Hack the Plant
34 episodes - English - Latest episode: 4 days ago - ★★★★★ - 22 ratingsElectricity. Finance. Transportation. Our water supply. In Hack the Plant, podcast host Bryson Bort looks for answers to the question: Does connecting these systems, and others, to the internet leaves us more vulnerable to attacks by our enemies? We often take these critical infrastructure systems for granted, but they’re all becoming increasingly dependent on the internet to function. From the ransomware threats of Colonial Pipeline to the failure of the Texas power grid, it is clear our interconnectivity is also a significant source of risk. Hack the Plant walks through the world of hackers working on the front lines of cyber security and public safety to protect the systems you rely upon every day.
Hack the Plant is brought to you by ICS Village and the Institute for Security and Technology.
ICS Village is a nonprofit that equips industry experts and policymakers with the tools to better defend our critical infrastructure. We educate people on critical infrastructure security with hands-on examples, not just nerd stuff. Catch us at an event near you! www.icsvillage.com.
The Institute for Security and Technology is a nonprofit think tank with the mission to bridge gaps between technology and policy leaders to help solve these emerging security problems together. Learn more at securityandtechnology.org.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
The ICS Hacker
April 23, 2024 10:00 - 33 minutes - 31 MBClaroty is a cybersecurity company that helps organizations to secure cyber-physical systems across industrial (OT), healthcare (IoMT), and enterprise (IoT) environments: the Extended Internet of Things (XIoT). In this episode, Bryson Bort sits down with Claroty director of research and industrial control system (ICS) vulnerability expert Sharon Brizinov to discuss everything ICS. What are the most common vulnerabilities threatening ICS security? What’s the impact of cybersecurity control...
Securing, Defending, and Bringing Resilience to Infrastructure
February 28, 2024 11:00 - 36 minutes - 33.6 MBPsymetis creates Operational Technology (OT) security solutions that quickly and prevent electric grid outages and catastrophic infrastructure failures. Psymetis’ Werewolf system provides condition monitoring and threat mitigation for the power grid, detecting cyberattacks, equipment failures, and physical damage in real-time. In this episode of Hack the Plant, Bryson sits down with Psymetis CEO Robert Shaughnessy to discuss his work with Psymetis, challenges to innovation in the private s...
CISA’s Critical Infrastructure Protection Mission with Jen Easterly
February 02, 2024 14:00 - 50 minutes - 46.6 MBAs America’s Cyber Defense Agency and the National Coordinator for Critical Infrastructure Security and Resilience, the Cybersecurity and Infrastructure Security Agency (CISA) leads the national effort to understand, manage, and reduce risk to the cyber and physical infrastructure that Americans rely on every day. In this episode of Hack the Plant, Bryson sits down with CISA Director Jen Easterly to discuss her work on leading CISA’s critical infrastructure mission, implementing efforts to...
Ensuring Cybersecurity for Amtrak
December 19, 2023 19:57 - 42 minutes - 39 MBI’m joined by Jesse Whaley, the Chief Information Security Officer at Amtrak, for this episode of Hack the Plant. Amtrak is the nation's largest passenger rail service provider and one of the most complex and critical transportation systems in the world. We discuss what it takes to oversee Amtrak’s digital assets and infrastructure, and what it takes to keep them secure. “The company had a safety culture. Before every meeting before every job site that workers went out to on the railro...
Open Source Data Visualization for Cyber Threats
November 21, 2023 00:08 - 39 minutes - 36.2 MBI’m joined by Dan Ricci, founder of the ICS Advisory Project, for this episode of Hack the Plant. The ICS Advisory Project is a free, open-source platform that helps asset owners across 16 critical infrastructure sectors stay secure by identifying threats in their environments. “I saw a gap in the community. There's good data that's coming at us…but no one did anything to take and make that data more digestible through visualization. So I decided, okay, well, I'm just going to do it now. I...
Cyber Threat Intelligence Over the Past 25 Years
October 31, 2023 21:17 - 49 minutes - 45 MBI’m joined by Jason Healey, a Senior Research Scholar at Columbia University’s School for International and Public Affairs, for this episode of Hack the Plant. Jason is a pioneer of cyber threat intelligence, with experience spanning fifteen years across the public and private sectors. Today, we discuss a recent article Jason published at Lawfare, looking at 25 years of White House cyber policies, from the Clinton to the Biden administrations. We explore how regulatory policy has become mo...
