Hack the Plant Bryson Bort

“So our main product in Claroty is an idea solution. And in order for an idea solution to work properly, it needs to have a really good understanding and visibility into the protocols, to the network traffic. And so I started in Claroty as a protocol researcher, meaning I was trying to understand how industrial protocols operate, and this means I had to research a lot of ICS equipment to really understand what types of data, different components in the ICS network, exchange, how do they operate? What are the different protocols and how can we understand what they mean?” - Sharon Brizinov

Sharon Brizinov is director of research at Claroty, a cybersecurity company focused on protecting industrial control system. In this episode, Bryson and Sharon cover Sharon’s career, his experience in the ICS industry, and more.

“If something is going to take a couple of billion dollars to develop and there's not a known, validated commercial return associated with it, why would any private industry take that on? It's really the role of government.”
-Robert Shaughnessy

Robert Shaughnessy, CEO of operational technology security company Psymetis, joins us for this episode of Hack the Plant. We discuss his work with Psymetis, challenges to innovation in the private sector, and the role of government in developing new technologies.

"Critical infrastructure is just how we get our water and our health care and our education and our transportation and our communication and how we get gas at the pump and money from the ATM. It really is the networks and the systems and the data that we rely upon every hour of every day and that power our lives."
- Jen Easterly

Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA) joins us for this episode of Hack the Plant. We discuss her work on leading CISA’s critical infrastructure mission, implementing efforts to make products Secure by Design, and working with private companies to combat ransomware.

“My strategy was built around people, process, and technique … After about a year of working through that strategy, I realized something was missing. I wasn't getting the traction that I needed. And what I realized what was missing was the culture. The company didn't have the culture for cybersecurity, because it wasn't anything anybody thought of previously.”
-Jesse Whaley

Jesse Whaley, the Chief Information Security Officer at Amtrak joins us for this episode of Hack the Plant. We cover key aspects of keeping Amtrak’s digital assets and physical infrastructure secure. We discuss how Jesse has built up a diverse talent pipeline for the work cyber force, and the role that has played in staffing Amtrak’s cybersecurity. Join us to learn more.

“Within the cybersecurity community, we build cybersecurity tools for other cybersecurity professionals. We don't really build cybersecurity tools designed or intuitive for the operators that need to use it. With ICS Advisory, I focused on how do we just put this in plain language that makes sense for them? Not over using overuse of acronyms, speaking plainly about the vulnerabilities, and really trying to do that with breaking out the common vulnerability scoring system.
-Dan Ricci

Today’s episode focuses on the ICS Advisory Project, an open source platform that helps asset owners across sixteen critical infrastructure sectors stay secure. Dan Ricci, its founder, joins us to discuss how data visualization translates into more accessible information for the industrial control systems operators on the ground – and how they can use that information to identify weaknesses in their environments. Join us to learn more.

“The White House has been trying to get their arms around solutions for 25 years. If you look back at the very earliest White House document (Presidential Decision Directive 63), it came out in 1998. They're focused on critical infrastructure. They say, within five years, most of America’s critical infrastructure will be secure, as if it was a one off as if we could just get it right once, and then it would just be secure. But of course, we have intelligent adversaries, and we keep inventing new technology.”
-Jason Healey

Jason Healey, a Senior Research Scholar at Columbia University’s School for International and Public Affairs, joins us for this episode of Hack the Plant. We discuss an article he recently published at the Lawfare Institute, looking at 25 years of White House cyber policies, from the Clinton to the Biden Administrations. What changes have we made in our regulatory approach over the past 25 years? What are current strengths - and threats - in our cyber defense systems? Join us to learn more.