Cyber Senate Podcast

Investing in Cybersecurity: The ROI Dilemma

Tue, 17 Dec 2024 08:00:00 +0000

In this conversation, David Raviv interviews Jamison Nesbitt, who shares insights from his extensive experience in cybersecurity and event management. They discuss the importance of events for information sharing among C-level executives, the challenges posed by ransomware and supply chain issues, and the role of regulation in ensuring accountability in critical infrastructure.

Jamison emphasizes that collaboration and content-driven discussions are key to successful events, while also highlighting the need for organizations to be proactive in their cybersecurity measures. In this conversation, David Raviv and Jamison discuss the complexities of data privacy regulations like GDPR, the challenges of balancing airline costs with regulatory compliance, and the importance of cybersecurity investment. T

hey explore the role of AI in cybersecurity, emphasizing the need for responsible use and the human element in innovation. The discussion also highlights the significance of engaging with cybersecurity events and communities to foster collaboration and awareness in critical infrastructure sectors.

Next Cyber Senate events can be found at www.cybersenate.com

Mapping Regulatory Framework with Cybersecurity for Railways short interview European Union Agency for Railways

Fri, 03 May 2024 11:00:00 +0100

ERTMS Unit Project Officer for European Union Agency for Railways discusses Cybersecurity with Cyber Senate at the 10th annual Rail Cybersecurity UK EU conference in London 2024. Learn more at www.railcybersecurity.com or www.cybersenate.com
#railcybersecurity

NIS 2 legistlation and Supply Chain Risk Management for Railways interview with NS Rail Deputy CISO

Fri, 03 May 2024 11:00:00 +0100

A interview with Joseph Mager, Deputy CISO, NS Cybersecurity for NS Rail Netherlands. This interview took place at the Cyber Senate Rail Cybersecurity UK EU Summit in London 2024. www.railcybersecurity.com or www.cybersenate.com
Two main topics that rail sector professionals consider their biggest challenges:
NIS 2 legistlation and Supply Chain Risk Management

We hope you enjoy this interview as much as we did working with NS Rail.

Securing and Simplifying Privileged Remote Operations in the Rail Industry interview with Cyolo

Fri, 03 May 2024 10:00:00 +0100

Cyolo recently presented at the Rail Cybersecurity UK EU conference 2024 in London. Their presentation was highly valued, "Securing and Simplifying Privileged Remote Operations in the Rail Industry"
In this interview they discuss why their solution is a great fit for the rail sector.
Their presentation touched on the following points:

Understand how traditional IT remote access and PAM solutions cannot effectively secure operational technology environments
Learn from the experience of other industry peers in CNI and manufacturing how best to provide simplified yet secure remote access
Understand how best of breed Remote Privileged Remote Access does not require the cloud
Understand the challenges being faced by Critical National Infrastructure providers securing access to privileged environments

Cracking the code for cybersecurity with Siemens Mobility for the Rail Cybersecurity UK EU conference with Cyber Senate

Fri, 03 May 2024 10:00:00 +0100

Cracking the code for cybersecurity, interview from the Rail Cybersecurity UK EU 10th annual conference, with Johannes Emmelheinz, CEO Siemens Mobility Customer Services

Cracking the code for cybersecurity

Legislation, such as NIS2, the Cyber Resilience Act and other national cyber regulation, require cybersecurity to be sustained actively by the rail industry.

This challenge must be managed by suppliers, integrators and operators jointly with automated, coordinated work processes which are supported by tools adapted to the assets.

The presentation will provide an overview of Siemens Mobility's comprehensive approach to increase the resilience of its customers.

Presented through practical examples such as cloud security, vulnerability monitoring and management with decision support for the operators, security monitoring and incident response.

Rail Cybersecurity with DB Regio AG

Fri, 03 May 2024 10:00:00 +0100

Cyber Senate had the privilige of having Dr. Andreas Hamprecht, CIO/CDO DB Regio AG join us as a presenter and speaker at the Rail Cybersecurity UK EU conference in London 2024. Here is an extract of an interview our team did with him at the event. We hope you enjoy his insight as much as we enjoyed hearing it and working with him.

What is it about Operational Technology that makes overcoming the fundamentals so difficult to achieve?

Tue, 06 Dec 2022 16:00:00 +0000

As defenders, how are we implementing controls and how do we do it better? Join Jamison Nesbitt and Stefan Liversage for this educational, thought provoking and controversial conversation.

The fundamentals are simple; patching, segmentation, malware controls, visibility – but what we are trying to achieve is no easy feat when you look to dismantle more than 20 years of ad hoc OT security measures as there is still risk during the implementation phase.

