Unsolicited Response
Dale Peterson interviews the innovators in ICS / SCADA cyber security as well as the top talent in related fields. It is the podcast for those who want more information similar to what is presented at the annual S4 event each January in Miami South Beach.
Episodes
Few topics get as much heat as the current, future, and ideal relationship between OT and IT. One of the first posts someone just discovering OT makes is how OT is different than IT. As you dig deeper into OT you find an increasing case of the technology, processes, and even the people being similar to IT.
In this 90 minute long conversation format, we will try to bring some enlightenment to this question with a specially curated g...
Dale Peterson discusses with Maggie how she got into OT security, her recent move to the Financial Sector, women in ICS security, and more.
If you're not interested in S4, skip this episode. Dale goes over the feedback from the survey and S4 Event's own thoughts on the event, Tampa, and more.
Dale Peterson speaks with Joel Langill, the SCADAHacker, about his new training course entitled Conducting Threat, Vulnerability, and Risk Assessments For ICS. A two day version of this course will be offered prior to S4x25.
Of course Dale and Joel jump around a bit on training, the workforce and other items. Take a listen.
Stewart Baker is one of the preeminent lawyers on topics of cyber law with an impressive career in and out of government. Stewart also hosts the Cyberlaw podcast.
The Biden administration is contending that vendors should be held liable for security deficiencies in their products.
Assuming this is turned into law and/or executive orders, what does it mean? What can we learn from other liability law to inform us what would be requi...
Dale Peterson interviews Rob Lee on the S4 Main Stage. They cover a lot of ground and Rob is never shy about sharing his opinions and analysis.
They discuss:
- Rob’s first S4
- PIPEDREAM deployed v. employed distinction … and why 2 years later is it still the most dangerous ICS malware?
- Are we really more homogenous?
- What makes a group something that Rob/Dragos tracks as an ICS focused attacker?
- If the answer to intel is do the ba...
Chris Hughes and Nikki Robinson recently wrote the book Effective Vulnerability Management. Dale and Chris discuss the topic and book including:
-
The definition and scope of vulnerabilities. It’s much more than coding errors that need patches.
-
Are ICS protocols lacking authentication “vulne...
Waterfall Security Solutions and ICSSTRIVE put out an annual threat report that Dale Peterson believes is the best in OT. Why? It only includes incidents that had physical consequences on systems monitored and controlled by OT.
Dale and Andrew discuss:
-
What is in and out of scope for the report.
Patrick Miller has OT cybersecurity experience as an asset owner, PacificCorp. As a regulator and one of the first NERC CIP auditors with WECC. As a community organizer creating and leading EnergySec and the BeerISAC. And as an entrepreneur creating and leading a number of consulting practices. He is currently the Founder of Ampyx Cyber.
In this episode Patrick and Dale discuss:
Emma Stewart joins Dale to discuss the 3 big OT & ICS security stories from the first quarter. They end by giving their win, fail and prediction for Q1.
In this solosode episode Dale reviews the status of his three predictions from the Q1, 2 and 3 quarter in review episodes and answers a listener question.
Dale is joined by Steve Pozza, CISA Section Chief of Operational Resilience, and Tom Millar, CISA Branch Chief of Resilience, to discuss some of CISA's security services for asset owners. They discuss:
- The Internet accessible attack surface enumeration and vulnerability scanning surface.
- Asset owners can buy products or services to do this. Why is the government doing this?
- What CISA is doing with this attack surface data?
- How...
Andrew Ginter published his third book this year: Engineering-Grade OT Security. Dale interviews Andrew on the book including:
- Who was the target reader that Andrew wrote the book for?
- Do (should) professional engineers lose their licenses for poor and dangerous cybersecurity design and deployments?
- The use of the term engineering grade, and how he defines it.
- Unhackable protection and safety controls as a major part of engin...
This week is a Dale Peterson solosode.
Updates and Announcements
Dale provides updates about S4x24 ticket sales and announces the Women In ICS Security program and sponsor package.
Main Topics
- Asset Inventory in Cybersecurity: Dale challenges the common security mantra "You can't protect what you don't know," using examples from both physical and cyber domains. He notes many of the comments on this week's article missed the ma...
Kelly joins Dale to discuss her new book Security Chaos Engineering: Sustaining Resilience in Software and Systems. Kelly points out the second part of the title is the most descriptive, and she is not a big fan of the Chaos term that has taken hold.
They discuss:
- A quick description of Security Chaos Engineering
- Is there similarity or overlap with the CCE or CIE approach?
- The value of decision trees
- Her view of checklists of...
Popular Podcasts
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The official podcast of comedian Joe Rogan.
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Special Summer Offer: Exclusively on Apple Podcasts, try our Dateline Premium subscription completely free for one month! With Dateline Premium, you get every episode ad-free plus exclusive bonus content.
Listen to 'The Bobby Bones Show' by downloading the daily full replay.
The latest news in 4 minutes updated every hour, every day.