Nexus: A Claroty Podcast

ICS Advisory Project founder Dan Ricci joins the Nexus Podcat to discuss how to turn operational technology (OT) and cyber-physical systems (CPS) visibility into actual risk reduction. Dan describes the need to distinguish between asset lists and actual asset inventories, what those differences are, and how to make the most of the information made available. Device data such as firmware versions, protocol identification, and more are vital to other aspects of the OT and CPS protection program, including exposure management and segmentation initiatives.
Dan wrote more on this topic in this article: “From Inventory to Insight: Turning OT Visibility into Concrete Risk Reduction.” 
This interview was pulled from Episode 4 of Nexus Digest. 
Subscribe and listen to the Nexus Podcast here.

Krista Arndt, the Associate Chief Information Security Officer (CISO) at the St. Luke's University Health Network, a 15-hospital health system in Pennsylvania and New Jersey, joins the Nexus Podcast to discuss cybersecurity and resilience in a large hospital system. 
Krista and her team talk about the role of healthcare cybersecurity teams in ensuring patient safety, and some of the ongoing challenges in keeping medical devices and the healthcare network available and resilient to attack. 
Krista also discusses a microsegmentation project implemented through Elisity that helped remove blockers impeding innovation around robotic surgical systems. 
Subscribe and listen to the Nexus Podcast here.

Jon Holzbauer, OT Systems Manager at Silgan Containers, joins the Nexus Podcast to discuss where IT security teams and OT operations run into challenges in protecting these diverse complicated environments in manufacturing. A clash of approaches may lead to rash decisions around cybersecurity that could disrupt key processes or impact safety and reliability. 
This interview was pulled from Episode 3 of Nexus Digest, a monthly recap of content published on Nexus. 
Subscribe and listen to the Nexus Podcast here.

Ric Derbyshire, a Principal Security Researcher at Orange Cyberdefense and an Honorary Researcher at Imperial College London, joins the Nexus Podcast to discuss how attackers are able to gain lateral movement across operational technology (OT) assets through a tactic known as Living Off the Plant.
Similar to Living-off-the-Land attacks, Living-Off-the-Plant TTPs leverage native functionality specific to OT, with a potential negative impact on physical assets and safety concerns. 
Subscribe and listen to the Nexus Podcast here.

Rapid7 Principal Security Research (IoT) lead Deral Heiland joins the Nexus Podcast to discuss work his team did on how attackers might weaponize cellular-based IoT. 
Rapid7 conducted three phases of this research, with the most recent digging into how attackers with access to these systems can abuse them to gain unauthorized access, potentially exfiltrate critical data, or pivot into backend network infrastructure. 
Subscribe and listen to the Nexus Podcast here. 
Read the Rapid7 research report.