7 episodes

Named one of the world's top information security podcasts, The Security Ledger Podcast offers in-depth interviews with the top minds in information (cyber) security. Hosted by Paul Roberts, Editor in Chief of The Security Ledger, each podcast is a conversation about the cyber security stories making headlines and about the most important trends in the information security space including security and the Internet of Things, the latest cyber threats facing organizations and new paradigms for securing data and devices. A must listen if "cyber" is your thing!

The Security Ledger Podcasts The Security Ledger

    • Technology
    • 4.3 • 9 Ratings

Named one of the world's top information security podcasts, The Security Ledger Podcast offers in-depth interviews with the top minds in information (cyber) security. Hosted by Paul Roberts, Editor in Chief of The Security Ledger, each podcast is a conversation about the cyber security stories making headlines and about the most important trends in the information security space including security and the Internet of Things, the latest cyber threats facing organizations and new paradigms for securing data and devices. A must listen if "cyber" is your thing!

    Episode 240: As Stakes Of Attacks Grow, Can Cyber Policy “Shift Right”?

    Episode 240: As Stakes Of Attacks Grow, Can Cyber Policy “Shift Right”?

    In this episode of the podcast (#240) Lauren Zabierek, the Executive Director for the Cyber Project at the Belfer Center at Harvard’s Kennedy School joins us to talk about the need for a re-think national cyber policy, as major hacks like the attack on Colonial Pipeline put the focus on resilience and public safety.







    [MP3]















    The Biden Administration entered office with a lot on its plate. In addition to a raging pandemic, Washington D.C. was still sweeping up the broken glass from the worst attack on the  nation’s capitol since the British sacked Washington in the war of 1812. On the cyber front, Biden’s January inauguration came just weeks after the disclosure of one of the most serious and significant cyber attacks on the U.S. government – the hack of IT management vendor SolarWinds by a group  believed to be affiliated with the Russian FSB. 







    Lauren is the Executive Director of Cyber Project at Belfer Center For Science and International Affairs at Harvard’s Kennedy School





    In our first conversation with Lauren just after the inauguration, we talked about the emerging Biden cyber agenda an many lofty goals the administration had for improving the nation’s cyber defense, including issuing a Cyber Executive Order and appointing new leaders for CISA, the Cybersecurity and Information Security Agency, and filling the new position of National Cyber Director. 







    Checking in…







    How is the administration doing? And how have the events of the last two years (including the ransomware attack on the Colonial Pipeline) changed the calculus for national cyber defense? 







    Feel Good Ukraine Tractor Story Highlights Ag Cyber Risk







    To answer those questions, we invited Lauren Zabierek back into the studio. Lauren is the Executive Director of the Cyber Project at the Belfer Center for Science and International Affairs at Harvard’s Kennedy School.







    Episode 234: Rep. Jim Langevin on Cyber Policy in an Age of Political Polarization







    In this conversation, Lauren and talk about the successes (so far) in the Administration’s cyber planning, and where there’s work left to do. We also dig into how incidents like the Colonial pipeline hack have amplified calls for federal, state and local governments to “shift right” in their thinking and strategies, to focus on the potential impacts of crippling cyber attacks on critical infrastructure and the economy. 







    A local presence for CISA?







    In a recent article on the website War on the Rocks, penned jointly with Graham Kennis, Lauren wrote that, while the federal government has made strides in its cyber readiness, there is a greater need for close public-private partnerships. On the ground in states and localities,

    • 29 min
    Episode 239: Power shifts from Russia to China in the Cyber Underground

    Episode 239: Power shifts from Russia to China in the Cyber Underground

    In this episode of the podcast (#239) we speak with Naomi Yusupov, a Chinese Intelligence Analyst at the threat intelligence firm CyberSixgill about that company’s new report: The Bear and the Dragon: Analyzing the Russian and Chinese Cybercriminal Communities. 







    As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and Spotify. Or, check us out on Google Podcasts, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted. 















    As Russia’s war on Ukraine, and Western nations’ sanctions against Russia for its aggression begin to bite, one big question is what role countries like China will play in the conflict. While nominally an ally of Russia, China has so far refused to violate Western sanctions on shipping technology and military supplies. But what about cyber space?  







    And, while initial expectations of major cyber attacks didn’t come to pass, cyber operations have so far played an important role in the conflict, with Russians releasing custom wiper malware against Ukrainian targets in the early days of the war, and Ukraine striking back with targeted hacks and denial of service attacks on Russian government organizations and companies. 







    Naomi Yusupov is a Cyber Intelligence Analyst at CyberSixGill





    Ukraine war spills into Cyber Underground







    The war and wartime alliances have also spilled over into the Dark Web and the cybercriminal underground. Russia has long looked the other ways at domestic cyber crime groups so long as they carried out operations on non—Russian entities. And there has been speculation that some Russian cybercriminals do double duty as contractors for Russia’s FSB and other government entities. Those close ties have affiliated ransomware group Conti saw tens of thousands of chat logs leaked in March by a Ukrainian  cybersecurity researcher who infiltrated that group.







