Risk Matters X.0 Podcast
Cybersecurity Awareness Month
[Mini-Episode] 88% of Boards of Directors view cybersecurity as a business risk— so why are budgets for industrial cybersecurity so scarce? Funding is often an issue because cybersecurity for Operational Technology (OT) environments is a relatively new idea brought on by the rapid IT-OT convergence.
[Mini-Episode] Do Information Technology (IT) and Operational Technology (OT) environments have anything in common? While some cybersecurity professionals may answer yes, the reality is that IT and OT are two separate worlds with vastly different priorities.
[Mini-Episode] What does cybersecurity mean to your company? In this mini-episode, we explore how different functions in industrial organizations perceive cyber risks From the board of directors to the team on the plant floor, the idea of OT cybersecurity and how to successfully implement it varies greatly.
[Mini-Episode] Is Ransomeware the Biggest Threat to OT? In this Cybersecurity Awareness Month mini-episode, Ian Bramson, Global Head of Industrial Cybersecurity, and Dennis Hackney, Solutions Development Director of Industrial Cybersecurity Services, discuss the specifics of what ransomware is and the difference between how it impacts IT environments and Operational Technology (OT) environments.
Episode 17: OT Cybersecurity - What Now? What Next?: When it comes to cyber targets, critical infrastructure remains in the line of fire. Furthermore, the attacks against them continue to develop in complexity with each strike, leaving operational technology (OT) and IT controls extremely vulnerable. This is especially true for the oil and gas space, which has been exposed to several organized crime syndicates in recent years. So, what’s next for your security infrastructure in combating these cyber attacks?
Join host Ian Bramson, Global Head of Industrial Cybersecurity, Jim Linn, CIO of American Gas Association and Executive Director for DNG-ISAC, and Rock Lambros, Cybersecurity Leader and CEO for RockCyber, to explore next steps for addressing your OT cybersecurity.
Episode 16: Lights On, Threats Off - Navigating Cybersecurity in the Power Industry: Cyber attackers know exactly what essential services can cripple us. Recent attacks on critical infrastructure have forced the power industry to take a step back and precariously assess its OT and IT controls. As the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards continue evolving to address today’s threats the heavy question remains: Is it enough?
Join host Ian Bramson, Global Head of Industrial Cybersecurity, Dr. Dennis Hackney, Head of Cybersecurity Services Development and Michiko Sell, NERC CIP Services Supervisor at NAES Corporation, to explore how the regulatory environment is changing industry-wide and what role industrial cybersecurity plays in providing an essential layer of protection when implementing NERC CIP compliance services.
Episode 15: The Cyber-Physical World: A New Battleground for Industrial Operations: As cyber attacks on industrial operations and critical infrastructures continue to rise, so do the devastating real-world impacts. Criminals are no longer simply stealing data; their goal is to disrupt and control core operations. This translates into what is now known as the cyber-physical world. From influencing the flow of oil and the functions of machinery to manipulating the navigation of vessels, the risk to OT environments is vast.
Host Ian Bramson explores the question of how you can fight back on this new and ever-changing battleground. Listen as top industry experts George Daglas, Chief Operating Officer at Obrela; Dimitris Strevinas, Chief Technology Officer at Obrela; Christos Kapodistrias, IT Manager at Neptune Lines; and Grigoris Floutsakos, Data Protection Officer at WIND Hellas, provide key insights, including how you can move beyond fear-driven tactics to safeguard your organization.
Episode 14: Inspiring Women in STEM: Three Powerful Career Perspectives: What does a career in STEM look like and how can we encourage more women to pursue this path? Follow along with our guests, Sheila Boyington, President of Thinking Media/Learning Blade; Marcia Lee, Business Development Manager of Industrial Cybersecurity at ABS Group; and Hannah Waldron, Graduate Process Safety Engineer at ABS Group, as they discuss the experiences that shaped their lives, ultimately leading them to their current careers and goals, including how they plan to help young girls bridge the gender gap and gain the confidence they need to thrive in STEM.
