Hack the Plant

For the last episode of season 5, host Bryson Bort sat down with Andrew Ohrt, Resilience Director West Yost Associates. A civil engineer specializing in water infrastructure, Andrew bridges the gap between traditional engineering and digital risk. Andrew walks us through the "invisible" nature of water systems, the impact of data centers on utility resilience, and how Cyber-Informed Engineering (CIE) protects our most essential resource.

How did a drive under a rebuilt bridge in Minneapolis pivot Andrew’s career toward critical infrastructure? Why did a single wastewater release shut down Waikiki Beach for an entire week? And what ha...

Our host Bryson Bort welcomes Dr. Natalie Sullivan, Medical Director of the Emergency Response Medical Group and an emergency medicine physician at a D.C. area hospital. Trained in EMS and disaster and operational medicine, Natalie turned her attention to the critical intersection of clinical medicine, patient safety, and cybersecurity resilience after experiencing a prolonged ransomware attack on a major hospital. Dr. Sullivan lays out the disaster preparedness cycle, and the many vectors of risks for hospitals. 

How does a cyberattack on one hospital lead to increased cardiac arrest mortality at the hospital three blocks away? Why i...

Bryson Bort is joined by Dd Budiharto, Microsoft’s Customer Security Officer for the Oil, Gas, and Energy sectors, to share her experience bridging the IT/OT divide in the energy sector. Drawing on her background as a former CISO and industry veteran with decades of experience starting security programs at giants like Halliburton and Marathon Oil, Dd breaks down IT vs OT auditing, the cultural divide in oil and gas, and what cybersecurity looks like in the energy sector.   

How did an early mistake involving a patch reboot change Dd's career forever? What is preventing private compa...

In this episode, host Bryson Bort sits down with Gary Kessler, retired cybersecurity professor and co-founder and director of the Maritime Hacking Village. As a maritime cybersecurity researcher, consultant, and practitioner with nearly fifty years of experience, Gary walks us through the ins and outs of cybersecurity at sea, automated identification systems (AIS), and AI’s current and future role in maritime operations. 

What is AIS spoofing, and why is it dangerous? What are the unique challenges posed by cybersecurity at sea? Is the maritime industry ready for artificial intelligence integrations? 

“AI is going to [presen...

Deputy Managing Director at the Cyber Readiness Institute Lessie Skiba joins host Bryson Bort to discuss the CRI’s new program connecting small- and medium-sized water utilities with cyber coaches to strengthen their resilience.

What if the most effective cybersecurity solution isn't a new piece of technology, but a human connection? How can we empower small businesses to tackle cyber threats, even with limited resources? And if Lessie could wave a magic, air-gapped wand, what is one fundamental change she would make to our digital landscape?

Join us for this and more on this episode of...

Our host Bryson sits down with Colin Ahern and Kirk Herath, two of the only cybersecurity experts working in Governors’ offices in the United States. Colin was appointed Chief Cyber Officer of the State of New York by Governor Kathy Hochul in June 2022, and Kirk stepped into his role as Cybersecurity Strategic Advisor to Ohio Governor Mike DeWine and Lt. Governor Jon Husted the same year. In their positions, Colin and Kirk are responsible for coordinating their states’ cybersecurity capabilities, overseeing threat assessment and response, working with local governments to prepare for and remediate cyber attacks, and more.  

What...

Bryson Bort is joined by Jim Montgomery, Director, Industrial Cybersecurity Solutions at TXOne Networks. TXOne provides network-based and endpoint-based products to tackle security vulnerabilities across industrial environments. With decades of IT security experience, Jim now leads TXOne’s work protecting Operational Technology environments across critical sectors like automotive, oil and gas, pharma, manufacturing, and semiconductors.

How can we defend against threats that are already embedded within our systems? What are the most immediate and significant risks facing our critical infrastructure today? And how can operators begin to secure their networks? 

“Let's start with the basics. Let's...

Bryson Bort sits down with Adam Robbie, Head of OT Threat Research at Palo Alto Networks, to pull back the curtain on OT threat research. With a background in electrical engineering, Adam’s first job in cybersecurity was at an IT help desk. He now leads a team dedicated to identifying, analyzing, and mitigating cyber threats targeting Operational Technology (OT) environments.

What are the top threats Adam is seeing in OT attacks? Why is manufacturing such a vulnerable sector? And if he could wave a magic, non-Internet connected wand, what would he change? 

“I really would...

Bryson Bort welcomes Sarah Powazek, Program Director of Public Interest Cybersecurity at the UC Berkeley Center for Long-Term Cybersecurity, to discuss the organization’s work providing cybersecurity resources for the public, and CyberCAN, a project to connect cities and nonprofits providing critical services.  

How can cities play a larger role in protecting their communities? What are the biggest cybersecurity challenges facing nonprofits? What innovative solutions are being developed to address the cybersecurity resource gap? 

“It's never going to be enough to have one federal agency help every single organization in a country. We're just too large,”...

Welcome to season 5! Our host Bryson Bort sits down with Institute for Security and Technology (IST) Executive in Residence for Public Safety & Security Josh Corman. Josh previously joined us on season 1, episode 2 to discuss his experience founding I Am The Cavalry, a grassroots organization focused on the intersection of digital security, public safety, and human life. 

Today, Josh walks us through his Cyber Civil Defense initiative UnDisruptable27 and his work to bolster the resilience of local critical infrastructure systems. 

What role can you play in making our communities more resilient? What risks do we face fr...

For the final episode of the season, our host Bryson Bort reflects on four years and forty episodes of Hack the Plan[e]t, and picks a few favorites. 

Episode 8, DoD and Critical Infrastructure: https://hack-the-plant.simplecast.com/episodes/dod-and-critical-infrastructure

Episode 10, The Congressman, The Commission and Our Critical Infrastructure: https://hack-the-plant.simplecast.com/episodes/the-congressman-the-commission-and-our-critical-infrastructure

Episode 27, Managing Incident Responses to Critical Infrastructure Attacks: https://hack-the-plant.simplecast.com/episodes/managing-incident-responses-to-critical-infrastructure-attacks

Episode 28, Cyber Threat Intelligence Over the Past 25 Years: https://hack-the-plant.simplecast.com/episodes/cyber-threat-intelligence-over-the-past-25-years

Episode 36, Supporting Ukrainian Electrical Grid R...

Bryson is joined by Carter Manucy, Director of Cybersecurity at the National Rural Electric Cooperative Association to discuss rural electric cooperatives, the importance of collaboration, and the state of cybersecurity in the energy sector. With over two decades of experience in the sector, Carter was recently awarded E-ISAC’s prestigious Michael J. Assante Award for his leadership on initiatives to protect the grid and electric co-ops. 

How are cooperatives fostering a stronger cybersecurity culture? What are the unique challenges faced by rural electric cooperatives in the cybersecurity landscape? And what does Carter see in his crystal ball for...

Bryson is joined by Sara Patrick, President and CEO at the Midwest Reliability Organization (MRO) to discuss cyber threats, mitigation strategies, and the United States energy infrastructure system. A lawyer by training, Sara led MRO’s enforcement group and compliance monitoring team for 16 years before stepping into her position as CEO. 

What risks does AI pose to maintaining a reliable grid? How does MRO build resilience into the Northeast bulk power grid? What do smaller organizations need to be able to mitigate threats? 

“When we think about operations, we're a lot of times focused on the bi...

In this episode, Bryson sits down with MITRE EMB3D co-founder Niyo Little Thunder Pearson. For nearly 20 years, Niyo has been at the forefront of protecting critical infrastructure systems. He previously led incident response for American Express, directing the company’s Security Operations Center during the LulzSec and Anonymous attacks, and worked to develop an adversarial cyber defense program for the nation’s third largest gas utility at ONE Gas Oklahoma. Now, Niyo has co-founded MITRE EMB3D, a groundbreaking global threat network aimed at enhancing the security of embedded devices. 

What is MITRE EMB3D? Who is th...

In this episode, Bryson sits down with Mark Montgomery, Senior Director at the Foundation for Defense of Democracies. For three years, Mark served as Executive Director of the Cyberspace Solarium Commission, created by congressional mandate to develop strategic approaches to defending against cyber attacks. Now, he directs CSC 2.0, an initiative that works to implement the recommendations of the Commission. 

