Unsolicited Response Podcast

Unsolicited Response Podcast

Dale Peterson interviews guests who are pushing and prodding the ICS community to improve cyber security, as well as those in related fields with innovative ideas the ICS community should consider. Dale began his career as a NSA Cryptanalyst, has been securing ICS for over 15 years, and is the founder and program chair of the S4 Conference.... Show More
July 16, 2019 68 min

In this episode of the Unsolicited Response Podcast I interview Megan Samford and Rick Cherney of Rockwell Automation.

We cover two main topics. First, we discuss how they are dealing with vulnerabilities reported to them by researchers and other means. We focus on how this has progressed over the years as well as how vendors could provide more useful vulnerability and remediation information to their customers.

Second we discuss the Rockwell Automation getting past the Insecure By Design issue that has plagued the Level 1 / PLC devices. Most notably the signed firmware and ICS protocol security in CIP Security. We also delve into the challenges of getting CIP Security deployed in both green field and legacy systems.

I begin the podcast with a brief tribute to Mike Assante's unique skills and how they helped the ICS security effort. They pale in importance to the tributes of Mike as a father, friend and mentor, but nevertheless were impressive and hopefully some can pick up the load.

Links

  • CIP Security Video from S4
  • Rockwell Automation Security Home Page
  • Rockwell Automation Industrial Security Advisory Index (Requires Account Registration)
  • Factory Talk Policy Manager Getting Results Guide (CIP Security Configuration Software)
  • S4x20 Call For Presentations
  • Just three of the many Mike Assante tributes are an article on CSO from Aaron TurnerRob Lee’s blog and a final message from Mike to the community.
  • Sponsors

    This episode was sponsored by CyberX. Founded by military cyber experts with nation-state expertise defending critical infrastructure, CyberX has developed an end-to-end platform for continuous ICS threat monitoring and risk mitigation.

    This episode was sponsored by aeSolutions. aeSolutions is an engineering and consulting company specializing in process safety and industrial cybersecurity. aeSolutions has pioneered the CyberPHA methodology which is a proven method to assess industrial control system (ICS) cybersecurity risk leveraging well established process safety techniques.

    Share
    Mark as Played

    Chat About Unsolicited Response Podcast

    Popular Podcasts

    The Daily
    The Daily
    This moment demands an explanation. This show is on a mission to find it.
    The Ron Burgundy Podcast
    The Ron Burgundy Podcast
    Will Ferrell reprises his role as Ron Burgundy in his brand new Ron Burgundy Podcast! Each episode has a different theme in which Ron engages in conversation with another notable person on the topic at hand.
    Stuff You Should Know
    Stuff You Should Know
    If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks then look no further. Josh and Chuck have you covered.