Key points to be discussed:

Technical controls / process and people
Poor visibility (automation)
Organisational structure to support OT
Manage risk faster
Contain threats quicker
Minimise impact
Green field vs brown field
Skills from the ground up
Managed services
Managing multiple streams of activity
Iterative, agile process, we learn, we move forward
Rapid threat containment

The Checks and Balances for Cybersecurity Readiness

Thu, 25 Aug 2022 08:00:00 +0100

Cyber Senate had the privilege of catching up with Willi Nelson, CISO, Operational Technologies, Fortinet to discuss their forthcoming presentation on Cyber Preparedness September 29-30th in Celebration Florida, for the 9th annual Control System Cybersecurity USA conference.

Large or small, cyberattacks are making headlines and elevating executive attention toward cyber resiliency. Preparing for, responding to and recovering from cyberattacks should be a strategic part of any business continuity plan. As recent cyberattacks have demonstrated increased risk to both IT and operational technology (OT) environments, readiness equates to enforcement of rules and policies that provide the visibility, control and situational awareness to respond at the speed of business. Cybercriminals are maximizing their opportunity by exploiting older vulnerabilities and an expanding attack surface. Strategic readiness should be underpinned with the notion that eventually an attack will happen, and when it occurs, you are proactively ready to respond. During this session, we will explore security considerations for developing cyber resilience covering security fundamentals and readiness planning to protect your IT and OT environments.

Willi joined Fortinet as the CISO for Operational Technology in August 2022. He brings more than 25 years of experience in Information Security working across industry verticals such as Healthcare, Telecom, Financials, Manufacturing, and Life Sciences. Most recently with GlaxoSmithKline (GSK), he established and directed the Global OT Infrastructure Security team charged with monitoring and protecting the OT assets for GSK. Globally, the team deployed 43 additional controls across the OT landscape assessed against NIST CSF and aligned business units to embrace a unified model for security, incident response, and risk reporting. During Willi’s tenure, he also oversaw the creation of the Security Organization and the Global Cyber Defense team for GSK’s Consumer Health startup (now called Haleon). Beyond building and leading the OT and Consumer Health security teams, he led the security team responsible for Cloud transformation for both IT and OT. Willi relies on a pragmatic and systematic approach to achieve company goals while also maturing the organizations and teams he leads.

Willi is a graduate of Rockhurst University in Kansas City, MO, USA and holds a CISSP (Certified Information Security Professional) certification in good standing. Willi lives in NW Arkansas with his family. He’s an avid outdoorsman, cyclist, woodworker, and veteran.

Sustainable Cybersecurity over the Complete Life-Cycle for Rail

Wed, 20 Jan 2021 10:00:00 +0000

Cyber Senate discuss 'Sustainable Cybersecurity over the Complete Life-Cycle for Rail' with Christian Paulsen, Product and Solution Security Officer at Siemens, sponsors of the Rail Cybersecurity USA conference February 9/10th online.
www.railcybersecurityusa.com

Christian drives protecting Mobility portfolio elements against cyber threats. With more than 20 years of experience in rail and utility business he understands the needs of transport customers managing cybersecurity risks along the complete lifecycle of their assets. His background in telecommunication, SCADA and security systems as well as process and project management helped him defining the governance and guidance standards applicable throughout Siemens Mobility.

Christian is Chair of the Cybersecurity group of the European Rail Industry and active with the European Rail ISAC.

Christian's presentation on February 9th:

The advance and benefits of digitalization in the transport sector and the related need for cybersecurity is undisputed. Operators face new threats and new laws and define new requirements for cybersecurity. These requirements not only take technical implementations into consideration, but also processes and the inclusion of all internal and external stakeholders along the lifecycle of a transportation system. In the presentation our expert gives you an overview over communalities and differences in approaching cyber risk management worldwide. He will share best practices and actionable approaches to secure the rail operation and assets.

Supply Chain Cybersecurity Cyber Senate Control Systems Podcast with Industrial Defender

Tue, 19 Jan 2021 08:00:00 +0000

Supply Chain Cybersecurity Cyber Senate Control Systems Podcast with Industrial Defender.

Cyber Senate were pleased to catch up with Jeremy Morgan, Principal Risk and Solutions Consultant at Industrial Defender to discuss the panel theme "Supply Chain Cybersecurity" that will take place March 29-31st online for the Cyber Senate Control Systems Cybersecurity Conference 2021 EST. www.industrialcontrolcybersecusa.com
In his role at Industrial Defender, Jeremy helps ICS asset owners build a strong foundation to apply security controls in OT environments. With a diverse career spanning compliance management at a utility to cybersecurity product management for a major OEM, Jeremy has over 20 years’ experience in IT and OT cybersecurity.

