Unsolicited Response Podcast

Unsolicited Response Podcast

Dale Peterson interviews guests who are pushing and prodding the ICS community to improve cyber security, as well as those in related fields with innovative ideas the ICS community should consider. Dale began his career as a NSA Cryptanalyst, has been securing ICS for over 15 years, and is the founder and program chair of the S4 Conference.... Show More

Episodes

October 29, 2019 51 min

Marina Krotofil has been able to view the ICS security world from a number of perspectives. Beginning as an academic; working for an ICS vendor (Honeywell); working for an ICS security products and services company (FireEye); and now working for a large European petrochemical company. A consistent thread through her work is a focus on the engineering side of the problem, on cyber/physical.

In this podcast we talk about th... Read more

Share
Mark as Played

In this episode Dale interviews Sean McBride. Sean was on some of the earliest Unsolicited Response episodes when he was a Founder and Analyst with Critical Intelligence, the first ICS Threat Intel company. The first 10 minutes of the interview discuss the state of ICS threat intel today.

Then the discussion shifts to Sean's current job and passion, creating and running an ICS Cybersecurity Associates... Read more

Share
Mark as Played
October 6, 2019 51 min

I sat down with Patrick Miller in Sochi, Russia after we both presented at the Kaspersky KICS event. We cover the electric sector beyond NERC CIP, recruiting and retaining ICS security talent, what Patrick is currently passionate about in ICS security and more.

Share
Mark as Played
August 14, 2019 37 min

The S4 Closing Panel is always a candid discussion on where the community is in securing ICS, where we are succeeding and where need to do better. This year I was joined by Rob Lee of Dragos and Zach Tudor of INL.

Also note that the S4x20 Call For Presentations closes on Thursday (August 15).

Links

  • S4x20 Call For Presentations<... Read more

    Share
    Mark as Played
  • July 16, 2019 68 min

    In this episode of the Unsolicited Response Podcast I interview Megan Samford and Rick Cherney of Rockwell Automation.

    We cover two main topics. First, we discuss how they are dealing with vulnerabilities reported to them by researchers and other means. We focus on how this has progressed over the years as well as how vendors could provide more useful vulnerability and remediation information to their cus... Read more

    Share
    Mark as Played

    Forescout's acquisition of SecurityMatters for $113M in cash was the first major exit from the OT Detection Space (or broader passive monitoring market as you will hear in the podcast). I spoke with Brian Proctor about a number of issues including:

  • What it was like moving from an asset owner to a vendor
  • The best way for an asset owner to recruit or develop ICS security talent in this high dem... Read more

    Share
    Mark as Played
  • In this episode, I interview Jonathan Homer, the Chief of the Industrial Control Systems Group / Hunt and Incident Response Team at DHS.

    We discuss:

  • What changes will asset owners see with the creation of CISA organization in DHS?
  • A detailed discussion of the metrics DHS will use to determine if they are successful / having an impact?
  • Why or if DHS is competing with indust... Read more

    Share
    Mark as Played
  • The ICS Detection Market has achieved almost all of the funding and attention the last two years, including my analysis. Last month Baysh... Read more

    Share
    Mark as Played
    May 14, 2019 38 min

    This recording is from a panel discussion on understanding and reducing the consequence side of the risk equation (risk = consequence * likelihood). Joining me in this discussion are:

  • John Cusimano of aeSolutions and their CyberPHA
  • Andy Bochman of INL and their Read more

    Share
    Mark as Played
  • April 2, 2019 52 min

    In a recent article a researcher proclaimed it's "not hard for a hacker to capsize a ship at sea". This was quickly followed by the Viking Sky cruise ship having its engines shut off due to a sensor reading.

    Not knowing much about maritime control systems I brought two experts from Moran Cyber on the podcast t... Read more

    Share
    Mark as Played
    March 20, 2019 25 min

    I went back to the RSA Conference for the first time in over a decade. Here is my 25-minute report on the event for those considering attending or participating in the future.

    Includes:

  • the first RSA Conferences and when cybersecurity first looked like a real market
  • tips on working the massive RSA Expo Floor
  • interview with Thomas Van Norman on the ICS Village at RSA
  • should an ICS security v... Read more

    Share
    Mark as Played
  • February 27, 2019 41 min

    I interviewed Robert Graham on the S4x19 Main Stage. Robert has an illustrious career in cyber security products including the creator of BlackIce and the first network IPS. We brought him to the S4 Stage for his contrarian views.