Architecting Threat Responses
October 31, 2023 21:15 - 46 minutes - 43 MBI’m joined by David Patrick Emmerich, the Principal Cyber-Physical Range Architect at the University of Illinois, for this episode of Hack the Plant. We’re here today to talk about RADICS, a DARPA project. RADICS stands for Rapid Attack Detection, Isolation and Characterization Systems. We discuss David’s role in building automated data collection and set up simulations and testing, and how the process of doing vulnerability discovery for physical assets helps asset owners. “ ‘These are...
Managing Incident Responses to Critical Infrastructure Attacks
April 03, 2023 16:00 - 43 minutes - 39.6 MBFor today’s episode, I’m joined by Lesley Carhart. Lesley is the Director of Incident Response for North America at the industrial cybersecurity company Dragos, Inc. She leads incident response and proactively hunts for threats in customers’ ICS environments. Lesley was the incident response team lead at Motorola Solutions, and retired from the United States Air Force. Today, we dive into the kinds of active threats out there that incident response deals with: “We see insider cases, both ...
Idaho National Labs and the Next Generation of Critical Infrastructure Security
March 06, 2023 05:00 - 32 minutes - 29.7 MBFor today’s episode, I’m joined by Zach Tudor, the Associate Laboratory Director at Idaho National Laboratory (INL). INL is a Department of Energy national laboratory, is the nation's leading center for nuclear energy research and development. Zach is responsible for INL’s Nuclear Nonproliferation, Critical Infrastructure Protection and Defense Systems missions. We discuss how INL partners with the private sector to test challenges to critical infrastructure, and the cutting edge work INL i...
Resilience and Safety for Electric Co-Ops
December 05, 2022 05:00 - 33 minutes - 30.9 MB“One of my favorite topics is disaster resilience. We do quite a bit of work on what mutual assistance looks like and how to improve mutual assistance, how to rebuild systems once they've been hit by something terrible. My more recent interesting example was when a tornado had gone through a co-op and they were looking for what to do when their data server was just plain missing. It was Dorothy essentially over to somewhere else and they were asking us: Is it a data breach?” - Emma Ste...
Threats to Industrial Control Systems
November 07, 2022 16:42 - 33 minutes - 30.7 MB“What's been most concerning is the rise of wiper malware. Threat actors are no longer interested in hey we're going to lock up all of your data. We're going to encrypt everything and force you to pay a ransom and then maybe give you the decryption key. Now with wiper malware they're just completely wiping it. … This year there's been a total of 5 wiper malwares that has been targeting critical infrastructure. So I think everyone should be very aware of that.” -Roya Gordon For today's epis...
Cyber threats to agriculture and food production
September 13, 2022 13:00 - 34 minutes - 31.6 MB“Agriculture and cybersecurity has just run under the radar. We're talking about something that's one fifth of the us economy right? This is this is a huge deal here in the US, and globally as well … We can begin get the right expertise and collateral assembled so we're not the next ransomware victim or we have enough resiliency built into our operations that if we get we get hit and we get smoked our recovery will be easier and our our financial losses will be minimized.” - Joe Marshall ...
Accelerating Innovation in Electric & Gas
September 13, 2022 13:00 - 33 minutes - 30.9 MB“Most industrial economies only consume about 20% our total end use energy in the form of electricity. The rest, we consume by basically combusting fossil fuel … You could get all of your electricity from wind and solar and you've still only solved 20% of your carbon problem. A lot of the investments we've made at Energy Impact Partners are actually in electrification. Basically electrifying all that stuff that today is fueled directly by fossil fuel but in the future could be fueled by elec...
Training the Cyber Workforce of the Future
April 04, 2022 13:37 - 29 minutes - 26.9 MB“You can only cover about 65% of the cybersecurity workforce demand with the existing workforce today. So we need to do something to address that gap. We need to either build that workforce or re-skill existing individuals that are looking to get into new fields. That's the approach that we're taking. So the need is there. We know that cyber risk is there. We know that adversaries are constantly re-skilling and skilling up as well. And we need to build a protective workforce around that.” - ...
Diversity in Power Systems Distribution
March 28, 2022 12:43 - 36 minutes - 33.4 MB“How do we talk about all the great things we're doing in our communities, in optimizing and trying to reduce carbon, and looking at new solutions and coming up with different technologies that can help advance to help keep prices down and keep reliability up. We're really spoiled at times in the US with how often we have our power. I've had to travel on all seven continents and had times where I didn't have power because the grid was down in other countries.” Dr. Noel Schulz In this episod...
The future of cybersecurity education?
