and others at INL. This is pure FUD, and I explain a more reasona... Read more

    Share
    Mark as Played

    In this episode I speak with Ralph Langner of Langner Communications about the ICS Product Security Market. Ralph is famous for his work on Stuxnet, and he has done a lot of great work before and after Stuxnet. For the last two years he has set aside his decades of being in the ICS Security Consulting business and focused on developing the product he feels his clients have needed. In this podcast we cover a lot of ground including:... Read more

    Share
    Mark as Played

    Blake Sobczak, a reporter for Energy & Environment News, has been on fire lately with his coverage of electric sector cybersecurity. It seems like I'm consistently retweeting his stories and putting them into my Friday News & Notes email (are you subscribed?). So I brought him on the podcast to talk about it. To me the most interesting discussion starting at 34:55 about decisions to cover stories that are promoted by ICS security v... Read more

    Share
    Mark as Played
    July 17, 2018 67 min

    Andy Bochman with INL joins me to discuss their Consequence-Driven, Cyber-Informed Engineering methodology (CCE). It is appealing because it places emphasis on the often neglected consequence part of the risk equation. I think you'll hear me struggling to make sense of some of the concepts in the CCE and questioning a number of the underlying precepts and value of stages of the methodology. One of the reasons is there is limited in... Read more

    Share
    Mark as Played
    June 12, 2018 69 min

    Michael Assante is my guest for this episode. He has a storied career and recently won the RSA Conference Award for Excellence in Information Security. Mike was the VP/CSO of NERC CIP, active at INL in the Aurora demonstration, led the development and implementation of the SANS ICS Security Training program, and even began working as CSO for an electric utility. In this episode we discuss: Mike's receiving the RSA award and what th... Read more

    Share
    Mark as Played
    May 15, 2018 61 min

    The buzzwords "cyber hygiene" is being said and written by many of the guru's in the ICS security community. It's hard to argue that basic hygiene is bad, but what is and isn't cyber hygiene? I recorded a 3-person pod with Marty Edwards of the Automation Federation and Michael Toecker of Context Industrial Security. They were selected because they used the term, and all three of us had different views on what cyber hygiene means an... Read more

    Share
    Mark as Played

    In the last two months Bryan Owen attended the SANS ICS Security Summit, DHS ICSJWG, RSA, OSIsoft's PI World, and LOGIIC (Oil/Gas/Gov consortium). Since most listeners like me aren't able to attend these events I thought we could find out what's happening from Bryan. Why Bryan attends events. Is it worthwhile for an ICS security professional to attend RSA? What areas at RSA did he find most valuable? Mike Assante from the ICS worl... Read more

    Share
    Mark as Played

    Chat About Unsolicited Response Podcast

    Popular Podcasts

    The Daily
    The Daily
    This moment demands an explanation. This show is on a mission to find it.
    The Ron Burgundy Podcast
    The Ron Burgundy Podcast
    Will Ferrell reprises his role as Ron Burgundy in his brand new Ron Burgundy Podcast! Each episode has a different theme in which Ron engages in conversation with another notable person on the topic at hand.
    Stuff You Should Know
    Stuff You Should Know
    If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks then look no further. Josh and Chuck have you covered.