What were the key recommendations of the Cyberspace Solarium Commission? What are the politics of cybersecurity? How do we ensure that our international partners have the same level of resiliency and recovery that we have domestically? 

“We'd...

Joe Marshall is a Senior IoT Security Strategist at Cisco Talos Intelligence Group. When Russia invaded Ukraine in 2022, Joe helped coordinate a multinational, multi-company coalition of volunteers and experts to find a technological solution. 

Bryson and Joe sat down to discuss his efforts in Ukraine, how he got the go-ahead from Cisco leadership, and more. 

“They were like, yeah, we can't even get accurate timing to work on our transmission grid because of jamming that is interrupting GPS communications,” Joe explains. “A week later I was sitting in my office and I went, ‘I wonder if we have...

In this episode, Bryson Bort is joined by Paul Shaver, Global OT Security Practice Lead at Mandiant / Google Cloud to discuss the cyber threat landscape. How did Paul’s military background play a role in his decision to start working with control systems? What is the difference between an advanced persistent threat and a regular threat? What does Paul think is the best way to protect against documented threats from nation-state actors?

“I think if we're not doing a better job of protecting critical infrastructure, protecting our assets, any one of the nation state actors could cause that...

Claroty is a cybersecurity company that helps organizations to secure cyber-physical systems across industrial (OT), healthcare (IoMT), and enterprise (IoT) environments: the Extended Internet of Things (XIoT). 

In this episode, Bryson Bort sits down with Claroty director of research and industrial control system (ICS) vulnerability expert Sharon Brizinov to discuss everything ICS.

What are the most common vulnerabilities threatening ICS security? What’s the impact of cybersecurity controls standardization? And if he could wave a magic wand, what is one thing he’d change in the ICS industry? 

“Don't expose ICS equipment over the Inte...

Psymetis creates Operational Technology (OT) security solutions that quickly and prevent electric grid outages and catastrophic infrastructure failures. Psymetis’ Werewolf system provides condition monitoring and threat mitigation for the power grid, detecting cyberattacks, equipment failures, and physical damage in real-time. 

In this episode of Hack the Plant, Bryson sits down with Psymetis CEO Robert Shaughnessy to discuss his work with Psymetis, challenges to innovation in the private sector, and the role of government in developing new technologies. 

What ecosystem problem is Psymetis solving? How is the federal government involved? What threats do our critical infrastructure syst...

As America’s Cyber Defense Agency and the National Coordinator for Critical Infrastructure Security and Resilience, the Cybersecurity and Infrastructure Security Agency (CISA) leads the national effort to understand, manage, and reduce risk to the cyber and physical infrastructure that Americans rely on every day. 

In this episode of Hack the Plant, Bryson sits down with CISA Director Jen Easterly to discuss her work on leading CISA’s critical infrastructure mission, implementing efforts to make products Secure by Design, and working with private companies to combat ransomware.

How has CISA’s role evolved since 2018? How do they...

I’m joined by Jesse Whaley, the Chief Information Security Officer at Amtrak, for this episode of Hack the Plant.  Amtrak is  the nation's largest passenger rail service provider and one of the most complex and critical transportation systems in the world. 

We discuss what it takes to oversee Amtrak’s digital assets and infrastructure, and what it takes to keep them secure. 

“The company had a safety culture. Before every meeting before every job site that workers went out to on the railroad to do work. They did safety briefings … I got alignment on hey, this sh...

I’m joined by Dan Ricci, founder of the ICS Advisory Project, for this episode of Hack the Plant.

The ICS Advisory Project is a free, open-source platform that helps asset owners across 16 critical infrastructure sectors stay secure by identifying threats in their environments.

“I saw a gap in the community. There's good data that's coming at us…but no one did anything to take and make that data more digestible through visualization. So I decided, okay, well, I'm just going to do it now. I’m going to take the the data that I have bee...

I’m joined by Jason Healey, a Senior Research Scholar at Columbia University’s School for International and Public Affairs, for this episode of Hack the Plant. Jason is a pioneer of cyber threat intelligence, with experience spanning fifteen years across the public and private sectors. 

