Podcast Image

Control Loop: The OT Cybersecurity Podcast

Control Loop is the OT Cybersecurity Podcast, your terminal for ICS security, intelligence, and learning. Every two weeks, we bring you the latest news, strategies, and technologies that industry professionals rely on to safeguard civilization.
Categories

Last Episode Date: No Date found.

Total Episodes: Not Available

Collaboration
Podcast Interviews
Affiliate and Join Ventures
Sponsorships
Promo Swaps
Feed swaps
Guest/Interview swaps
Monetization
Advertising and Sponsors
Affiliate and JVs
Paid Interviews
Products, Services or Events
Memberships
Donations
5 June 2024
Digging into regulatory compliance issues.

UK will propose law to ban ransom payments for critical infrastructure entities. EPA outlines enforcement measures to protect water utilities against cyberattacks. Rockwell advises customers to disconnect ICS devices from the internet. Senator Vance asks CISA for information on Volt Typhoon. Guest Kimberly Graham of Dragos joins Dave to discuss regulatory compliance issues. Programming Note. Control Loop is going on a temporary hiatus. Thank you for being a loyal listener. N2K CyberWire will be back soon with more ICS/OT news and analysis that you rely on. Please stay tuned for more updates. Control Loop Audience Survey. Please take a moment to fill out our super quick survey. It’s only 5 short questions. Thanks! Control Loop News Brief. UK will propose law to ban ransom payments for critical infrastructure entities. Exclusive: UK to propose mandatory reporting for ransomware attacks and licensing regime for all payments (The Record) EPA outlines enforcement measures to protect water utilities against cyberattacks. EPA Outlines Enforcement Measures to Help Prevent Cybersecurity Attacks and Protect the Nation’s Drinking Water (Environmental Protection Agency) Rockwell advises customers to disconnect ICS devices from the internet. Rockwell Automation Reiterates Customer Guidance to Disconnect Devices from the Internet to Protect from Cyber Threats (Rockwell Automation) Senator Vance asks CISA for information on Volt Typhoon. Senator Vance issues warning on China-backed Volt Typhoon threat to US critical infrastructure (Industrial Cyber) Control Loop Interview. Guest Kimberly Graham, Vice President of Product Management at Dragos, discussing regulatory compliance issues.  Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the N2K CyberWire website. Learn more about your ad choices. Visit megaphone.fm/adchoices

18 min
15 May 2024
Hacktivism targeting OT devices.

US Defense Department warns of Russian hacktivists targeting OT devices. The US government establishes safety and security board to advise the deployment of AI in critical infrastructure sectors. Vulnerabilities affect CyberPower UPS management software. US congressmen put forward water system cybersecurity bill. Encore guest Garrett Bladow, Distinguished Engineer at Dragos, joins us from the CyberCon 2023 event in Bismarck, North Dakota. Garrett discusses active visibility into OT systems. The Learning Lab is currently on a hiatus this episode. Control Loop News Brief. US DOD warns of Russian hacktivists targeting OT devices. Urgent Warning from Multiple Cybersecurity Organizations on Current Threat to OT Systems (NSA) US government establishes safety and security board to advise on deployment of AI in critical infrastructure sectors. DHS launches safety and security board focused on AI and critical infrastructure (FedScoop) Over 20 Technology and Critical Infrastructure Executives, Civil Rights Leaders, Academics, and Policymakers Join New DHS Artificial Intelligence Safety and Security Board to Advance AI’s Responsible Development and Deployment (DHS) Vulnerabilities affecting CyberPower UPS management software. Uninterrupted Power Supply (UPS): A Silent Threat to Critical Infrastructure Resilience (Cyble) US congressmen introduce water system cybersecurity bill. Crawford puts forward bill on cybersecurity risks to water systems (Arkansas Democrat-Gazette) Control Loop Interview. Guest is Garrett Bladow, Distinguished Engineer at Dragos, discussing active visibility into OT systems.  Control Loop Learning Lab. The Learning Lab is on a break. Stay tuned.  Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the N2K CyberWire website. Learn more about your ad choices. Visit megaphone.fm/adchoices

24 min
1 May 2024
Critical infrastructure: Pending legislation and risks and rewards from AI.

