))
Energizing Cybersecurity - Ep 60
Manage episode 358623762 series 3361845
内容由Reimagining Cyber提供。所有播客内容(包括剧集、图形和播客描述)均由 Reimagining Cyber 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal。
"We got very good at testing things to failure"
Virginia “Ginger” Wright is the Energy Cybersecurity Portfolio Manager for Idaho National Laboratory’s Cybercore division within its National and Homeland Security directorate. She leads programs focused on cybersecurity and resilience of critical infrastructure for the Department of Energy, DARPA [Defense Advanced Research Projects Agency] and other government agencies.
Virginia “Ginger” Wright is the Energy Cybersecurity Portfolio Manager for Idaho National Laboratory’s Cybercore division within its National and Homeland Security directorate. She leads programs focused on cybersecurity and resilience of critical infrastructure for the Department of Energy, DARPA [Defense Advanced Research Projects Agency] and other government agencies.
Her recent research areas include cyber supply chain for operational technology components, instant response, critical infrastructure modeling and simulation and nuclear cybersecurity.
Some quotes from this episode:
"Idaho National Laboratory is the only national laboratory that is focused on nuclear energy. Part of that legacy was in testing what are today normal commercial nuclear installations and understanding where the boundaries of either operational resilience were, or the boundaries of particular material and installation methods that would cause that infrastructure to fail. We have, of course, taken that ability to turn things into failure and use that to develop our own adversary guided thinking about defensive cybersecurity."
"In the energy infrastructure, we have devices that are in regular use today that are decades old. In the IT world, I have Patch Tuesday where every week my critical infrastructure is updated. Then after about three years. I toss it and I get another one that is completely and wholly built on the more modern incarnation of technology. When we think about operational technology, applications, energy or water, we certainly can't re-engineer those systems on that cycle of replacement. So often we may not be able to patch or the technology that we are using is so old that the vendor is now no longer supporting patches."
"I think a lot of engineers understand materials that they build with. They understand wood, concrete, but they don't often get taught to think about digital systems in the same way they think about materials - that these systems have stress points and failure points and they can be trusted to a certain level but after that we need to build protections into our system to protect us from the ways that they can fail or be brought to failure by an adversary"
"Idaho National Laboratory is the only national laboratory that is focused on nuclear energy. Part of that legacy was in testing what are today normal commercial nuclear installations and understanding where the boundaries of either operational resilience were, or the boundaries of particular material and installation methods that would cause that infrastructure to fail. We have, of course, taken that ability to turn things into failure and use that to develop our own adversary guided thinking about defensive cybersecurity."
"In the energy infrastructure, we have devices that are in regular use today that are decades old. In the IT world, I have Patch Tuesday where every week my critical infrastructure is updated. Then after about three years. I toss it and I get another one that is completely and wholly built on the more modern incarnation of technology. When we think about operational technology, applications, energy or water, we certainly can't re-engineer those systems on that cycle of replacement. So often we may not be able to patch or the technology that we are using is so old that the vendor is now no longer supporting patches."
"I think a lot of engineers understand materials that they build with. They understand wood, concrete, but they don't often get taught to think about digital systems in the same way they think about materials - that these systems have stress points and failure points and they can be trusted to a certain level but after that we need to build protections into our system to protect us from the ways that they can fail or be brought to failure by an adversary"
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com
104集单集
分享