February 01, 2022 01:47 - 40 minutes - 36.7 MB“I've been educating now for about eight years within the college system and that hands-on experiential learning is critical. When I have students do something that's like a scenario based off of different security assessments I've done or just weaving in some real world stuff, they thrive. They really get excited. They walk away from it energized.” - Dennis Skarr In this episode of Hack the Plant, Dennis Skarr of Everett Community College joins us to talk about an industrial cybersecurity ...
INL - Wind energy and cybersecurity challenges
December 07, 2021 14:09 - 41 minutes - 37.7 MBWind energy is one of the most rapidly growing energy generation sources in the US - how can these renewable systems stay resilient in the face of cyber attacks as the industry grows? In this episode, we hear from Megan Culler and Keith Mecham of Idaho National Labs (or INL). Megan Culler is a Power Engineer and Researcher; Keith Mecham is a Critical Infrastructure Cybersecurity Engineer. INL is a Federally funded research and development center (FFRDC): public-private partnerships which c...
Cyber Challenges to Securing Our Electric System - California and Beyond
November 01, 2021 12:59 - 40 minutes - 36.7 MB“Initially it was looking at specific types of attacks and thinking how those could be utilized against our systems, but then it became more sophisticated in thinking of how these attacks could be coordinated together by larger actors? …. I think that regulation's role is more to draw attention and provide you with a base minimum, and then from there, it's the responsibility of those industries of those actors to step up and design the systems and implement true security.” - David Coher Ho...
Innovation in Critical Infrastructure
October 04, 2021 13:25 - 51 minutes - 47.6 MB“We had to go out and talk to experts and just have the conversations and then be brutally honest about what those people were telling us about the problem. In many cases, we didn't even tell them what we were thinking about doing. We would call them up and say, "How are you securing your industrial control systems today?" and just listen.” - Joshua Steinman “We really learned to go in, us. Instead of imposing what we thought the problem would be for other asset owners, really let them tell...
AI and Critical Infrastructure
September 06, 2021 14:03 - 29 minutes - 26.6 MBWhen will hard infrastructure have machine learning capabilities? It might be sooner than you think. Ariel Stern, formerly an engineer in the Israeli Ministry of Defense and a civil infrastructure project manager, currently CEO of Ayyeka, which offers remote monitoring for industrial Internet of Things (IoT) systems. Ariel has a forward-looking approach to creating resilience in critical infrastructure…anticipating that we are entering a new era for critical infrastructure….from IoT data cre...
Biden Admin's Cybersecurity Executive Order
July 27, 2021 14:47 - 39 minutes - 36.1 MBOn May 12, 2021, the Biden Administration issued an Executive Order “On Improving the Nation’s Cybersecurity.” This came in the wake of ransomware attacks drawing national attention: Solar Winds, Colonial Pipeline, and more. We take a deep dive into the Executive Order, and what it means for public and private efforts to keep our critical infrastructure safe with two attorneys and cybersecurity experts. Megan Brown is a Partner at Wiley Rein. She has deep expertise in cybersecurity and d...
ERCOT and the Texas Power Outage
June 28, 2021 21:09 - 32 minutes - 29.7 MBIn February, severe winter storms and an electricity generation failure left almost 5 million people in Texas without power, leading to hundreds of deaths, and a shortage of heat, food and water. The Electric Reliability Council of Texas (ERCOT) manages the flow of electric power to more than 26 million Texas customers. How did the massive power failure happen? What does this power outage suggest about the resilience of our critical infrastructure? Beth Garza, former director of ERCOT and s...
Department of Defense Policy and ICS Security
May 31, 2021 16:01 - 45 minutes - 41.3 MBDaryl Haegley is the Director of Cyberspace Mission Assurance and Deterrence at the Department of Defense. Daryl oversees cybersecurity efforts to secure control systems (ICS) and operational technology (OT), and focuses on bringing awareness to the ever-increasing cyber threats. He has 30 years of military, civilian and commercial consulting experience. He has successfully advocated to change laws, DoD policy and standards, and academic curricula while initiating the first comprehensive fac...
The Congressman, The Commission, and Our Critical Infrastructure
April 26, 2021 15:05 - 56 minutes - 51.9 MBCongressman Mike Gallagher (R-Wis.) has been instrumental in setting up the Cyberspace Solarium Commission, a bipartisan, intragovernmental body whose goal is to help create a strategic approach to defending the United States from cyber attacks of significant consequence (and for listeners of this podcast, that definitely means attacks on our critical infrastructure). Congressman Gallagher's background in the Marines, and work in the public and private sectors, gives him a unique position t...
