Unsolicited Response

Dale Peterson: ICS Security Catalyst and S4 Conference Chair
Unsolicited Response

Dale Peterson interviews the innovators in ICS / SCADA cyber security as well as the top talent in related fields. It is the podcast for those who want more information similar to what is presented at the annual S4 event each January in Miami South Beach.

  1. MAR 13

    Unsolicited Response with Maggie Morganti

    Dale Peterson discusses with Maggie how she got into OT security, her recent move to the Financial Sector, women in ICS security, and more.

    49 min

  2. MAR 6

    S4x25 Feedback & Review

    If you're not interested in S4, skip this episode. Dale goes over the feedback from the survey and S4 Event's own thoughts on the event, Tampa, and more.

    23 min

  3. 11/13/2024

    Joel Langill On His New OT Security Training Class And More

    Dale Peterson speaks with Joel Langill, the SCADAHacker, about his new training course entitled Conducting Threat, Vulnerability, and Risk Assessments For ICS. A two day version of this course will be offered prior to S4x25.  Of course Dale and Joel jump around a bit on training, the workforce and other items. Take a listen.

    51 min

  4. 07/10/2024

    S4x24 Main Stage Interview With Stewart Baker

    Stewart Baker is one of the preeminent lawyers on topics of cyber law with an impressive career in and out of government. Stewart also hosts the Cyberlaw podcast. The Biden administration is contending that vendors should be held liable for security deficiencies in their products.  Assuming this is turned into law and/or executive orders, what does it mean? What can we learn from other liability law to inform us what would be required for a vendor to be held liable for a security issue? How would the judgment / damages be determined.  Dale's note: We talk about the SEC charges against SolarWinds in this interview.

    31 min

  5. 06/26/2024

    S4x24 Main Stage Interview With Rob Lee

    Dale Peterson interviews Rob Lee on the S4 Main Stage. They cover a lot of ground and Rob is never shy about sharing his opinions and analysis. They discuss: Rob’s first S4 PIPEDREAM deployed v. employed distinction … and why 2 years later is it still the most dangerous ICS malware? Are we really more homogenous? What makes a group something that Rob/Dragos tracks as an ICS focused attacker? If the answer to intel is do the basics, do I need intel? What ICS specific data was VOLTZITE exfiltrating? What countries are targeting critical infrastructure? Is it realistic to expect any country to not target its adversaries CI? Threat actors focused on manufacturing How should an asset owner measure the effectiveness of their detection solution?

    34 min

  6. 05/15/2024

    Chris Hughes, Author of Effective Vulnerability Management

    Chris Hughes and Nikki Robinson recently wrote the book Effective Vulnerability Management. Dale and Chris discuss the topic and book including: The definition and scope of vulnerabilities. It’s much more than coding errors that need patches. Are ICS protocols lacking authentication “vulnerabilities” The reality that most organizations have 100’s of thousands of unpatched vulnerabilities. Some statistics and will this change. Ways to prioritize what vulnerabilities you address. The SSVC decision tree approach that was introduced at S4 as Never, Next, Now Tooling … vulnerability management, software configuration, ticketing, remediation. And much more.   Links: Effective Vulnerability Management, https://www.amazon.com/Effective-Vulnerability-Management-Vulnerable-Ecosystem/dp/1394221207/ Dale’s ICS-Patch Decision Tree, https://dale-peterson.com/wp-content/uploads/2020/10/ICS-Patch-0_1.pdf

    44 min

  7. 05/03/2024

    2024 Threat Report – OT Cyber Attacks with Physical Consequences

    Waterfall Security Solutions and ICSSTRIVE put out an annual threat report that Dale Peterson believes is the best in OT. Why? It only includes incidents that had physical consequences on systems monitored and controlled by OT.  Dale and Andrew discuss: What is in and out of scope for the report. The breakdown of the 68 incidents that occurred in 2023 by industry sector, cause, threat actor and more. The impact reporting requirements may have on these numbers in the future. What percentage of OT cyber incidents with physical consequences are made public. Ransomware on IT causing physical consequences, exfil v. encryption, and what asset owners should do given this represents 80% of the known incidents in the report. And more. Links: 2024 Threat Report: https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/2024-threat-report-ot-cyberattacks-with-physical-consequences/  ICSSTRIVE: https://icsstrive.com S4 Events YouTube Channel: https://youtube.com/s4events

    53 min

  8. 04/24/2024

    State Of NERC CIP, European Update and OT Security Community

    Patrick Miller has OT cybersecurity experience as an asset owner, PacificCorp. As a regulator and one of the first NERC CIP auditors with WECC. As a community organizer creating and leading EnergySec and the BeerISAC. And as an entrepreneur creating and leading a number of consulting practices. He is currently the Founder of Ampyx Cyber.   In this episode Patrick and Dale discuss: Why Patrick changed the company name and selected Talinn as the location for the new European office. The major differences in approaches to OT cybersecurity and risk management between Europe and the US. (more than just regulatory differences) What has the EU learned or improved on regulation from NERC CIP. What is the current state of NERC CIP regulatory risk? Are the regulated entities understanding and meeting the standards’ requirements? The challenge of slow NERC CIP modifications, eg virtualization and cloud. Bad standard & good regulator v. good standard & bad regulator. Should water follow the NERC CIP model as recommended by AWWA? How Patrick is dealing with AI.   Links Ampyx Cyber: https://ampyxcyber.com Patrick’s Critical Assets Podcast: https://amperesec.com/podcast Subscribe to Dale’s ICS Security Friday News & Notes: https://friday.dale-peterson.com/signup Advertise on Unsolicited Response: https://dale-peterson.com/advertising/

    47 min
See All (52)

4.9
out of 5
14 Ratings

About

Dale Peterson interviews the innovators in ICS / SCADA cyber security as well as the top talent in related fields. It is the podcast for those who want more information similar to what is presented at the annual S4 event each January in Miami South Beach.

Information

  • Creator
    Dale Peterson: ICS Security Catalyst and S4 Conference Chair
  • Years Active
    2017 - 2025
  • Episodes
    52
  • Rating
    Clean
  • Copyright
    © 2023. Digital Bond, Inc.
  • Show Website
    Unsolicited Response

You Might Also Like

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes, and get the latest updates.
Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada