Nexus: A Claroty Podcast

Cybersecurity pioneer Mikko Hypponen joins the Claroty Nexus live at the RSA Conference to discuss a decade of ransomware attacks against corporate networks. Hypponen is Chief Research Officer at WithSecure, the former F-Secure for Business. He has observed and analyzed malware from its infancy when it was a merely a means of disruption and attention-seeking to today's enormously profitable ransomware services and gangs .

Former NSA Director Adm. Michael S. Rogers (Ret. USN) joins the Claroty Nexus Podcast live from RSA Conference in San Francisco to discuss the current geopolitical climate, its impact on chief information security officers, and how they can and should response. Rogers discusses how the doctrines of adversaries are changing and that U.S. critical infrastructure is increasingly in the crosshairs. He also brings his experience and delivers practical advice for CISOs who are not only dealing with external adversaries but also potential legal liability in the event of breaches.

Abel Archundia, chief technology officer and global head of advisory for Istari, joins the Claroty Nexus podcast to discuss the nature of complexity, technical debt, and regulation, and how it influences risk decisions in critical infrastructure environments. He explains the challenges complexity brings to manufacturing, pharmaceuticals, and other CI sectors, and how owners and operators may feel outmatched by technical debt.

Adam Gluck, founder and CEO of Copia Automation, joins the Claroty Nexus podcast to discuss the need for DevOps within industrial automation. DevOps practices are popping up more frequently in these environments, but there are still hurdles and challenges for developers and engineers to overcome. Adam covers those, and explains how DevOps can improve disaster recovery, lessen the introduction of vulnerabilities in new code, and mitigate risk by being proactive about reviewing code changes as they happen rather than later in the development lifecycle.

Greg Garcia, the executive director of the Healthcare and Public Health Sector Coordinating Council’s Cybersecurity Working Group, joins the Claroty Nexus podcast to discuss the Change Healthcare ransomware attack and what can be done from a policy perspective to minimize the impact of such attacks in the future. Garcia has had a long career on the policy side of cybersecurity, and was the first presidentially appointed Assistant Secretary for Cybersecurity at the Department of Homeland Security. In this episode, he discusses where organizations are in terms of recovery from the impacts of the attack, longterm impacts on the healthcare sector, and how the HSCC's recently published five-year strategic plan for organizations in the crosshairs.

Ryan Pickren, a Ph.D. student in the School of Electrical and Computer Engineering at the Georgia Institute of Technology, joins the Claroty Nexus podcast to discuss a recently published research paper that explains a new web-based malware attack against programmable logic controllers. Pickren, the lead author, along with colleagues Tohid Shekari, Saman Zonouz, and Raheem Beyah, explains how embedded webservers inside modern PLCs can be attacked to give remote attackers full control over the device. Check out their paper: “Compromising Industrial Processes Using Web-Based Programmable Logic Controller Malware”

Hormel Foods Chief Information Security Officer and Director of Information Security and Compliance Mike Rogers joins the Claroty Nexus podcast to discuss why it's so important for CISO's to understand their personal liability during cybersecurity incidents. New regulations, including the SEC's cybersecurity rules, are driving this need for security leadership to evaluate to manage their personal exposure. Rogers provides his perspective on the SEC rules, how incident response is changing, and the ambiguity around exactly what constitutes a "material" incident.

Noam Moshe of Claroty Team82 is back to answer more listener questions about OT vulnerability research, threats and risks to OT networks and IoT devices, and the best mitigation and remediation strategies for defenders. This is a follow-up podcast to an episode we recorded in December answering listener questions. You can listen to that episode here.

Phlow Corp., CIO Juan Piacquadio joins the Claroty Nexus podcast to discuss the application of Industry 4.0 to pharmaceuticals, also known as Pharma 4.0. The industry is quickly adopting advanced technologies such as artificial intelligence, digital twins, and augmented reality to enhance the development of medicine and improve patient care. Along with that expansion of capabilities comes a wider attack surface, and Piacquadio spends a good deal of time explaining not only the threat landscape he envisions, but also how giant pharmaceuticals, the supply chain, and security providers must respond. Subscribe to the Nexus Podcast here.

David Elfering, CISO at Carrix and former security and risk executive at Marsh, is back for another episode of the Claroty Nexus podcast to discuss cyber liability insurance. Elfering has extensive experience working not only as an enterprise cybersecurity executive, but also with one of the world's leading insurance carriers. Listen as he brings insight on that perspective, how carrier cybersecurity requirements align with risk reduction, red flags that can imperil coverage or claims, and how cyber insurance providers are looking at geopolitical conflict.

Team82 researchers Sharon Brizinov and Noam Moshe join the Claroty podcast for a special episode where they answer questions submitted by users. This Ask-Me-Anything style of podcast covers the team's OT and IoT vulnerability research process, resources for experienced and beginner vulnerability researchers, and insights from their point of view on the threat landscape for cyber-physical systems.

