AI is coming and industrial security is an issue. Join us as Leo Simonovich VP at Siemens Energy joins us to look at both in the context of the energy transition - burning fewer fuels to achieve the same industrial process goals.

How hard is it for an attacker to dig around in my network? Robin Berthier of Network Perception joins us to look at new network segmentation evaluation and visualization technology that lets us see at a glance how much trouble, or not, we're in.

Precision farming is heavily automated, as are the "food factories" essential to feeding the world's population. Marcus Sachs at the McCrary Institute at Auburn University joins us to look at the threats, the challenges and opportunities to secure our food supplies from cyber risk.

From supply chain to Active Directory to segmentation designing security into ICS products is hard. Jake Hawkes walks us through how security gets built into AVEVA Enterprise SCADA.

We have a security program, we have a risk assessment, we see gaps and we have a limited budget. How do we use that budget most effectively? Jørgen Hartig, CEO at SecuriOT joins us to look at a decision support tool to help answer the question. https://securiot.dk/securiot-irt

You plug in a USB drive and your laptop starts smoking - nasty. Mario Prieto Sanlés of AuthUSB joins us to look at the nastiest of USB attacks, and what we can do about them.

Smart meters, smart cities and the IIoT - when thousands of systems of millions of low-power devices need to talk to each other, and talk between systems, managing trust is hard. Dr. Chris Gorog of BlockFrame walks us through the problem and the work BlockFrame and the University of Colorado have been doing to solve the problem.

Moving from IT or engineering roles into OT security is harder than it should be. Mike Holcomb of Fluor has written eBooks & provides a newsletter to help people with that transition. In this episode, Mike reflects on his own evolution into OT security and gives advice to others looking at making the move.

Our enemies cooperate, and so must we. Aurelio Blanquet walks us through the activities of the European Energy ISAC, with a focus on building the trust that is essential to enabling the cooperation that we need to work together. Aurelio Blanquet - EE-ISAC Nov 21

The industrial security initiative was triggered by the 9/11 attack on the World Trade Center. Aaron Turner, on the faculty at IANS Research, helped investigate laptop computers used by 9/11 attackers and joined up with Michael Assante to persuade government authorities to launch what has become today's industrial cybersecurity industry. Aaron takes us through the formative years - from 9/11 to the Aurora generator demonstration.

Cybersecurity and IEC 62443 are increasingly relevant to building automation. Parking garages contain safety-critical CO2 sensors that control fans, the MGM breach is in the news and standards bodies are debating minimum security levels for different kinds of systems. Kyle Peters of Intelligent Buildings joins us to look at IEC 62443-2-1 style security assessments of modern buildings and what we can learn from those assessments.

Adversaries who can physically touch a target have a huge advantage when it comes to compromising that target. Mike Almeyda of Force5 joins us to look at tools for physical security that support cybersecurity, especially for the North American NERC CIP standards.

From aging equipment to regulators who must approve every patch, securing safety-critical rail systems is hard, but has to be done. Miki Shifman, CTO and Co-Founder at Cylus, joins us to talk about the problem and what many owners and operators are doing solution-wise.

Job seekers say there are no OT security job postings. Hiring managers say nobody is applying to their posts. Amanda Theel and Eddy Mullins of Argonne National Labs walk us through recruiting issues, especially for fresh grads.

Data centers are critical information infrastructures, with a lot of associated physical infrastructure. Vlad-Gabriel Anghel of Data Center Dynamics Academy walks us through these very recent additions to critical infrastructures, and digs into industrial / OT security needs and solutions for the space.

Active defense or "intrusion prevention" deep into industrial networks has long been thought of as not workable. Youssef Jad - CTO at CyVault - joins us to talk about a new approach to OT active defense that is designed for sensitive OT / industrial environments.

Patching is hard in many industrial / OT systems - the risk the new code poses to operations is comparable to the risk of a cyber attack. But - the vulnerability does not go away just because patching is hard. Rick Kaun, VP Solutions at Verve Industrial joins us to look at what to patch, when to patch, and automation to help make the whole process faster, easier and cheaper.

Modern automobiles contain hundreds of CPUs and a CANbus network or three connecting these devices. Thieves are hacking the CANbus to steal cars. Worse is possible. Ken Tindell, CTO at Canis joins us to look at the problem and at what the automobile industry is doing about these embedded control systems.

NERC CIP, the new TSA pipeline and rail directives and other regulations can be very expensive - to comply with and to prove to an auditor that you comply. Kathryn Wagner of Assurx joins us to look at what and how we can automate this process to save time and money.

All physical processes involve risk - sometimes very big risk. Dr. Janaka Ruwanpura from the University of Calgary joins us to look at where cyber risks fit into the big picture of risk at industrial organizations, and at roles and responsibilities for managing risk throughout an organization.

OT systems are critical to mining safety. Rob Labbe, the chair of the Metals and Mining ISAC joins us to look at six steps to integrating IT & OT networks and security programs in this very sensitive environment.

Risk assessments are a staple of industrial security programs. Paul Piotrowski, a Principal OT Cybersecurity Engineer at Shell, walks us through a deep dive into his experience using IEC 62443-3-2 risk assessments and the lessons he's learned, with lots of examples.

Getting an industrial site started on the cybersecurity road can be hard. Matthew Malone of Yokogawa joins us to look at strategies to shake loose funding, trigger conditions that can jump-start investments, and stumbling blocks and how to address them.

SSVC is a new standard decision process for deciding what to do about new vulnerabilities and patches. Thomas Schmidt of the German BSI joins us to look at how SSVC decision trees work, and where and why to use them.