Today, we discuss a recent article Jason published at Lawfare, looking at 25 years of White House cyber policies, from the Clinton to the Biden administrations. We explore how regulatory policy has become more sophisticated over time, and the evolving nature of threats.

“One of the biggest debates right now amongst...

I’m joined by David Patrick Emmerich, the Principal Cyber-Physical Range Architect at the University of Illinois, for this episode of Hack the Plant. 

We’re here today to talk about RADICS, a DARPA project. RADICS stands for Rapid Attack Detection, Isolation and Characterization Systems.  We discuss David’s role in building automated data collection and set up simulations and testing, and how the process of doing vulnerability discovery for physical assets helps asset owners.

“  ‘These are ways that an attacker could get around it.’ ‘These are where your blind spots might be’ … We help them understand that...

For today’s episode, I’m joined by Lesley Carhart. Lesley is the Director of Incident Response for North America at the industrial cybersecurity company Dragos, Inc. She leads incident response and proactively hunts for threats in customers’ ICS environments. Lesley was the incident response team lead at Motorola Solutions, and retired from the United States Air Force. 

Today, we dive into the kinds of active threats out there that incident response deals with:

“We see insider cases, both intentional and unintentional insider cases. We see a lot of crime ware. So crime actors are getting s...

For today’s episode, I’m joined by Zach Tudor, the Associate Laboratory Director at Idaho National Laboratory (INL). INL is a Department of Energy national laboratory, is the nation's leading center for nuclear energy research and development. Zach is responsible for INL’s Nuclear Nonproliferation, Critical Infrastructure Protection and Defense Systems missions.

We discuss how INL partners with the private sector to test challenges to critical infrastructure, and the cutting edge work INL is doing to secure the next generation of critical infrastructure.

"Honeywell has been one of the big players that has been workin...

“One of my favorite topics is disaster resilience. We do quite a bit of work on what mutual assistance looks like and how to improve mutual assistance, how to rebuild systems once they've been hit by something terrible. My more recent interesting example was when a tornado had gone through a co-op and they were looking for what to do when their data server was just plain missing. It was Dorothy essentially over to somewhere else and they were asking us: Is it a data breach?” 

- Emma Stewart  

For today's episode, I'm join...

“What's been most concerning is the rise of wiper malware. Threat actors are no longer interested in hey we're going to lock up all of your data. We're going to encrypt everything and force you to pay a ransom and then maybe give you the decryption key. Now with wiper malware they're just completely wiping it. … This year there's been a total of 5 wiper malwares that has been targeting critical infrastructure. So I think everyone should be very aware of that.” -Roya Gordon 

For today's episode, I'm joined by Roya Gordon and Danielle Jablanski of Nozomi Networks, a firm...

“Agriculture and cybersecurity has just run under the radar. We're talking about something that's one fifth of the us economy right? This is this is a huge deal here in the US, and globally as well …  We can begin get the right expertise and collateral assembled so we're not the next ransomware victim or we have enough resiliency built into our operations that if we get we get hit and we get smoked our recovery will be easier and our our financial losses will be minimized.”  - Joe Marshall

In this episode of Hack the Plant, I’m joined b...

“Most industrial economies only consume about 20% our total end use energy in the form of electricity. The rest, we consume by basically combusting fossil fuel … You could get all of your electricity from wind and solar and you've still only solved 20% of your carbon problem. A lot of the investments we've made at Energy Impact Partners are actually in electrification. Basically electrifying all that stuff that today is fueled directly by fossil fuel but in the future could be fueled by electricity.” - Andy Lubershane

In this episode of Hack the Plant, I’m joined by Andy Lubersha...

“Most industrial economies only consume about 20% our total end use energy in the form of electricity. The rest, we consume by basically combusting fossil fuel … You could get all of your electricity from wind and solar and you've still only solved 20% of your carbon problem. A lot of the investments we've made at Energy Impact Partners are actually in electrification. Basically electrifying all that stuff that today is fueled directly by fossil fuel but in the future could be fueled by electricity.” - Andy Lubershane

In this episode of Hack the Plant, I’m joined by Andy Lubersha...