You can learn more about Industrial Defender at https://industrialcontrolcybersecusa.com/virtualeventsponsors

Panel: Supply Chain Risk and Maturity

30-03-2021, 15:30 - 16:10

Supply Chain Cyber Security is taking center stage and is our biggest risk.
-Are we identifying risk in the supply chain?
-How are we doing this and if not how can we improve?
-Information Sharing on supply chain threats, common practices, challenges and ways we can improve
-How can we more effectively build trust with our suppliers and industry peers?
-How can we better communicate supply chain risk?
-Sourcing and Procurement - how can we better communicate cyber risk contractually and move away from the 'break and fix' model with our suppliers
-Lets look closer at how vendors, infosec leaders and engineering are working -together in ensuring security of OT products

Threat Intelligence Panel Cyber Senate Industrial Control Cybersecurity Europe

Fri, 06 Nov 2020 13:00:00 +0000

•Building a Framework and the 4 why's and How

•Identifying critical assets

•What are we seeing, day to day

•Understanding your tools and user awareness

•Identifying risk prior to stopping threats

•APT Education

Panellists include

Noureen Njoroge

CISCO
Cybersecurity Threat Intel Engineer
(now Director of Global Cyber Threat Intelligence at Nike)

Jacob Benjamin, PhD

Dragos
Principal Industrial Consultant

Panel Session ICS Europe 2020 CIA vs. Reliability and Safety

Fri, 06 Nov 2020 12:00:00 +0000

Panel: “CIA” – confidentiality, integrity, and availability versus Safety and Reliability"

James Nesbitt Cyber Senate Director
Guido Villacis EDF Technical Client Organisation I&C Cyber Security Lead, PWR Technology
George Bearfield Rock Rail Health & Safety Director
Michael H Firstenberg Waterfall Security Solutions Director of Industrial Security
Andreas Klien OMICRON electronics GmbH Head of Business Development Power Utility Communication

Maersk Cyber Senate Fire Side Chat 7th annual ICS CyberSec Europe 2020

Fri, 06 Nov 2020 12:00:00 +0000

Digital Transformation, Automating OT: Our Biggest Challenges
Andy Powell Maersk Chief Information Security Officer

Discussion includes:
Instrument OT
Automation of Process
Controlling Device Identities

Industrial Control Cybersecurity: A discussion "Confidentiality, integrity, and availability versus Safety and Reliability"

Mon, 12 Oct 2020 16:00:00 +0100

Cyber Senate discusses confidentiality, integrity, and availability versus Safety and Reliability with Michael Firstenberg, Waterfall Security Solution's Director of Industrial Security. Mr Firstenberg will be moderating and contribution to a Panel Discussion on November 4th with the Cyber Senate for the 7th annual Industrial Control Cybersecurity Europe online conference 2020.

Mike Firstenberg is the Director of Industrial Security for Waterfall Security. Mike brings almost two decades of experience in Control System Security, specializing in Control System Cyber Security. With a proven track record as a hands-on engineer - researching, designing, and implementing strategic security solutions, Mike has an established background working with governmental institutions, regulatory authorities, and industrial utilities. The former chair of the American Water SCADA Council, Mike studied Computer Science, Chemical Engineering, and Mathematics at the University of Pennsylvania, and has served as a speaker and panelist at numerous conferences and events.

Waterfall Security Solutions is the global leader in industrial cybersecurity, protecting critical industrial networks since 2007. Our mission is to revolutionize how entire industries protect physical assets and industrial processes from cyber attacks. Waterfall’s patented, unidirectional products enable safe IT/OT integration, remote monitoring and diagnostics, cloud connectivity and tamper-proof forensics, without the vulnerabilities that always accompany firewalled connectivity.

The company’s growing list of customers includes national critical infrastructures and utilities, power plants, nuclear plants, water and wastewater systems, offshore platforms, refineries, pipelines, pharmaceutical, chemical and manufacturing plants, and many more. Deployed world-wide, Waterfall products support the widest range of industrial and remote monitoring platforms, applications, databases and protocols in the market.

As a global leader in industrial control system security, Waterfall contributes routinely to national and international standards, best practice guidance and control system security educational programs. As a result, our products are widely recognized as simplifying compliance with security regulations, standards and best practices. https://www.waterfall-security.com

Security Monitoring Cloud Infrastructure for the Rail Sector

Thu, 25 Jun 2020 12:00:00 +0100

The digitisation of the rail sector continues to evolve at an unprecedented rate, as innovation and the implementation of new technologies to enhance services and customer experiences hail in a new era of connected rail travel. Whilst digitisation improves efficiencies, it also extends the attack surface for cyber security incidents across the enterprise.

