Hack the Plant

I’m joined by Jesse Whaley, the Chief Information Security Officer at Amtrak, for this episode of Hack the Plant.  Amtrak is  the nation's largest passenger rail service provider and one of the most complex and critical transportation systems in the world. We discuss what it takes to oversee Amtrak’s digital assets and infrastructure, and what it takes to keep them secure. “The company had a safety culture. Before every meeting before every job site that workers went out to on the railroad to do work. They did safety briefings … I got alignment on hey, this should be our standard company safety and security briefing, but with a whole pillar of safety as being cybersecurity. Since I did that, before every meeting, before every crew goes out to a job site, before every activity, there is a safety and security briefing, and it follows this essential template which highlights and reinforces cybersecurity.”We also cover the impressive talent pipeline and  team and workforce development programs Jesse put into place to staff Amtrak’s cybersecurity efforts. Join us to learn more.

I’m joined by Dan Ricci, founder of the ICS Advisory Project, for this episode of Hack the Plant.The ICS Advisory Project is a free, open-source platform that helps asset owners across 16 critical infrastructure sectors stay secure by identifying threats in their environments.“I saw a gap in the community. There's good data that's coming at us…but no one did anything to take and make that data more digestible through visualization. So I decided, okay, well, I'm just going to do it now. I’m going to take the the data that I have been cleaning up and monitoring for like the past two years, and I'm going to put it together and visualize it, trying to build a tool that's more practical and usable by that asset owner, who may not have a cybersecurity background.”We discuss how data visualization translates into more accessible information for the ICS operators on the ground who need the information - and how the data in the platform is maintained.Join us for an interesting - if technical - discussion about how data from CISA and other agencies can be utilized by asset owners through ICS Advisory’s platform.

Jason Healey, Senior Research Scholar at Columbia University’s School for International and Public Affairs, discusses 25 years of White House cyber policies, the evolving nature of threats, heavy-handed regulations on critical infrastructure, and the shift of cybersecurity responsibility. They also explore collaboration between the technical and policy communities and ideal changes to the internet and cybersecurity.

I’m joined by David Patrick Emmerich, the Principal Cyber-Physical Range Architect at the University of Illinois, for this episode of Hack the Plant. We’re here today to talk about RADICS, a DARPA project. RADICS stands for Rapid Attack Detection, Isolation and Characterization Systems.  We discuss David’s role in building automated data collection and set up simulations and testing, and how the process of doing vulnerability discovery for physical assets helps asset owners.“  ‘These are ways that an attacker could get around it.’ ‘These are where your blind spots might be’ … We help them understand that so that they can better improve the security of their systems. Or go back to their boards or their management and say ‘these are the tools we need’ or ‘this is the equipment we need and this is why we need it to better improve our security posture.’ Their systems are already critical, but as they become even more critical.”  We delve into challenges of securing operational technology (OT) for asset owners, different kinds of threats they face, and more technical projects that RADICS ignited.Join us for an interesting - if technical - discussion to learn more about how physical systems interact with data to support real-time threat response.

For today’s episode, I’m joined by Lesley Carhart. Lesley is the Director of Incident Response for North America at the industrial cybersecurity company Dragos, Inc. She leads incident response and proactively hunts for threats in customers’ ICS environments. Lesley was the incident response team lead at Motorola Solutions, and retired from the United States Air Force. Today, we dive into the kinds of active threats out there that incident response deals with:“We see insider cases, both intentional and unintentional insider cases. We see a lot of crime ware. So crime actors are getting smarter about where they're doing things like ransomware attacks. They're less haphazard. There's probably less overall attacks now, but they're more smartly performed. So they're targeting more critical industries. They are targeting people who they think will have to pay…And then there's still adversary groups who are more state style, who are building their capabilities to launch attacks in the future. And conducting espionage, preparing to do sabotage. And that's still happening and they're getting better at it.” - Lesley CarhartWe explore the challenges of securing operational technology (OT) for asset owners, different kinds of threats, and the process of doing vulnerability discovery for these physical assets.What do asset owners in critical infrastructure need to secure in the first place - and why is this so challenging to stay on top of? What kind of incident response plan is needed for OT in an industrial environment? Join us to learn more. 