Mandiant ties OT attacks to Sandworm. Russia-linked hackers target Texas water utilities. Belarusian hacktivists hit fertilizer company. CISA issues eight ICS advisories. Dave Bittner's Caveat podcast co host Ben Yelin joins him to discuss pending legislation with potential to affect critical infrastructure, as well as the Department of Energy’s assessment of the potential risks and rewards from AI. The Learning Lab is on a hiatus this episode, and will be returning soon! Control Loop News Brief. Mandiant ties OT attacks to Sandworm. Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm (Mandiant) Russia-linked hackers target Texas water facilities. Rural Texas Towns Report Cyberattacks That Caused One Water System to Overflow (SecurityWeek) Russia-linked hacking group suspected of carrying out cyberattack on Texas water facility, cybersecurity firm says (CNN) Belarusian hacktivists hit fertilizer company. Belarusian hackers claim to breach fertilizer plant in retaliation for support of Lukashenko regime (The Record) CISA issues eight ICS advisories. CISA Releases Eight Industrial Control Systems Advisories (CISA) Control Loop Interview. Host Dave Bittner and his co host from the Caveat podcast on the N2K CyberWire network, Ben Yelin, share some discussion about pending legislation with potential to affect critical infrastructure, and Department of Energy’s assessment of the potential risks and rewards from AI. Links to articles:  Crawford puts forward bill on cybersecurity risks to water systems (The Arkansas Democrat-Gazette) US DOE rolls out initial assessment report on AI benefits and risks for critical energy infrastructure (Industrial Cyber)  Control Loop Learning Lab. The Learning Lab is on a break and will be back soon. Stay tuned.  Control Loop Audience Survey. Please take a moment to fill out our super quick survey. It’s only 5 short questions. Thanks! Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on N2K Networks website. Learn more about your ad choices. Visit megaphone.fm/adchoices

24 min
17 April 2024
Examining CIRCIA and VOLTZITE.

Chinese-manufactured devices in US networks see a 41% YoY increase. Ukraine-linked hackers deploy ICS malware against Russian infrastructure company. A look at cyberattacks that had physical consequences in 2023. Lessons from NERC’s GridEx exercise. Extension requested for comment period on CISA’s incident reporting rule. Guest Kate Ledesma, Senior Director Government Affairs at Dragos, talks about the Cybersecurity Incident Reporting for Critical Infrastructure Proposed rule (CIRCIA). The Learning Lab returns has part 2 of Mark Urban and Josh Hanrahan's discussion adversary hunting and VOLTZITE (aka Volt Typhoon). Control Loop News Brief. Chinese-manufactured devices in US networks see a 41% YoY increase. “All your base are belong to us” – A probe into Chinese-connected devices in US networks (Forescout) Ukraine-linked hackers deploy ICS malware against Russian infrastructure company. Unpacking the Blackjack Group's Fuxnet Malware (Claroty) A look at cyberattacks that had physical consequences in 2023. 2024 Threat Report – OT Cyberattacks with Physical Consequences (Waterfall) Lessons from NERC’s GridEx exercise. GridEx VII: Lessons Learned Report (NERC) Extension requested for comment period on CISA’s incident reporting rule. US Chamber of Commerce, industry groups call for 30-day delay in CIRCIA rules (The Record) Control Loop Interview. Guest Kate Ledesma, Senior Director Government Affairs at Dragos, discussing Cybersecurity Incident Reporting for Critical Infrastructure Proposed rule (CIRCIA).  Control Loop Learning Lab. On the Learning Lab segment, listen to Dragos’ Mark Urban talking with Josh Hanrahan, Principal Adversary Hunter at Dragos, in part two of their discussion on adversary hunting and VOLTZITE (aka Volt Typhoon).  Resources: VOLTZITE Threat Group’s Under the Radar Cyber Espionage on U.S. Critical Systems. The 5 Critical Controls for ICS/OT Cybersecurity – SANS webinar. Control Loop Audience Survey. Please take a moment to fill out our super quick survey. It’s only 5 short questions. Thanks! Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on N2K Networks website. Learn more about your ad choices. Visit megaphone.fm/adchoices

47 min
3 April 2024
Hunting adversaries.

