52 episodes

Dale Peterson interviews the innovators in ICS / SCADA cyber security as well as the top talent in related fields. It is the podcast for those who want more information similar to what is presented at the annual S4 event each January in Miami South Beach.

Unsolicited Response Dale Peterson: ICS Security Catalyst and S4 Conference Chair

    • Technology
    • 4.9 • 14 Ratings

Dale Peterson interviews the innovators in ICS / SCADA cyber security as well as the top talent in related fields. It is the podcast for those who want more information similar to what is presented at the annual S4 event each January in Miami South Beach.

    Chris Hughes, Author of Effective Vulnerability Management

    Chris Hughes, Author of Effective Vulnerability Management

    Chris Hughes and Nikki Robinson recently wrote the book Effective Vulnerability Management. Dale and Chris discuss the topic and book including:
    The definition and scope of vulnerabilities. It’s much more than coding errors that need patches.
    Are ICS protocols lacking authentication “vulnerabilities”
    The reality that most organizations have 100’s of thousands of unpatched vulnerabilities. Some statistics and will this change.
    Ways to prioritize what vulnerabilities you address.
    The SSVC decision tree approach that was introduced at S4 as Never, Next, Now
    Tooling … vulnerability management, software configuration, ticketing, remediation.
    And much more.
     
    Links:
    Effective Vulnerability Management, https://www.amazon.com/Effective-Vulnerability-Management-Vulnerable-Ecosystem/dp/1394221207/
    Dale’s ICS-Patch Decision Tree, https://dale-peterson.com/wp-content/uploads/2020/10/ICS-Patch-0_1.pdf
     

    • 43 min
    2024 Threat Report – OT Cyber Attacks with Physical Consequences

    2024 Threat Report – OT Cyber Attacks with Physical Consequences

    Waterfall Security Solutions and ICSSTRIVE put out an annual threat report that Dale Peterson believes is the best in OT. Why? It only includes incidents that had physical consequences on systems monitored and controlled by OT. 
    Dale and Andrew discuss:
    What is in and out of scope for the report.
    The breakdown of the 68 incidents that occurred in 2023 by industry sector, cause, threat actor and more.
    The impact reporting requirements may have on these numbers in the future.
    What percentage of OT cyber incidents with physical consequences are made public.
    Ransomware on IT causing physical consequences, exfil v. encryption, and what asset owners should do given this represents 80% of the known incidents in the report.
    And more.
    Links:
    2024 Threat Report: https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/2024-threat-report-ot-cyberattacks-with-physical-consequences/ 
    ICSSTRIVE: https://icsstrive.com
    S4 Events YouTube Channel: https://youtube.com/s4events

    • 53 min
    State Of NERC CIP, European Update and OT Security Community

    State Of NERC CIP, European Update and OT Security Community

    Patrick Miller has OT cybersecurity experience as an asset owner, PacificCorp. As a regulator and one of the first NERC CIP auditors with WECC. As a community organizer creating and leading EnergySec and the BeerISAC. And as an entrepreneur creating and leading a number of consulting practices. He is currently the Founder of Ampyx Cyber.
     
    In this episode Patrick and Dale discuss:
    Why Patrick changed the company name and selected Talinn as the location for the new European office.
    The major differences in approaches to OT cybersecurity and risk management between Europe and the US. (more than just regulatory differences)
    What has the EU learned or improved on regulation from NERC CIP.
    What is the current state of NERC CIP regulatory risk? Are the regulated entities understanding and meeting the standards’ requirements?
    The challenge of slow NERC CIP modifications, eg virtualization and cloud.
    Bad standard & good regulator v. good standard & bad regulator.
    Should water follow the NERC CIP model as recommended by AWWA?
    How Patrick is dealing with AI.
     
    Links
    Ampyx Cyber: https://ampyxcyber.com
    Patrick’s Critical Assets Podcast: https://amperesec.com/podcast
    Subscribe to Dale’s ICS Security Friday News & Notes: https://friday.dale-peterson.com/signup
    Advertise on Unsolicited Response: https://dale-peterson.com/advertising/ 
     

    • 46 min
    Book Interview: Introduction To SBOM And VEX

    Book Interview: Introduction To SBOM And VEX

    • 59 min
    S4x24 Closing Panel

    S4x24 Closing Panel

    • 36 min
    Q1: ICS Security In Review

    Q1: ICS Security In Review

    Emma Stewart joins Dale to discuss the 3 big OT & ICS security stories from the first quarter. They end by giving their win, fail and prediction for Q1.

    • 49 min

Customer Reviews

4.9 out of 5
14 Ratings

14 Ratings

obacker19 ,

Entertaining, insightful and actionable! 👏

Whether you’re well established as a cyber security innovator, or just getting started carving out your niche - this is a must-listen podcast for you! Dale does an incredible job leading conversations that cover a huge breadth of topics related to the ins and outs of building a thriving career in the InfoSec industry, and life you can be proud of - from leaders who’ve actually experienced success themselves. Highly recommend listening and subscribing!

daniel shugrue ,

Helpful Material and Discussion on ICS Security

Dale has a great voice for radio and his production quality is excellent. The content is, IMHO, the best out there as far describing and debating the state of ICS security and where we need to go next.

@rdecker99 ,

Solid content

Thoughtful conversations with knowlegeable people about the state of ICS security today and where it's heading.

Top Podcasts In Technology

Acquired
Ben Gilbert and David Rosenthal
All-In with Chamath, Jason, Sacks & Friedberg
All-In Podcast, LLC
Search Engine
PJ Vogt, Audacy, Jigsaw
Lex Fridman Podcast
Lex Fridman
Hard Fork
The New York Times
TED Radio Hour
NPR

You Might Also Like

The Industrial Security Podcast
PI Media
Click Here
Recorded Future News
Darknet Diaries
Jack Rhysider
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
Risky Business
Patrick Gray
Control Loop: The OT Cybersecurity Podcast
N2K Networks