For today’s episode, I’m joined by Zach Tudor, the Associate Laboratory Director at Idaho National Laboratory (INL). INL is a Department of Energy national laboratory, is the nation's leading center for nuclear energy research and development. Zach is responsible for INL’s Nuclear Nonproliferation, Critical Infrastructure Protection and Defense Systems missions.We discuss how INL partners with the private sector to test challenges to critical infrastructure, and the cutting edge work INL is doing to secure the next generation of critical infrastructure."Honeywell has been one of the big players that has been working with us for quite a while. And Hitashi. Schneider Electric.  They will provide us some of their systems that are critical in energy critical infrastructure, industrial control systems, and we will tear it down in a methodological process that we have developed here…[to] start building an understanding of where the risks are and the supply chain of our critical energy infrastructure." - Zach TudorOther topics we cover: What work is INL doing to secure the next generation of critical infrastructure?  How can we make our critical infrastructure systems more resilient?  How is data security managed with emerging technologies such as 5G, or self-driving cars? What strategies should the government and private industry use to categorize risk and mitigate it in a way that actually has measurable impact?   Join us to learn more.

 “One of my favorite topics is disaster resilience. We do quite a bit of work on what mutual assistance looks like and how to improve mutual assistance, how to rebuild systems once they've been hit by something terrible. My more recent interesting example was when a tornado had gone through a co-op and they were looking for what to do when their data server was just plain missing. It was Dorothy essentially over to somewhere else and they were asking us: Is it a data breach?” - Emma Stewart  For today's episode, I'm joined by Emma Stewart, Ph.D., Chief Scientist at the  National Rural Electric Cooperative Association (NRECA). Electric coops are local, member-owned providers of affordable, reliable power. We discuss Dr. Stewart’s work supporting these co-ops in research, incident response, and managing the growing threat of ransomware attacks. What role do these electric co-ops play in our national energy supply? What core challenges do they have in staying resilient? Join us to learn more.

“What's been most concerning is the rise of wiper malware. Threat actors are no longer interested in hey we're going to lock up all of your data. We're going to encrypt everything and force you to pay a ransom and then maybe give you the decryption key. Now with wiper malware they're just completely wiping it. … This year there's been a total of 5 wiper malwares that has been targeting critical infrastructure. So I think everyone should be very aware of that.” -Roya Gordon For today's episode, I'm joined by Roya Gordon and Danielle Jablanski of Nozomi Networks, a firm that does inventory and situational awareness for operational technology industrial control systems. We discuss Nozomi’s research, the key kinds of threat intelligence globally, and the kinds of regulation  that are needed in today’s landscape of emerging threats to critical infrastructure. What emerging kinds of cyber attacks are the most troublesome? Join us to learn more.

“Agriculture and cybersecurity has just run under the radar. We're talking about something that's one fifth of the us economy right? This is this is a huge deal here in the US, and globally as well …  We can begin get the right expertise and collateral assembled so we're not the next ransomware victim or we have enough resiliency built into our operations that if we get we get hit and we get smoked our recovery will be easier and our our financial losses will be minimized.”  - Joe MarshallIn this episode of Hack the Plant, I’m joined by Joe Marshall, a security researcher for the Outreach Team at Cisco Talos, one of the largest commercial threat intelligence teams in the world. We discuss his work on cyber threats to agriculture, an industry which doesn’t have much information or training on cyber threat levels - and the likely cascading effects of the war in Ukraine for agricultural supply and food security worldwide. Join us to learn more.

“Most industrial economies only consume about 20% our total end use energy in the form of electricity. The rest, we consume by basically combusting fossil fuel … You could get all of your electricity from wind and solar and you've still only solved 20% of your carbon problem. A lot of the investments we've made at Energy Impact Partners are actually in electrification. Basically electrifying all that stuff that today is fueled directly by fossil fuel but in the future could be fueled by electricity.” - Andy LubershaneIn this episode of Hack the Plant, I’m joined by Andy Lubershane, Director of Research for Energy Impact Partners (EIP), a venture investment firm founded by a coalition of electricity and gas utilities. We discuss how energy companies themselves accelerate investments in clean energy such as electric, wind, and solar technologies - and the threats and challenges to this innovation from a cybersecurity perspective. Join us to learn more.