Sellafield nuclear waste site to be prosecuted for alleged cybersecurity failings. CISA issues draft proposal for cyber incident reporting by critical infrastructure entities. Threat actor targets Indian government and energy entities. Suspicious NuGet package appears to target developers in the industrial sector. Guest Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, shares their CIRCIA Notice of Proposed Rulemaking. The Learning Lab returns! Mark Urban and Josh Hanrahan discuss adversary hunting. Control Loop News Brief. Sellafield nuclear waste site to be prosecuted for alleged cybersecurity failings. Sellafield nuclear waste dump to be prosecuted for alleged cybersecurity offences (The Guardian) Sellafield nuclear site hacked by groups linked to Russia and China (The Guardian) CISA issues draft proposal for cyber incident reporting by critical infrastructure entities. CISA releases draft rule for cyber incident reporting (CyberScoop) Threat actor targets Indian government and energy entities. Operation FlightNight: Indian Government Entities and Energy Sector Targeted by Cyber Espionage Campaign (EclecticIQ) Suspicious NuGet package appears to target developers in the industrial sector. Suspicious NuGet package grabs data from industrial systems (ReversingLabs) Control Loop Interview. Guest is Eric Goldstein, Executive Assistant Director for Cybersecurity at  CISA. Eric shares their CIRCIA Notice of Proposed Rulemaking that goes into effect this week. Control Loop Learning Lab. The Learning Lab is back! On today’s segment, listen to Dragos’ Mark Urban talking with Josh Hanrahan, Principal Adversary Hunter at Dragos, in part one of their discussion on adversary hunting and VOLTZITE (aka Volt Typhoon).  Resources: VOLTZITE Threat Group’s Under the Radar Cyber Espionage on U.S. Critical Systems .  Control Loop Audience Survey. Please take a moment to fill out our super quick survey. Thanks! Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on N2K Networks website. Learn more about your ad choices. Visit megaphone.fm/adchoices

34 min
20 March 2024
Navigating China's infrastructure risks in the energy sector.

Researchers discover a way to hijack web-based PLCs. Threat actor targets manufacturing entities in North America. US Department of Defense launches CORA program. CISA issues ICS advisories. Guest Aura Sabadus, Senior Journalist at ICIS, joins us to discuss how energy insiders are approaching the renewed risks of China's ramp up toward potential attacks on critical infrastructure and what the energy industry is saying about these risks. The Learning Lab is taking a break and will return soon. Stay tuned. Control Loop News Brief. Researchers discover a way to hijack web-based PLCs. Critical Infrastructure Systems Are Vulnerable to a New Kind of Cyberattack (Georgia Tech) Threat actor targets manufacturing entities in North America. Blind Eagle's North American Journey (eSentire) APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs (Trend Micro) US Department of Defense launches CORA program. JFHQ-DODIN Officially Launches its New Cyber Operational Readiness Assessment Program (US Department of Defense) CISA issues ICS advisories. CISA Releases Fifteen Industrial Control Systems Advisories (CISA) Control Loop Interview. Guest Aura Sabadus, Senior Journalist at ICIS, joins us to discuss how energy insiders are approaching the renewed risks of China's ramp up toward potential attacks on critical infrastructure and what the energy industry is saying about these risks. Control Loop Learning Lab. The Learning Lab is on break and will return in the near future. Stay tuned. Control Loop Audience Survey. Please take a moment to fill out our super quick survey. Thanks! Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on N2K Networks website. Learn more about your ad choices. Visit megaphone.fm/adchoices

28 min
6 March 2024
Addressing maritime cyber threats.