    Some of the topics we discussed in the podcast:

  • The downside to IoT regulation and virtue signaling
  • Likely threat agents, broad not specific targets and the birthday paradox
  • ... Read more

    Share
    Mark as Played
    February 11, 2019 34 min

    This episode of the Unsolicited Response Podcast features a discussion on the S4x19 Main Stage with Brad Hegrat, Joel Langill and Dale Peterson. The question: Is the Purdue Model Dead?

    The three coalesced around an answer (unexpected). And it's not dead, but also not terribly useful going forward in helping with OT network architecture. Have a listen, maybe you will get a different takeaway.

    Links... Read more

    Share
    Mark as Played

    The first Unsolicited Response episode of 2019 is a shorter solo-sode. It begins with my four major takeaways from 2018

  • Finally figuring out the OT / IT issue
  • Consequence based risk reduction
  • Detection market acceleration and shake out
  • The ICS bane called Cyber Hygiene
  • And then at 10:20 in the podcast I've included my S4x19 minute mini-keynote Create The Future, with a bit of help from... Read more

    Share
    Mark as Played
    November 8, 2018 60 min

    In this Unsolicited Response episode I interview Rob Lee of Dragos and Rob Smith of INL on a Department of Energy funded program called Neighborhood Keeper. The program attempts to provide threat detection and intelligence in an easy and affordable way to small and medium sized asset owners. Originally these are in the Energy sector, given the funding sour... Read more

    Share
    Mark as Played
    October 17, 2018 21 min

    I’m trying something a bit different in this short 22 minute episode. I rant about two flawed ICS mantras that are gaining traction and detract from useful discussions, and there is an overview of the S4x19 agenda and OnRamp training.

    1:47 Mantra: “If you are in critical infrastructure, you will be targeted. If you are targeted, you will be compromised”. Andy Bochman and others at INL. This is pure FUD, and I explain a mo... Read more

    Share
    Mark as Played

    In this episode I speak with Ralph Langner of Langner Communications about the ICS Product Security Market. Ralph is famous for his work on Stuxnet, and he has done a lot of great work before and after Stuxnet. For the last two years he has set aside his decades of being in the ICS Security Consulting business and focused on developing the product he feels his clients have needed.

    In this podcast we cover a lot of ground ... Read more

    Share
    Mark as Played

    Blake Sobczak, a reporter for Energy & Environment News, has been on fire lately with his coverage of electric sector cybersecurity. It seems like I'm consistently retweeting his stories and putting them into my Friday News & Notes email (are you subscribed?). So I brought him on the podcast to talk about it.

    To me the most interesting discussion starting at 34:55 about decisions to cover stories that are prom... Read more

    Share
    Mark as Played
    July 17, 2018 67 min

    Andy Bochman with INL joins me to discuss their Consequence-Driven, Cyber-Informed Engineering methodology (CCE). It is appealing because it places emphasis on the often neglected consequence part of the risk equation.

    I think you'll hear me struggling to make sense of some of the concepts in the CCE and questioning a number of the underlying precepts and value of stages of the methodology. One of the reasons is there... Read more

    Share
    Mark as Played
    June 12, 2018 69 min

    Michael Assante is my guest for this episode. He has a storied career and recently won the RSA Conference Award for Excellence in Information Security. Mike was the VP/CSO of NERC CIP, active at INL in the Aurora demonstration, led the development and implementation of the SANS ICS Security Training program, and even began working as CSO for an electric utility.

    In this episode we discuss:

    Mike's receiving the ... Read more

    Share
    Mark as Played

    Chat About Unsolicited Response Podcast

    Popular Podcasts

    The Joe Rogan Experience
    The Joe Rogan Experience
    Joe Rogan's Weekly Podcast
    Bad Batch
    Bad Batch
    Patients in search of a miracle cure end up in critical condition. The race is on to find out what went wrong before more people get hurt. The trail leads back to a medical company with slick marketing and a charismatic CEO. And to a multibillion dollar stem cell industry where greed and desperation collide. Laura Beil, the award-winning host and reporter of “Dr Death,” returns for this six-part investigative series from Wondery, the makers of “Dirty John” and “The Shrink Next Door.”
    The Ron Burgundy Podcast
    The Ron Burgundy Podcast
    Will Ferrell reprises his role as Ron Burgundy in his brand new Ron Burgundy Podcast! Each episode has a different theme in which Ron engages in conversation with another notable person on the topic at hand.