Cloud computing technology is a key business driver, enabling the sharing of railway information resources, improving the capacity of information processing. However, cloud security monitoring remains a barrier to the full realisation of Cloud’s capability. Deploying security monitoring tools, virtualisation and configuration of event management tools in dynamic environments are just a few of the challenges rail security professionals are grappling with on a daily basis, as well as how security information is shared and how we effectively collaborate within a shared infrastructure.

Join the Cyber Senate as we dive deeper into the key discussion on Security Monitoring for Cloud Services, as we address best practices in ensuring the confidentiality, integrity and availability of cloud computing for the rail network.

You can join our Rail Cyber Security SME Group here

Areas of discussion include:

How can we gain full visibility to monitor for potential security flaws and vulnerabilities in a multi-tenant architecture?
How can we gain strict controls over data at all endpoints?
How can we better identify patterns and pinpoint potential security vulnerabilities?
Reliability and performance: How can we ensure it is not impacted by security?
A look at Cloud-wide intrusion and anomaly detection systems
Security monitoring collaboration
How can we provide more timely information on attacks, vulnerabilities and incident

Achieving IEC 62443-3-3 Security Level 3 for Rail Automation Systems

Fri, 13 Dec 2019 13:00:00 +0000

The Cyber Senate interviews Markus Alexander Wischy Hernandez, Head of R&D IT Security at Siemens Mobility, about their forthcoming presentation for the 5th annual Rail Cyber Security Summit in London February 18/19th 2020. The presentation is entitled "Achieving IEC 62443-3-3 Security Level 3 for Rail Automation Systems."

The talk will focus on the strategy achieving IEC 62443-3-3 Security Level 3 compliance for a country-wide, fully digitalized rail automation system. Topics are the current status of standardization, the required central security services and outlook for the protocols required to achieve interoperability. Additionally, the application of this strategy in a large rail-automation infrastructure project is presented at the conference.

This topic would bring together various points:

· Technical security systems and communication protocols

· Standardization, also aiming at the work that is currently done within Shift2Rail IT-Sec Working Group and an overall move of the sector to IEC 62443 compliance.

Markus Alexander Wischy Hernandez Siemens Mobility

For more information visit www.railcybersecurity.com

Industry 4.0: Cyber Securing Legacy Systems across the Business

Sun, 04 Aug 2019 09:48:14 +0100

Podcast: Cyber Senate Podcast
Episode: Industry 4.0: Cyber Securing Legacy Systems across the Business
Episode pub date: 2019-08-01

Cyber Senate discusses Industry 4.0: Cyber Securing Legacy Systems across the Business with Andrew Kling, Director Cybersecurity and Software Practices, Schneider Electric. Andrew has been one of our guest speakers on our Industrial Control Cybersecurity USA conference for several years and brings a wealth of information to our community of subject matter experts.
In this podcast, Cyber Senate and Andrew Kling dive deeper into the new ISA Global Strategic Alliance and what the means for the industry, supply chain and IoT cybersecurity, the transfer of risk across global businesses and how our perception and culture are changing to mitigate evolving cyber threats.

The podcast and artwork embedded on this page are from James Nesbitt, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

More Than Turbulence - Aviation Software Vulnerabilities & Exploitation Podcast with Cyber Senate and Chris Kubecka CEO of Hypasec

Thu, 11 Jul 2019 15:00:00 +0100

The Cyber Senate welcome special guest, Chris Kubeck, CEO of Hypasec, who will be speaking on our 3rd annual Aviation Cybersecurity Summit in London on November 5/th and 6th. www.aviationcybersec.com
Her presentation: More Than Turbulence- Aviation Software Vulnerabilities & Exploitation

Introductions to the challenges of modern aviation and technology
Maintenance and asset management
FAA requirements and recalls

-Weaknesses in exposure of various parts databases
- Lack of required security testing by FAA on maintenance software

Software utilized in a modern airframe

-Explanation of what types of software is in use on both planes and weight balancing

Buffer overflows, the FAA requires memory checks to ensure they stay within hardware operating parameters. But, no full boundary checks.
Explanation of current challenges: F35a has buffer overflow issues requiring a manual reboot of the flight computer, in-flight
Gate logic doesn't equal good code or secure code: explanation of how the software is written whilst pointing out memory leaks, incompatibility with ease of patching unless substantial downtime (except the 787) and the lack of any security testing for any aviation software on a plane.
Exposure of various airframe manufacturer systems.
Exposure of various airport ticketing and maintenance systems