Error Code

ROI is always a tricky subject in cybersecurity. If you’re paying millions of dollars in securing your OT networks, you’d want to be able to show that it was worth it. Andrew Hural of UnderDefense talks about the need for continuous vigilance, risk management, and proactive defense, acknowledging both the human and technological elements in cybersecurity and how just because something didn’t happen doesn’t mean that it didn’t.

Zero Trust is a security model based on default-deny policies and fine-grained access control governed by identity, authentication, and contextual signals. For RSAC 2025, John Kindervag, Chief Evangelist of Illumio and the creator of Zero Trust, talks about introducing a "protect surface" into legacy OT systems —isolating critical data, applications, assets, or services into secure zones for targeted Zero Trust implementation.

Gone are the days when you could repair your own car. Even ICE cars have more electronics than ever before. Alexander Pick is an independent hardware hacker specializing in automotive systems. He says if you start off small, like looking at ECUs, there’s a lot of great research yet to be done by both hobbyists and professionals alike.

It’s becoming easier for criminals to use counterfeit or altered chips in common office products, such as printer toner cartridges, with the aim of espionage or simple financial gain. Tony Moor, Senior Director Of Silicon Lab Services For IOActive, explains how the hacking embedded silicon within common objects in our day to day lives is becoming more common, and what the consequences of this lack of security might mean.

Embedded devices need basic security measures like multi-factor authentication and unique credentials to reduce vulnerabilities and protect against cyber threats. Mauritz Botha, co-founder and CTO of XiO Inc., explains that cloud-based SCADA can update old systems and provide the visibility that’s currently missing.

As industrial enterprises lurch toward digital transformation and Industry 4.0, a new report looks at the security OT systems and finds it wanting. Grant Geyer, the Chief Strategy Officer for Claroty, talks about the findings from over one million devices in the field today, and what industries must do now to secure them.

Imagine your best worst day during a cyber attack. Can you switch to manual systems in case of a failure? Has your team practiced for that? Dave Gunter, OT Cybersecurity Director at Armexa, discusses how a water and waste water utility in Kansas responded correctly to a cyberattack in 2024 by falling back to manual and issuing clear, and concise press releases to assure the public that their water was safe to drink.

This is the story of how the security of OT devices in the field can be modernized virtual isolation in the cloud, adding both authentication and encryption into the mix. Bill Moore, founder and CEO of Xona, explains how you can virtualize the OT network and interact with it, adding 2FA and encryption to legacy systems already in the field. 

This is the story of the secret life of cellular chips and why we need to mitigate against the unintended access they provide. Deral Heiland, Principal Security Research for IoT at Rapid 7, describes a research project he presented at the IoT Village at DEF CON 32 where they compiled AT command manuals from various vendors, discovering unexpected functionalities, such as internal web services.

What would happen if your GPS signal were jammed? It would impact more than just navigation – you'd also lose access to financial data and power. Joe Marshall, Senior IoT Strategist and Threat Researcher at Cisco Talos, discusses an innovative solution to maintain the country's power grid operations in the event of GPS jamming, whether it's a precautionary measure or an act of war.

Political hacktivism once mainly focused on website defacement. Now it has shifted to targeting physical devices, affecting critical infrastructure such as water treatment plants. At Black Hat USA 2024, Noam Moshe from Claroty highlighted how the HMIs in PLC devices from Israeli manufacturers may be susceptible to political attacks by nation-state actors using unknown vulnerabilities in the PComm protocol.

Too few vulnerabilities in industrial control systems (ICS) are assigned CVEs because of client non-disclosure agreements. This results in repeatedly discovering the same vulnerabilities for different clients, especially in critical infrastructure. Don C. Weber from IOActive shares his experiences as an ICS security professional and suggests improvements, including following the SANS best practices for ICS security..