NIST releases Cybersecurity Framework 2.0. Biden administration issues executive order on maritime cybersecurity. Suspected Chinese threat actor continues to exploit Ivanti vulnerabilities. ThyssenKrupp sustains ransomware attack. Guests Liz Martin, Global Advisory Solution Architect at Dragos, and Blake Benson, Senior Director at ABS Group, talk through the latest Maritime Executive Order. The Learning Lab is taking a break and will return soon. Stay tuned. Control Loop News Brief. NIST releases Cybersecurity Framework 2.0. NIST Releases Version 2.0 of Landmark Cybersecurity Framework (NIST) Biden administration issues executive order on maritime cybersecurity. On-the-Record Press Call on the Biden-⁠Harris Administration Initiative to Bolster the Cybersecurity of U.S. Ports (The White House) Biden to sign executive order on US port cybersecurity targeting Chinese-manufactured shipping cranes (CNBC) Suspected Chinese threat actor continues to exploit Ivanti vulnerabilities. Cutting Edge, Part 3: Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts (Mandiant) ThyssenKrupp sustains ransomware attack. German Steelmaker Thyssenkrupp Confirms Ransomware Attack (SecurityWeek) Control Loop Interview. Guests Liz Martin, Global Advisory Solution Architect at Dragos, and Blake Benson, Senior Director at ABS Group, talk through the latest Maritime Executive Order. For more information, review the Executive Order on Amending Regulations Relating to the Safeguarding of Vessels, Harbors, Ports, and Waterfront Facilities of the United States and White House’s FACT SHEET: Biden-⁠Harris Administration Announces Initiative to Bolster Cybersecurity of U.S. Ports.  Control Loop Learning Lab. The Learning Lab is on break and will return in the near future. Stay tuned. Control Loop Audience Survey. Please take a moment to fill out our super quick survey. Thanks! Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on N2K Networks website. Learn more about your ad choices. Visit megaphone.fm/adchoices

29 min
21 February 2024
Volt Typhoon and the Year in Review.

Five Eyes publish report on Volt Typhoon. Volt Typhoon targets emergency management services in the US. Siemens and Schneider Electric issue patches. Guest is Magpie Graham, Principal Adversary Hunter Technical Director at Dragos, sharing the findings of Dragos Cybersecurity Year in Review report. The Learning Lab segment will return next episode. Control Loop News Brief. Five Eyes publish report on Volt Typhoon. PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure (CISA) Volt Typhoon targets emergency management services in the US. VOLTZITE Espionage Operations Targeting U.S. Critical Systems (Dragos) Siemens and Schneider Electric issue patches. ICS Patch Tuesday: Siemens Addresses 270 Vulnerabilities (SecurityWeek) Control Loop Interview. Guest Magpie Graham, Principal Adversary Hunter Technical Director at Dragos, reviews the key findings of Dragos’ Cybersecurity Year in Review report. You can download a copy of the report here.  Control Loop Learning Lab. The Learning Lab segment will return next episode. Control Loop Audience Survey. Please take a moment to fill out our super quick survey. Thanks! Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on N2K Networks website. Learn more about your ad choices. Visit megaphone.fm/adchoices

31 min
7 February 2024
Operational Technology disruptions: An eye on the water sector.

