Planes, Trains, and Tanks

Trains may look like large analog devices, but they are teeming with computers. Communications, monitoring, positive train control, fuel management systems, data recorders, power, and engine control systems all heavily involve digital components. It’s not just locomotives that have become heavily digitized: passenger and freight cars also benefit from many digital sensors and control systems. Because rolling stock runs complicated software and contains many digital interfaces, rail cybersecurity has become an increasingly important topic. In this show, special guest Brian McCord discusses just how embedded digital components are into modern rail cars, what cybersecurity threats exist, and how a researcher goes about discovering cybersecurity issues in an aircraft.

Venture capital is America’s innovation engine. Where venture investors deploy capital has a huge impact on which transformational ideas turn into disruptive products. Ultimately some of these disruptive products turn out to have profound impacts on our lives. It’s no secret that digital technology has been at the root of many such profound impacts over the past century. But this digital landscape invites brave, new frontiers of cybersecurity problems. These frontiers co-evolve with new technologies--from the internet, to smart phones, to internet of things devices, to fleet assets like “planes, trains and tanks.” We can thank venture capitalists and the entrepreneurs they back for many of these new technologies. Unsurprisingly, venture capitalists are also backing cybersecurity companies at a dizzying pace. In this episode, we invite special guests Vardan Gattani and Jim Rutt to discuss why so much venture investment flows into cybersecurity, how investors see the shifting cybersecurity landscape, where they’re excited about bold, new, transformational ideas, and the characteristics that make cybersecurity startups successful.

Even though they may not look like it at first glance, aircraft are crammed full of computers. Communications, navigation, monitoring, flight control, fuel, collision avoidance, flight recorders, weather systems, and management systems are all rooted in digital components. Military aircraft have even more. Because aircraft run complicated software and contain many digital interfaces, aircraft cybersecurity has become an increasingly important topic. In this show, special guest Brian McCord discusses just how embedded digital components are into modern aircraft, what cybersecurity threats exist, and how a researcher goes about discovering cybersecurity issues in an aircraft.

The United States established the Space Force in 2019 as the world’s first and only independent space force. Its mission is to protect US and allied interests in space. Space is an important domain for a wide range of applications, including communications, observation, scientific exploration, and recently tourism. In this episode, special guest Ryan Welch joins us to discuss the mission of this newly formed organization.

Field Engineering is the culmination of the delivery of our ideas to the marketplace in a way that realizes as close to immediate value to the customer as possible and provides a feedback loop to our product, engineering, marketing and sales organizations for improvement. It is the customer facing team of technologists who are "closest to the problems" faced by the customer which enables our company to rapidly deliver world class solutions. In this episode, we welcome special guest Egon Rinderer to discuss what makes a great field engineer, how it’s unique from product engineering, and why many companies find it advantageous to develop field engineering organizations.

Cyberattacks against critical infrastructure can have detrimental impacts on everyday life. The past few months, we’ve seen example after example of cyberattacks causing gas and food shortages as well as transportation service disruptions. CISA, the Cybersecurity and Infrastructure Security Agency, is a standalone US federal agency established to advance the Department of Homeland Security’s national security mission. It seeks to reduce and eliminate threats to US critical physical and cyber infrastructure. CISA recently confirmed Jen Easterly, a former US Army officer and member of Tailored Access Operations, as its new Director. In this episode, special guests Brian McCord and James Correnti discuss Jen Easterly’s Confirmation, CISA’s mission, and a new catalog of Bad Practices that the Agency is actively developing

On this podcast, we’ve talked about the need to secure legacy systems from attackers that use today’s technology. But what about securing today’s systems in preparation for attackers using technologies of the future? In this episode, special guests Ellie Daw and Ben McCarty discuss one of those emerging technologies: quantum computers, and specifically their utility for securing and encrypting data.

Maintenance departments are not often known as the first place to implement new technologies, but as more companies emerge to aid in their processes, companies have to learn to meet these teams where they are and guide them through a digital transformation. How can companies put themselves in the shoes of those they try to serve with their technology? In this episode, we invite Rebeccah Wrady to discuss the four stages of a maintenance organization she has observed in both the automotive and rail industries and how to meet these teams where they are and bring them into a new era of maintenance.

Autonomous fleets are quickly becoming the new topic of conversation among the trucking, rail, and aviation industries. However, with optimistic promises of safety and efficiency improvements comes caution regarding cybersecurity and legal risks. How will autonomous trucking impact the freight rail industry, or vice versa? Will unmanned aerial vehicles (UAV’s) become the future of aviation autonomy? In this episode, we invite special guest, Mike Weigand, to discuss these benefits and risks of what the autonomous future has in store for fleet assets.

A few weeks’ ago, we discussed the utility of the hacker’s mindset in all manner of situations. But what if I told you that the hacker’s mentality is far older than the term itself? On this week’s episode, I am delighted to welcome Ben McCarty, author of Cyberjutsu: Cybersecurity for the Modern Ninja, to discuss the parallels between the practices of world class, cutting-edge cybersecurity professionals and those of elite Japanese warriors hundreds of years ago, as well as what the latter can teach the former.

Cyber Hardening is the process of securing a system by reducing its vulnerabilities. In general, cyber professionals who harden systems try to reduce attack surface by reducing the functions and features of a system to the essentials. Cyber hardening has a long history in the information technology industry, but represents a new frontier in operational technology. In this episode, special guests Joe Saunders discuss how denial of service, buffer-overflow, memory corruption, and zero-day attacks affect critical industrial, commercial, medical, military, and consumer targets -- and how we as a cybersecurity community can rise to the challenge of defending these critical systems.

