Unsolicited Response Podcast

The S4 Closing Panel is always a candid discussion on where the community is in securing ICS, where we are succeeding and where need to do better. This year I was joined by Rob Lee of Dragos and Zach Tudor of INL.

Also note that the S4x20 Call For Presentations closes on Thursday (August 15).

In this episode of the Unsolicited Response Podcast I interview Megan Samford and Rick Cherney of Rockwell Automation.

We cover two main topics. First, we discuss how they are dealing with vulnerabilities reported to them by researchers and other means. We focus on how this has progressed over the years as well as how vendors could provide more useful vulnerability and remediation information to their cus... Read more

Forescout's acquisition of SecurityMatters for $113M in cash was the first major exit from the OT Detection Space (or broader passive monitoring market as you will hear in the podcast). I spoke with Brian Proctor about a number of issues including:

In this episode, I interview Jonathan Homer, the Chief of the Industrial Control Systems Group / Hunt and Incident Response Team at DHS.

We discuss:

The ICS Detection Market has achieved almost all of the funding and attention the last two years, including my analysis. Last month Baysh... Read more

This recording is from a panel discussion on understanding and reducing the consequence side of the risk equation (risk = consequence * likelihood). Joining me in this discussion are:

In a recent article a researcher proclaimed it's "not hard for a hacker to capsize a ship at sea". This was quickly followed by the Viking Sky cruise ship having its engines shut off due to a sensor reading.

Not knowing much about maritime control systems I brought two experts from Moran Cyber on the podcast t... Read more

I went back to the RSA Conference for the first time in over a decade. Here is my 25-minute report on the event for those considering attending or participating in the future.

Includes:

I interviewed Robert Graham on the S4x19 Main Stage. Robert has an illustrious career in cyber security products including the creator of BlackIce and the first network IPS. We brought him to the S4 Stage for his contrarian views.

Some of the topics we discussed in the podcast:

This episode of the Unsolicited Response Podcast features a discussion on the S4x19 Main Stage with Brad Hegrat, Joel Langill and Dale Peterson. The question: Is the Purdue Model Dead? The three coalesced around an answer (unexpected). And it's not dead, but also not terribly useful going forward in helping with OT network architecture. Have a listen, maybe you will get a different takeaway. Links S4 Events YouTube Channel Dale's... Read more

The first Unsolicited Response episode of 2019 is a shorter solo-sode. It begins with my four major takeaways from 2018 Finally figuring out the OT / IT issue Consequence based risk reduction Detection market acceleration and shake out The ICS bane called Cyber Hygiene And then at 10:20 in the podcast I've included my S4x19 minute mini-keynote Create The Future, with a bit of help from Patrick Miller, Eireann Leverett and Rob Lee... Read more

In this Unsolicited Response episode I interview Rob Lee of Dragos and Rob Smith of INL on a Department of Energy funded program called Neighborhood Keeper. The program attempts to provide threat detection and intelligence in an easy and affordable way to small and medium sized asset owners. Originally these are in the Energy sector, given the funding source. While Dragos is providing the technology and service, there are a lot of ... Read more

I’m trying something a bit different in this short 22 minute episode. I rant about two flawed ICS mantras that are gaining traction and detract from useful discussions, and there is an overview of the S4x19 agenda and OnRamp training. 1:47 Mantra: “If you are in critical infrastructure, you will be targeted. If you are targeted, you will be compromised”. Andy Bochman and others at INL. This is pure FUD, and I explain a more reasona... Read more

In this episode I speak with Ralph Langner of Langner Communications about the ICS Product Security Market. Ralph is famous for his work on Stuxnet, and he has done a lot of great work before and after Stuxnet. For the last two years he has set aside his decades of being in the ICS Security Consulting business and focused on developing the product he feels his clients have needed. In this podcast we cover a lot of ground including:... Read more

Blake Sobczak, a reporter for Energy & Environment News, has been on fire lately with his coverage of electric sector cybersecurity. It seems like I'm consistently retweeting his stories and putting them into my Friday News & Notes email (are you subscribed?). So I brought him on the podcast to talk about it. To me the most interesting discussion starting at 34:55 about decisions to cover stories that are promoted by ICS security v... Read more

Andy Bochman with INL joins me to discuss their Consequence-Driven, Cyber-Informed Engineering methodology (CCE). It is appealing because it places emphasis on the often neglected consequence part of the risk equation. I think you'll hear me struggling to make sense of some of the concepts in the CCE and questioning a number of the underlying precepts and value of stages of the methodology. One of the reasons is there is limited in... Read more

Michael Assante is my guest for this episode. He has a storied career and recently won the RSA Conference Award for Excellence in Information Security. Mike was the VP/CSO of NERC CIP, active at INL in the Aurora demonstration, led the development and implementation of the SANS ICS Security Training program, and even began working as CSO for an electric utility. In this episode we discuss: Mike's receiving the RSA award and what th... Read more

The buzzwords "cyber hygiene" is being said and written by many of the guru's in the ICS security community. It's hard to argue that basic hygiene is bad, but what is and isn't cyber hygiene? I recorded a 3-person pod with Marty Edwards of the Automation Federation and Michael Toecker of Context Industrial Security. They were selected because they used the term, and all three of us had different views on what cyber hygiene means an... Read more

In the last two months Bryan Owen attended the SANS ICS Security Summit, DHS ICSJWG, RSA, OSIsoft's PI World, and LOGIIC (Oil/Gas/Gov consortium). Since most listeners like me aren't able to attend these events I thought we could find out what's happening from Bryan. Why Bryan attends events. Is it worthwhile for an ICS security professional to attend RSA? What areas at RSA did he find most valuable? Mike Assante from the ICS worl... Read more