Episode 13: The Casualties of Cyber War: Exploring the Colonial Pipeline Shutdown: If a cyber attack can take down an entire pipeline, what's next? As news from the recent attack on Colonial Pipeline continues to develop, private and public companies, the U.S. government and the nation continue to question the dangerous implications behind our critical infrastructure lacking the proper cybersecurity. Join host Ian Bramson, Global Head of Cybersecurity, Dr. Dennis Hackney, Head of Cybersecurity Services Development and Kyriakos "Rock" Lambros, cyber expert and CEO and Founder of RockCyber, LLC, as they dive into the minds of cybercriminals like DarkSide and discuss how this historic event will impact industrial operations and new cyber regulations moving forward.
Episode 12: Wärtsilä Part III - Cyber in the Supply Chain - When Things Go Wrong: Cyber incidents go from 0 to 100 in the blink of an eye. The recent cyber attack on Colonial Pipeline, one of the nation's largest fuel pipelines, highlights this callous reality. With nearly half of the East Coast's fuel supply disrupted, the conversation of protecting critical infrastructure is at the forefront of The White House Administration. Join our discussion with Wärtsilä as we talk about preceding real-life OT cyber incidents that have gone wrong.
Host Ian Bramson asks tough questions regarding the vulnerability of supply chains and debunks the "air gap" myth surrounding OT environments that claims limited access equates to cyber safety. Listen as Wärtsilä's industry experts Päivi Brunou, Head of Cyber Security, Technology Voyage; Matti Suominen, Head of Product Incident Response; and Paul Ward, Director of Cyber Strategy explore supply chain risk management, the common red flags that have emerged from heightened connectivity and how organizations can increase their cyber maturity.
Episode 11: Wärtsilä Part II - Protecting Industrial Cyber Ecosystems: A system is only as secure as its weakest point. In this episode, we discuss cyber ecosystems with Wärtsilä, examining the advantages and vulnerabilities that support connectivity. "The ecosystem in the marine environment is a very populated space," says Eric Schreiber, General Manager for New Technologies at Wärtsilä. "There are a lot of hands in the pot, and not everyone has cybersecurity expertise." "There are a million things that can be taken into account when you are operating your vessel, and those come from IT and OT systems that expand far beyond the vessel ecosystem," adds Christopher Stein, Cybersecurity Expert at Wärtsilä.
Episode 10: Wärtsilä Part I - Cyber in the Digital Age: Let's talk digitalization and cyber risk. In this episode, we welcome Wärtsilä to discuss increasing connectivity as a major concern for cybersecurity in the digital age. "We are already living in this digital, ultra-connected world and times. After 2020, we'll be even more connected and doing activities even more remotely. There are already discussions about 'zero trust' in the OT industry, and 'what about 5G,' and all the upcoming new technologies," says Päivi Brunou, General Manager of Cybersecurity at Wärtsilä Voyage. "I think the greatest hurdle is human behavior, having everyone understand the importance of what is needed to make the asset secure," adds Eric Schreiber, General Manager for New Technologies at Wärtsilä. Listen now to a leading OEM's perspective.
Episode 9: Cyber Risk Series - From the Hacker's Point of View: What does cybersecurity look like from the opposition's point of view? With a long background in pen-testing and extensive experience in security research and programming, Weston Hecker is a professional "white hat" hacker at Mission Secure, a firm focused on control system cybersecurity. He is currently working on a major university research project with the Department of Homeland Security on 911 emergency systems and attack mitigation. In this episode, Weston shares insights into hacking oil rigs and how he's found cyber vulnerabilities in popular software and firmware systems from some of the world's leading technology companies. Listen and learn why organizations working in the offshore oil and gas and maritime sectors must confront cyber as a growing threat to operations.
Episode 8: Cyber Risk Series - Hacking the Ship: 20 to 30 seconds. That's how long it takes cyber professional Ewan Robinson of Yangosat, a UK-based satellite communications supplier, to hack into your ship. "It's still very easy—the systems are still exposed. That's one of the things we're trying to bring to people, [the awareness of] just how exposed they are without knowing it." "No system is an island," adds host and cybersecurity executive Ian Bramson. Robinson is a white hat hacker, an ethical computer hacker who understands how easy it is to access a vessel's communications systems and disable, disrupt and potentially destroy your shipping operations. Listen now as we discuss the imminent threat of hacking maritime vessels.