Department of Defense weapon systems have many costs contributing to their sustainment, with maintenance comprising a major portion of total ownership cost. On one side, maintenance leads to inflated costs and removes vehicles from operations unnecessarily; while on the other side of the spectrum, scaling down maintenance activities to reduce costs could lead to unexpected equipment failure, followed by lengthy triage and repair time. In some cases, these unexpected repairs occur in less than ideal environments with very limited access to platform experts and other maintenance resources. The DoD's maintenance system operates primarily on time-based or reactive maintenance and is struggling to implement preventive and predictive maintenance technologies. Ultimately, there is a fine balance to achieve when efficiently maintaining fleet operations without increasing costs and down-time for critical missions. In this show, Mitch Plonski and Mike Weigand discuss how system operators and military commanders have a need for a comprehensive analysis of their fleets’ data in real-time to better predict maintenance requirements.

Critical infrastructure like water plants, power plants, and sewage treatment facilities have become increasingly digital over the past few decades. These changes have seen analog systems replaced with digital components, so that operation of these facilities requires little human intervention. Remote access technologies allow third parties to manage many facilities at once, creating operating efficiencies. In short, digitizing and networking critical infrastructure allowed for major optimizing. Unfortunately, this modernization created a new attack surface for cyber criminals and nation states to put critical infrastructure at risk. In this episode, we welcome special guest Dave Weinstein to the show to discuss why we’ve seen the relentless digitization of critical infrastructure, what’s broken, and how we fix it.

A hacker is a person who uses technical skills to overcome a challenge or a problem. Typically the term is used to describe someone working within a computerized system, but the hacker mentality can be very useful in other contexts. By breaking down problems into component parts, thinking about the rules of the system you’re operating in, and identifying your goals, you may find yourself using surprising means to achieve victory. In this episode, Mike Hoeschele and Dan Gonzalez join us to discuss the hacker mentality and how they use it every day to solve complex, hard problems.

As we’ve discussed on this podcast numerous times, technology has accreted into our daily lives in profound ways. First, manufacturers infused previously analog devices with digital components. Then we started connecting them to the internet. Computer systems are all around us -- in cars, locomotives, aircraft, ships, hospital equipment, home monitoring, kitchen appliances, and lightbulbs. Unfortunately, manufacturers are putting out fundamentally vulnerable technology. These devices are operating our locomotives, driving our cars, and delivering patient care. The consequences couldn’t be graver and the security community is unable to keep up. In this episode, special guests Fotis Chantis and Ioannis Stais join me to discuss the three major IoT attack surfaces: the network, the hardware, and the radio.

Cars may not have keyboards and login screens, but they are crammed full of computers. These computers are responsible for an increasing number of critical functions in the car. There are even autonomous vehicles that require no human supervision. Because cars now run complicated software and contain many digital interfaces, automotive cybersecurity has become an increasingly important topic. In this show, special guests Robert Leale and Matt Rogers discuss just how embedded digital components are into modern cars, what cybersecurity threats exist, and why it’s important for researchers to continue hacking cars.

The agricultural industry has been experiencing a quiet digital revolution. Previously analog, manual processes are becoming fully automated. Data scientists are plying their craft to millenia-old agricultural problems. Manufacturers are cramming farm equipment with digital components. Cows are getting connected to the internet. This dizzying shift in the way agricultural professionals do business is creating profound ramifications for the ways operators and manufacturers interact. It's also creating a new frontier for data scientists and cybersecurity professionals to solve critical problems in an industry that makes modern society possible. In this episode, special guests Garrett Bladow and Joe Panatoga discuss the agricultural IoT revolution.

Electronics are all around us. From the computers and cell phones that we rely on for work, school, and pleasure, or in the aircraft, locomotives, and vehicles that get people and goods where they need to go, electronics are there storing and manipulating data, sensing, and operating in the physical world. But how do these electronics get designed? Who conceives of, develops, produces, and tests these components? In this episode, special guests Olivia Puleo and Phil Weigand discuss how modern electronics go from concept to reality.

As we've discussed many times on this show, fleet assets like locomotives, aircraft, and maritime vessels generate massive volumes of data thanks to their copious digital components. Collecting this data allows fleet owners to solve a wide range of problems, from eeking out efficiency gains to improving asset maintenance and monitoring cyber intrusions. Data scientists use myriad techniques to solve these problems, many of which include elements of Artificial Intelligence or "AI," a field of study which seeks to enable computers to mimic some of the perception, learning, problem-solving and decision making of the human mind. In this episode, special guests Walter Tackett, Dan Morton, Matt Rogers, and Ellie Daw discuss what AI is (and is not), what kinds of fleet inference problems it can help solve, and exciting new trends in this field.

The Internet of Things or "IOT" is a physical device network that exchanges data. These devices have embedded sensors, actuators, and software, and often communicate over the internet. Examples of IOT devices include "smart home" devices like appliances, thermostats, security systems, and even lighting fixtures. Other examples in a corporate setting include medical and healthcare devices, transportation assets, manufacturing, agriculture, energy management, and even military applications. Security researchers often joke that the S in IoT stands for security. Many IoT devices weren't designed with privacy or security in mind. In this episode, we invite special guests Chris, Earle, and Casey to the show to discuss IoT cybersecurity.