Volt Typhoon targets US critical infrastructure. Ransomware attacks in the OT sector. Ransomware attack against Johnson Controls cost $27 million. Bill would add ICS security to President’s Cup Cybersecurity Competition. Guest is Dragos CEO and Founder Robert M. Lee from the hearing before the U.S. Congressional Subcommittee on Cybersecurity and Infrastructure Protection on February 6, 2024. We share Rob’s opening statement before the committee. On the Learning Lab, we have the concluding part of a 2-part discussion on building community in OT that Dragos Mark Urban had with Dragos Strategic Accounts Director Sam Van Ryder. Control Loop News Brief. Volt Typhoon targets US critical infrastructure. Exclusive: US disabled Chinese hacking network targeting critical infrastructure (Reuters) Wray warns Chinese hackers are aiming to 'wreak havoc' on U.S. critical infrastructure (NPR) Ransomware attacks in the OT sector. Dragos Industrial Ransomware Analysis: Q4 2023 (Dragos) The Crisis of Convergence: OT/ICS Cybersecurity 2023 (TXOne Networks) Ransomware attack against Johnson Controls cost $27 million. Johnson Controls says ransomware attack cost $27 million, data stolen (BleepingComputer) Schneider Electric confirms ransomware attack. Schneider Electric confirms it was hit by ransomware attack (Silicon Republic) Energy giant Schneider Electric hit by Cactus ransomware attack (BleepingComputer) US sanctions Iranian officials for attacks on critical infrastructure. Treasury Sanctions Actors Responsible for Malicious Cyber Activities on Critical Infrastructure (OFAC) US House Energy Subcommittee holds hearing on cyberattacks against water infrastructure. US House Energy Subcommittee holds hearing on safeguarding drinking water infrastructure from cyberattacks (Industrial Cyber) Bill would add ICS security to President’s Cup Cybersecurity Competition. Senate HSGAC Approves Cyber, Software Bills (Meritalk) Control Loop Interview. Dragos CEO and Founder Robert M. Lee testified at the hearing before the U.S. Congressional Subcommittee on Cybersecurity and Infrastructure Protection on February 6, 2024. We share Rob’s opening statement before the committee. The purpose of the hearing was to discuss threats to water and wastewater ICS/OT systems in the U.S. that have the potential to disrupt operations and pose safety risks and examine the steps needed to secure operational technology in the water sector.  Read the press release. Watch the video of the hearing: Securing Operational Technology: A Deep Dive into the Water Sector.  Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos Strategic Accounts Director Sam Van Ryder to conclude their discussion of building community in OT. Learn more about Hou.Sec.Con. Learn more about the Dragos Community Defense Program which provides free access to Dragos OT cybersecurity technology for qualifying utility providers to better protect their communities from potentially destructive cyber attacks. Control Loop Audience Survey. Please take a moment to fill out our super quick survey. Thanks! Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on N2K Networks website. Learn more about your ad choices. Visit megaphone.fm/adchoices

28 min
24 January 2024
Building community in OT.

An analysis of cyberattacks against Danish energy infrastructure. US government outlines threats posed by Chinese-manufactured drones. Vulnerability in Bosch thermostats. OIG says CISA needs to improve collaboration with the water sector. Guests Mark Stacey of Dragos and Charles Kano from WestCap discuss cyber insurance as an important part of your organization's security plan. On the Learning Lab, we have the first part of a 2-part discussion on building community in OT that Dragos Mark Urban had with Dragos Strategic Accounts Director Sam Van Ryder. Control Loop News Brief. OIG says CISA needs to improve collaboration with the water sector. CISA needs better collaboration with the EPA and water sector, watchdog says (Nextgov) Volt Typhoon targets end-of-life Cisco routers. Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure (Dark Reading) Cyberattacks against Israeli ports. Israeli Ports Hit in Cyberattack: Anonymous Sudan Takes Credit (The Cyber Express) An analysis of cyberattacks against Danish energy infrastructure. Clearing the Fog of War: A Critical Analysis of Recent Energy Sector Attacks in Denmark and Ukraine (Forescout) US government outlines threats posed by Chinese-manufactured drones. Cybersecurity Guidance: Chinese-Manufactured UAS (CISA) Vulnerability in Bosch thermostats.  Vulnerabilities identified in Bosch BCC100 Thermostat (Bitdefender) Control Loop Interview. On this episode, we are joined by Mark Stacey of Dragos and Charles Kano from WestCap discussing cyber insurance as an important part of your organization's security plan. Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos Strategic Accounts Director Sam Van Ryder to discuss building community in OT. Learn more about Hou.Sec.Con. Learn more about the Dragos Community Defense Program which provides free access to Dragos OT cybersecurity technology for qualifying utility providers to better protect their communities from potentially destructive cyber attacks. Control Loop Audience Survey. Please take a moment to fill out our super quick survey. Thanks! Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on N2K Networks website. Learn more about your ad choices. Visit megaphone.fm/adchoices

43 min
Contact Us
First
Last
Discover New Podcast Partnerships

Subscribe To Our Weekly Newsletter

Get notified about new partnerships

Enter your name and email For Gifts, Deals and Prizes