    A threat actor advertises one-on-one hacking tutorials on a Chinese language dark web forum. (Image courtesy of Cybersixgill.)





    Episode 214: Darkside Down: What The Colonial Attack Means For The Future of Ransomware







    Like Russia, China has also invested heavily in cyber operations  – from industrial espionage to cyber offensive capabilities. Also like Russia,

    • 23 min
    Episode 238: Robots Are The Next Frontier In Healthcare Cyber Risk

    Episode 238: Robots Are The Next Frontier In Healthcare Cyber Risk

    In this episode of the podcast (#238) we speak with Daniel Brodie, the CTO at the firm Cynerio. about his firm’s discovery of a string of critical security flaws in an autonomous medical robot, TUG, that is already deployed in hundreds of clinical settings. We also talk about the larger and growing issue of medical device insecurity and cyber risks to healthcare providers.







    As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and Spotify. Or, check us out on Google Podcasts, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted. 







    [MP3]















    There was one clear message out of hearings on Capitol Hill this month on the cybersecurity of the healthcare sector: the cyber risk to clinical environments is growing – fast. 







    Daniel Brodie is the Chief Technology Officer at Cynerio.





    We’ve already seen the evidence of that. There was the October 2020 ransomware attack that shut down large parts of the University of Vermont (UVM) Health Network – an incident that cost tens of millions of dollars in damages. And there was the May, 2021 attack on San Diego-based Scripps Health which forced the health system to take a portion of its IT system offline for several weeks, and the theft of data on 150,000 patients. 







    Robots Driving Cyber Risk







    Episode 223: CISA Looks To Erase The Security Poverty Line







    But there’s another factor driving medical cyber risk: automation. As hospitals and healthcare providers turn to new technologies – including robots- to lower the costs of providing care, they are becoming more vulnerable to cyber attacks and disruption.  







    A case in point is the alert that CISA, the Cybersecurity and infrastructure Security Agency, issued in early April...

    • 35 min
    Episode 237: Jacked on the Beanstalk – DeFi’s Security Debt Runs Wide, Deep

    Episode 237: Jacked on the Beanstalk – DeFi’s Security Debt Runs Wide, Deep

    This weekend, the decentralized finance platform Beanstalk Farms acknowledged that it was the latest victim of a sophisticated cyber attack, with an estimated $182 million stolen in an attack that exploited Beanstalk’s majority vote governance system to approve an illicit transfer of crypto currency assets.







    According to reporting by the Verge and other outlets, Beanstalk – which describes itself as a “decentralized credit based stablecoin protocol”- was robbed via a sophisticated attack that saw malicious actors exploit Beanstalk’s governance mechanism by which participants can vote collectively on changes to the code, with votes proportional to the value of tokens that they hold.







    What SolarWinds Tells Us About Securing the Software Development Supply Chain







    Jennifer Fernick is the Senior Vice President & Global Head of Research NCC Group.







    According to monitoring firms, the attack saw hackers use a “flash loan” to borrow close to $1 billion in cryptocurrency assets, which they used to buy a supermajority voting stake in Beanstalk Farms. That voting power was then used to execute code that transferred an estimated $182 million in Beanstalk cryptocurrency assets to their own wallet. The attacker then instantly repaid their flash loan, netting an $80 million profit when it was all said and done.







    2021: A big year for DeFi…and DeFi hacks







    The Beanstalk hack, however, is just the latest to affect so-called “decentralized finance” (or DeFi) systems – and not even close to the largest one, at that.







    In fact, even as ads for cryptocurrencies and crypto exchanges filled the airwaves during the Super Bowl, massive hacks and attacks on many of those same platforms were raising red flags among regulators, not to mention information security and cryptography pros. Of the 10 largest cryptocurrency hacks of all time, three have occurred in just the last 18 months. And that doesn’t even capture the slew of smaller scale hacks and compromises of cryptocurrency platforms or individual wallets. 







    If cryptocurrencies based on the block chain are destined to supplant sovereign currencies, based on the backing of central banks and globally accepted rules of commerce, they will need to prove that they are at least as secure. And yet, as the Beanstalk hack indicates: many DeFi applications and platforms suffer from the same problems as any other web applications, namely: business logic flaws, exploitable software holes, vulnerable protocols and rampant supply chain vulnerabilities. 







    The (security) challenges of inventing your own money







    In this episode of the podcast, we’re joined by someone who has been thinking long and hard about the security of Decentralized Finance. Jennifer Fernick (@enjenneer) is the Senior Vice President & Global Head of Researcha href="https://research.nccgroup.