Nathan Brubaker, Mandiant and Google Cloud Head of Emerging Threats and Analytics, joins the Claroty Nexus podcast for a timely discussion on his team’s report published this week on the Sandworm APT’s activity in Ukraine. Sandworm leveraged a new TTP—Living off the Land techniques—to target a Ukrainian energy company in October 2022 to cause a power outage. That outage also coincided with missile attacks by Russia against critical infrastructure in Ukraine. Read Mandiant's Sandworm paper here.

Don Weber of Cutaway Security joins the Nexus podcast to discuss a trend in control environments where asset operators and engineers keep trained cybersecurity professionals at arm's length, citing safety concerns. As more control systems are connected and managed online, it's critical for certified security professionals to be included in overall safety and reliability activities. Otherwise new risk and vulnerabilities are likely to be introduced. Weber also discusses a new methodology for assessing implementation vulnerabilities within industrial automation and control systems. Read more about IACS STAR: IACS STAR Calculator IACS STAR GitHub

Misha Belisle and Blaine Jeffries of MITRE join the Claroty Nexus podcast to discuss Caldera for OT, a new set of operational technology plugins for the open source core Caldera adversary emulation platform. Caldera for OT supports the Modbus, BACnet, and dnp protocols, and Belisle and Jeffries hope to add future support for additional protocols. Red and purple teams may use Caldera for OT for adversary emulation in order to understand the exposure of these protocols to attacks. Caldera for OT is available here.

Retired Pfizer Chief Information Security Officer Jim Labonty joins the podcast to discuss the operational technology (OT) security stack, and how it differs from IT. This episode provides especially important for the growing number of security leaders who are newly responsible for OT cybersecurity and the safety of cyber-physical systems. Labonty also shares his experience during his time at Pfizer in securing the development of Pfizer's Covid-19 vaccine, and how not only security of the manufacturing process took top priority, but also supply chain security.

Stephen Reynolds, a partner at the law firm of McDermott, Will, and Emery, joins the Nexus Podcast to discuss some of the concerns and questions CISOs and other security executives may have about their personal liability and exposure during breach investigations. The short of it: Don’t panic, but don’t be unprepared either. In this case, preparation equates to having personal legal counsel available, and document everything during an incident. Reynolds and Eli Lilly associate VP and assistant general counsel Nick Merker presented on this topic at Black Hat under the context of the case and conviction of former Uber CISO Joe Sullivan. Sullivan was convicted of obstruction of justice and misprision of a felony for his role in covering up a breach at Uber. Reynolds cautions that CISOs always remember that corporate counsel represent the company, and any attorney-client privilege is to the company and not the individual. He also reminds leaders to document the facts and information available at the time key decisions were made during an incident.

Team82’s extensive research into network attached storage devices and the ubiquitous OPC UA industrial protocol came to a head recently in Las Vegas with a pair of presentations at Black Hat USA and DEF CON disclosing vulnerabilities in Synology and Western Digital NAS cloud connections and the unveiling of a unique OPC UA exploit framework. In this episode of the Nexus podcast, researcher Noam Moshe explains how both research initiatives came to be, the implications of each for users, and how the respective ecosystems have been made safer. Read our Synology research Read our Western Digital research Read about our OPC UA exploit framework Download the framework

In this episode of the Nexus podcast, Bishop Fox researchers Dan Petro and David Vargas explain their research into the Open Supervised Device Protocol (OSDP), meant to bring encryption to badge readers and controllers providing physical access controls at secure facilities. Petro and Vargas explain a number of protocol weaknesses and vulnerabilities that defeat OSDP's promise of encryption and security. Through the attacks they describe, they're able carry out—among others—replay or downgrade attacks, which are enabled by severe key exchange vulnerabilities or weakened crypto keys as described in the protocol. Petro and Vargas unveiled this research during a presentation at Black Hat USA in Las Vegas.

Jennifer Lyn Walker, Director of Infrastructure Cyber Defense for the WaterISAC, joins the Nexus podcast to discuss the state of cybersecurity within the water and wastewater critical infrastructure sector. Walker explains where the cybersecurity technology, funding, and skills gaps currently exist among smaller—and larger—water providers. She also covers recent improvements from water utilities, and what, in an ideal world, the cybersecurity industry and government could do to help.

Kathleen Moriarty, Chief Technology Officer of the Center for Internet Security (CIS) joins the Nexus podcast to discuss CIS' recently published IoT Embedded Security Guidance. The document walks vendors, developers, DevOps professionals through the most commonly used IoT protocols and analyzes them from a security perspective. The aim is to help vendors and developers with this selection process and assist with building security in at the protocol level. Download the guidance here.