Episode 7: Catastrophic Risk Series - Beirut Explosion : How have major industrial incidents, transportation accidents, terrorist attacks and natural disasters changed our understanding of risk? The ammonium nitrate explosion (AN) in Beirut, Lebanon, has brought recent public awareness to this topic. In the first installment of our Catastrophic Risk Series, host Matt Mowrer seeks answers from ABS Group's Extreme Loads and Structural Risk division, which tests blast effects to understand how we can make buildings safer and more resilient to withstand disasters. Incident investigators Darrell Barker and Ben Harrison share what we know about AN and what we can learn from catastrophic incidents to improve awareness and better manage risk.
Episode 6: Cyber Risk Series - Superyachts: High ROI Targets for Hackers: Sleek showstoppers at sea, superyachts are privately owned luxury vessels with the latest and most advanced technology systems, making them a prime target for cyber attackers to exploit. In this episode, Ian Bramson takes a closer look at this unique cyber environment with experts from luxury technology provider Van Berge Henegouwen (VBH) and its cyber partner, Atlas Cybersecurity. Listen now to Goran Antonijevic, Business Development Manager at VBH, and Ben Dynkin, co-founder of Atlas Cybersecurity, share their insights on superyacht cyber risk.
Episode 5: Government Series - COVID-19 Business and Legal Issues with Reed Smith: What is a business's responsibility for the general health and safety of its employees? Matt Mowrer, director of the Product Development and Innovation Center at ABS Group, talks with labor and employment partner Mike Correll from Reed Smith about COVID-19 business and legal issues. As organizations return to work spaces, "there's going to be litigation about people who get sick, and there's going to be much more dangerous litigation about a failure to take appropriate steps after someone gets sick," Correll says.
Episode 4: Cyber Risk Series - American Institute of Marine Underwriters: "The best loss is the loss that never occurs – whether that is a cyber incident or traditional marine peril-based loss like a grounding or collision. Premiums reflect loss experience, so with fewer losses you're going to pay a lower premium." - John Miklus, President of American Institute of Marine Underwriters (AIMU). Is cyber risk covered in your marine insurance plan? How does the insurance industry define cyber risk? Listen as Ian Bramson, global head of Cyber Security, talks cyber in the insurance space with AIMU's President.
Episode 3: Cyber Risk Series - Emergency Response and Facility Security Perspectives: "In emergency management, does cyber security have a role? Absolutely. The real question is will you realize it soon enough before you have an emergency inside of your emergency." After responding to eight major Gulf Coast hurricanes together as facility security officers, Bryan Markland of Lucite International shares current cyber insights with intelligence professional and veteran Brian Shajari, a cyber security assessor at ABS Group. Revisit our first episode to hear how the government is responding to cyber risk.
Episode 2: Government Series - Risk Perception and COVID-19 Impact: Let's talk 'Risk Perception' as we confront COVID-19. Go behind-the-scenes to understand how risk professionals look at public safety threats using real-life data to debunk common fears. "Our goal is to provide objective data about risk to decision-makers...so if I come across as callous in this discussion, it's just part of it," - Restart Risk Model developer Matt Mowrer speaks to host Jake Stenzler, who leads a team of safety and risk analysts working closely with the U.S. Department of Homeland Security, FEMA and the Coast Guard.
Episode 1: Cyber Risk Series - United States Coast Guard: Let's talk 'cyber risk.' What is it and what does the threat landscape look like today? Host Ian Bramson, head of cyber security at ABS Group, takes on a topic that's created a lot of confusion over the last 20 years. In this episode, he sits down with Lieutenant Commander Sarah Brennan and Emily Miletello, Attorney, at the U.S. Coast Guard to ask how the government is monitoring cyber risk as a threat to operations and how we can stay informed.
From The Knowledge CenterCybersecurity 101: Lessons Learned from the Colonial Pipeline Cyber Attack
Subscribe and Join the Conversation
Want to keep pace with our latest Risk Matters Podcasts and Insights? Subscribe and we'll be in touch. Have a risk topic in mind? We want to hear from you.