On the Front Lines with Rob Lee
March 29, 2021 18:21 - 45 minutes - 42.1 MBRob Lee, the CEO and founder of the industrial cybersecurity company, Dragos, is a pioneer in the ICS threat intelligence and incident response community. Before Dragos, Rob served as a cyber operations officer in the U.S. Air Force tasked to the National Security Agency, helping protect industrial infrastructure - an issue that leaders around the world are now wrestling with. As he likes to put it, "The threat is worse than you realize but not as bad as you want to imagine."
DoD and Critical Infrastructure
February 22, 2021 13:04 - 41 minutes - 38.6 MBThe Army Cyber Institute has been testing the cybersecurity preparedness of cities around the country in an experiment called Jack Voltaic. It is a major, multi-sector public private exercise aimed at understanding critical infrastructure dependencies on force deployment. We're joined by Lt. Col. Douglas Fletcher - chief data scientist - and Lt. Col Erica Mitchell - key resources research lead for critical infrastructure - to talk about their findings.
Critical Infrastructure Protection & ICS
January 26, 2021 14:50 - 39 minutes - 36.5 MBFor today's episode, I'm joined by Dale Peterson, who is on the leading edge of helping security conscious asset owners in a range of sectors effectively manage and reduce cyber risk to their Industrial Control Systems (known as an “ICS”). ICS is a computer system that monitors or controls a physical process. They exist everywhere: power generation, water supply systems, transmission, product manufacturing. We talk today about some of the key cyber vulnerabilities in these systems, and the ...
Critical Response for Critical Infrastructure
December 28, 2020 15:15 - 34 minutes - 31.9 MBMegan Samford is the first woman Chief Product Security Officer in industrial control systems (ICS) manufacturing. She's spent time in both the private and public sectors, from Rockwell Automation and General Electric to serving two governors of Virginia and their offices of homeland security. She is also spearheading a project to develop a common language and framework for cyber security between governments, private sector and first responders in the space. Or, as she puts it: "I believe t...
BEER and Cyber
December 01, 2020 20:13 - 36 minutes - 33.7 MBPatrick Miller sits at the intersection of cybersecurity and regulation because, as he likes to say, "those two don't fit well." Beyond his decades of work in the space, he also co-founded BEER-ISAC, a network of individuals who comprise the human component of critical infrastructure security. They share war stories, information, intelligence and - as the name says - drinks. In this episode, Patrick explains the difference between compliance and security in the evolving space defending criti...
Oil, Gas and Cybersecurity in the Middle East
October 26, 2020 10:00 - 42 minutes - 39.1 MB"Securing and having the right measures of cybersecurity relates to the national security of the whole country and our national income." Reem Al-Shammari is the chief information security officer for the Kuwait Oil Company. She sits at the intersection of a massive swath of her country's economy - oil and gas - and the need to secure it against emerging threats faster than government regulations can be established. Because Al-Shammari works within a global industry, she also has to help ensu...
The Nightmare: A Story by AI
October 19, 2020 09:00 - 34 minutes - 31.3 MBThe second half of our interview with author and strategist P.W. Singer. He discusses his latest book - Burn In - where he translates real-world research about Artificial Intelligence into a glimpse at a future we’re not too far away from if things go wrong and we do not protect ourselves. "In our lifetime for the next year 10 or 20 years, artificial intelligence is not about a rebellion of the robots (a-la the Terminator). It's industrial revolution. It's a rewiring of business, military, ...
Where is the Cavalry?
September 28, 2020 09:00 - 49 minutes - 45.4 MBHackers may be our best, last hope as our dependence on connected technology is increasing faster than our ability to safeguard ourselves. This episode you will learn about I Am the Cavalry - a volunteer organization of cybersecurity experts devoted to improving the security of medical devices, transportation, connected homes, and infrastructure - and its co-founder, Joshua Corman, who serves as an ambassador between the security community and federal officials protecting us on the front lin...
The Future of War with P.W. Singer
August 31, 2020 19:00 - 38 minutes - 35.6 MB“Our dependence on connected technology is growing faster than our ability to secure it, especially in areas affecting public safety and human life.” Author and strategist P.W. Singer examines the future of war, and explains the difficulty in securing critical infrastructure against cyber attacks and technologies that are cheaper and easier for foreign and non-state actors to acquire. He also discusses how he uses the "technothriller" novel type to communicate his nonfiction research to more...
Trailer - Hack the Plant
August 22, 2020 14:07 - 2 minutes - 2.11 MBLearn more about ICS village at http://www.icsvillage.com. Learn more about the R Street Institute at http://www.rstreet.org. Follow Bryson Bort on Twitter @BrysonBort. Follow the R Street Institute on Twitter @RSI.