![Unsolicited Response artwork](https://is3-ssl.mzstatic.com/image/thumb/Podcasts113/v4/67/7d/bf/677dbf92-cee0-9e43-7362-7bd9d94d7b8e/mza_1994127428239385031.jpg/100x100bb.jpg)
CISA Attack Surface Scanning Service
Unsolicited Response
English - December 06, 2023 13:05 - 30 minutes - 27.9 MB - ★★★★★ - 12 ratingsTechnology iiot dalepeterson digitalbond icssecurity scadahacking scadasecurity Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Engineering-Grade OT Security with Andrew Ginter
Next Episode: Q4 ICS Security Quarter In Review
Dale is joined by Steve Pozza, CISA Section Chief of Operational Resilience, and Tom Millar, CISA Branch Chief of Resilience, to discuss some of CISA's security services for asset owners. They discuss:
The Internet accessible attack surface enumeration and vulnerability scanning surface. Asset owners can buy products or services to do this. Why is the government doing this? What CISA is doing with this attack surface data? How is CISA measuring the success of this service offering? Other broadly available services and tools, the cybersecurity performance goals (CPG assessment) ~500 done in 2023 (and their thinking about self-assessments), Malcom traffic analysis tool, and a couple of other tools.Links
CISA Vulnerability Scanning Services Malcolm Tool