    • 39 min
    Episode 236: Cyberwar Takes A Back Seat In Ukraine (For Now)

    Episode 236: Cyberwar Takes A Back Seat In Ukraine (For Now)

    Ahead of the Russian invasion of Ukraine, Western experts almost unanimously predicted a cyberwar would precede crippling kinetic attacks. Two weeks in, we have yet to see them. But that doesn’t mean that cyber is off the table. In this podcast, we sit down with Christian Sorensen, the former lead of the international cyber warfare team at US Cyber Command and CEO of cybersecurity firm, SightGain, to talk about what we’ve learned so far from Russia’s war in Ukraine, and what may be coming next.















    Even before Russian bombs and missiles started dropping in Kiev and other cities on February 24, Ukraine’s government was working to beat back attacks on critical government computer systems and networks. In the days leading up to the beginning of Russia’s kinetic attack on Ukraine, a series of denial of service attacks targeted Ukraine’s Ministry of Defense and other government agencies. 







    Christian Sorensen is the CEO of SightGain.





    Then, on the eve of the invasion, a pair of new “wiper” programs were spotted infecting  and disabling computer systems within Ukraine. 







    Cyberwar on simmer in Ukraine…for now







    Still, more than two weeks after the beginning of hostilities, many cyber security experts say that the cyber-component of Russia’s war on Ukraine has not played out as expected and that Vladimir Putin has still not unleashed his most ferocious cyber offensive weapons. Twenty first century cyber attacks, relatively, have taken a back seat to the 20th century’s planes, bombs and bullets. 







    Episode 214: Darkside Down: What The Colonial Attack Means For The Future of Ransomware







    Why is that, and what may be coming as the conflict in Ukraine drags on? To answer those questions we invited Christian Sorensen, former lead of the international cyber warfare team at USCYBERCOM and CEO of cybersecurity firm, SightGain,in to the studio to talk about the conflict, what may be coming next and what we’re learning about Russia’s cyber offensive capabilities. 







    Episode 202: The Byte Stops Here – Biden’s Cyber Agenda







    In this conversation, Christian said that Russia may be holding back its cyber arsenal because such attacks would provide relatively little advantage to its army and expose its cutting edge capabilities. With soldiers and tanks on the ground and surrounding major Ukrainian cities, he said, Russia’s objective is clear.







    Still, cyber attacks may come to play a more important role down the line – including against U...

    • 35 min
    Episode 235: Justine Bone of MedSec on Healthcare Insecurity

    Episode 235: Justine Bone of MedSec on Healthcare Insecurity

    In this episode of the podcast (#235) Justine Bone, the CEO of Medsec, joins Paul to talk about cyber threats to healthcare organizations in the age of COVID. Justine’s firm works with hospitals and healthcare organizations to understand their cyber risk and defend against attacks, including ransomware.







    As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and Spotify. Or, check us out on Google Podcasts, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted. 















    In May of 2021, Ireland’s Health Service Executive (HSE), the country’s publicly funded healthcare system, suffered a major attack by the Conti ransomware group. The attack was the most significant to date on an Irish government agency and essentially froze HSE’s IT systems, which are used by the agency’s 54 public hospitals. The outage lasted for four months , forcing health staff to revert to using pen and paper. With 80% of HSE’s IT environment encrypted by the CONTI gang, the Irish government had to pay millions of dollars to recover from. Healthcare delivery at HSE facilities was deeply affected during the crisis, as well, according to an HSE report. 







    Episode 223: CISA Looks To Erase The Security Poverty Line







    Justine Bone is the CEO of the Firm MedSec.      







    The report identified a number of failings by HSE, from a lack of a single, coordinated cybersecurity function at the massive agency, to a failure to properly identify and respond to clear indicators of attack prior to the deployment of the CONTI ransomware. 







    Healthcare: cyber risk everywhere







    While it is natural to think “it could never happen here,” a recent report by the Department of Health and Human Services in the U.S. concludes just the opposite. US healthcare organizations should make a study of the HSE hack from last year and take steps to prevent a similar type of attack from occurring at their facilities. 







    Episode 218: Denial of Sustenance Attacks -The Cyber Risk To Agriculture







    But how?

    • 35 min

Customer Reviews

4.3 out of 5
9 Ratings

9 Ratings

AnneViola ,

Excellent and informative

My go-to source for security trends and news, with a well-rounded selection of guests. Paul has an affable yet hard-hitting interview style and always gets the best out of his subjects.

LStar-BOS ,

great cyber security podcast!

One of the best and most thoughtful podcasts on the cyber security space. Interviews with hackers, executives, activists and leading policy makers and academics. A 'must-listen' if information security is your thing!

Top Podcasts In Technology

Lex Fridman
Jason Calacanis
NPR
Jack Rhysider
Recode & The Verge
Jason Calacanis

You Might Also Like

CISO Series
ITWC
TWiT
BBC World Service
New York Magazine
The Daily Wire