“You can only cover about 65% of the cybersecurity workforce demand with the existing workforce today. So we need to do something to address that gap. We need to either build that workforce or re-skill existing individuals that are looking to get into new fields. That's the approach that we're taking. So the need is there. We know that cyber risk is there. We know that adversaries are constantly re-skilling and skilling up as well. And we need to build a protective workforce around that.” - John Ellis

In this episode of Hack the Plant, we feature John Elli...

“How do we talk about all the great things we're doing in our communities, in optimizing and trying to reduce carbon, and looking at new solutions and coming up with different technologies that can help advance to help keep prices down and keep reliability up. We're really spoiled at times in the US with how often we have our power. I've had to travel on all seven continents and had times where I didn't have power because the grid was down in other countries.” Dr. Noel Schulz

In this episode of Hack the Plant,  Dr. Noel Schulz of Wa...

“I've been educating now for about eight years within the college system and that hands-on experiential learning is critical. When I have students do something that's like a scenario based off of different security assessments I've done or just weaving in some real world stuff, they thrive. They really get excited. They walk away from it energized.” - Dennis Skarr

In this episode of Hack the Plant, Dennis Skarr of Everett Community College joins us to talk about an industrial cybersecurity program for students he has recently built. He describes the interactive element that helps students get exci...

Wind energy is one of the most rapidly growing energy generation sources in the US - how can these renewable systems stay resilient in the face of cyber attacks as the industry grows?

In this episode, we hear from Megan Culler and Keith Mecham of Idaho National Labs (or INL). Megan Culler is a Power Engineer and Researcher; Keith Mecham is a Critical Infrastructure Cybersecurity Engineer.

INL is a Federally funded research and development center (FFRDC): public-private partnerships which conduct research and development for the United States Government. They operate large infrastructure security programs that...

“Initially it was looking at specific types of attacks and thinking how those could be utilized against our systems, but then it became more sophisticated in thinking of how these attacks could be coordinated together by larger actors? ….  I think that regulation's role is more to draw attention and provide you with a base minimum, and then from there, it's the responsibility of those industries of those actors to step up and design the systems and implement true security.” - David Coher

How can our electrical grid system anticipate cybersecurity attacks? What is the nature of its vulnera...

“We had to go out and talk to experts and just have the conversations and then be brutally honest about what those people were telling us about the problem. In many cases, we didn't even tell them what we were thinking about doing. We would call them up and say, "How are you securing your industrial control systems today?" and just listen.” - Joshua Steinman

“We really learned to go in, us. Instead of imposing what we thought the problem would be for other asset owners, really let them tell us what their problems were. So that was pr...

When will hard infrastructure have machine learning capabilities? It might be sooner than you think. Ariel Stern, formerly an engineer in the Israeli Ministry of Defense and a civil infrastructure project manager, currently CEO of Ayyeka, which offers remote monitoring for industrial Internet of Things (IoT) systems. Ariel has a forward-looking approach to creating resilience in critical infrastructure…anticipating that we are entering a new era for critical infrastructure….from IoT data creation, management, and analysis to advanced Artificial Intelligence pattern recognition and prediction.

Is this science fiction? Join us to learn how the technology that can crea...

On May 12, 2021, the Biden Administration issued an Executive Order “On Improving the Nation’s Cybersecurity.”  This came in the wake of  ransomware attacks drawing national attention: Solar Winds, Colonial Pipeline, and more.

We take a deep dive into the Executive Order, and what it means for public and private efforts to keep our critical infrastructure safe with two attorneys and cybersecurity experts.

Megan Brown is a Partner at Wiley Rein. She has deep expertise in cybersecurity and data privacy issues, working for national and global companies on cutting edge compliance and risk management.  

Liz Whart...

In February, severe winter storms and an electricity generation failure left almost 5 million people in Texas without power, leading to hundreds of deaths, and a shortage of heat, food and water. The Electric Reliability Council of Texas (ERCOT) manages the flow of electric power to more than 26 million Texas customers. How did the massive power failure happen? What does this power outage suggest about the resilience of our critical infrastructure?

Beth Garza, former director of ERCOT and senior fellow at the R Street Institute, answers these questions and more. Over the course of her 35-year career in...