Energizing Cybersecurity - Ep 60
03/22/23 • 25 min
Virginia “Ginger” Wright is the Energy Cybersecurity Portfolio Manager for Idaho National Laboratory’s Cybercore division within its National and Homeland Security directorate. She leads programs focused on cybersecurity and resilience of critical infrastructure for the Department of Energy, DARPA [Defense Advanced Research Projects Agency] and other government agencies.
Her recent research areas include cyber supply chain for operational technology components, instant response, critical infrastructure modeling and simulation and nuclear cybersecurity.
Some quotes from this episode:
"Idaho National Laboratory is the only national laboratory that is focused on nuclear energy. Part of that legacy was in testing what are today normal commercial nuclear installations and understanding where the boundaries of either operational resilience were, or the boundaries of particular material and installation methods that would cause that infrastructure to fail. We have, of course, taken that ability to turn things into failure and use that to develop our own adversary guided thinking about defensive cybersecurity."
"In the energy infrastructure, we have devices that are in regular use today that are decades old. In the IT world, I have Patch Tuesday where every week my critical infrastructure is updated. Then after about three years. I toss it and I get another one that is completely and wholly built on the more modern incarnation of technology. When we think about operational technology, applications, energy or water, we certainly can't re-engineer those systems on that cycle of replacement. So often we may not be able to patch or the technology that we are using is so old that the vendor is now no longer supporting patches."
"I think a lot of engineers understand materials that they build with. They understand wood, concrete, but they don't often get taught to think about digital systems in the same way they think about materials - that these systems have stress points and failure points and they can be trusted to a certain level but after that we need to build protections into our system to protect us from the ways that they can fail or be brought to failure by an adversary"
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]
As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings.
Virginia “Ginger” Wright is the Energy Cybersecurity Portfolio Manager for Idaho National Laboratory’s Cybercore division within its National and Homeland Security directorate. She leads programs focused on cybersecurity and resilience of critical infrastructure for the Department of Energy, DARPA [Defense Advanced Research Projects Agency] and other government agencies.
Her recent research areas include cyber supply chain for operational technology components, instant response, critical infrastructure modeling and simulation and nuclear cybersecurity.
Some quotes from this episode:
"Idaho National Laboratory is the only national laboratory that is focused on nuclear energy. Part of that legacy was in testing what are today normal commercial nuclear installations and understanding where the boundaries of either operational resilience were, or the boundaries of particular material and installation methods that would cause that infrastructure to fail. We have, of course, taken that ability to turn things into failure and use that to develop our own adversary guided thinking about defensive cybersecurity."
"In the energy infrastructure, we have devices that are in regular use today that are decades old. In the IT world, I have Patch Tuesday where every week my critical infrastructure is updated. Then after about three years. I toss it and I get another one that is completely and wholly built on the more modern incarnation of technology. When we think about operational technology, applications, energy or water, we certainly can't re-engineer those systems on that cycle of replacement. So often we may not be able to patch or the technology that we are using is so old that the vendor is now no longer supporting patches."
"I think a lot of engineers understand materials that they build with. They understand wood, concrete, but they don't often get taught to think about digital systems in the same way they think about materials - that these systems have stress points and failure points and they can be trusted to a certain level but after that we need to build protections into our system to protect us from the ways that they can fail or be brought to failure by an adversary"
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]
As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings.
Previous Episode
And the Oscar for the Best Cybersecurity Movie Goes To... - Ep 59
Did you think the Oscar ceremony was over? Not quite. In this episode of Reimagining Cyber Extra! Stan & Rob are handing out the awards to the best cybersecurity movies ever made. What are they? You'll have to listen to find out, but here are a few clues:
- "The first movie I recall that was really focused on cybersecurity & hacking."
- "They sort of come upon this capability of decrypting anything and flash forward to our era or maybe 10 years from now when we're potentially able to use quantum computing to be able to crack any of the existing crypto algorithms, maybe it's not that far fetched."
- "He hacked into the school computer system. He changes his grades, his attendance records. He's figured out the little loophole on how he can actually have a day for himself"
- "There's a sequence of knocking down different parts of the critical infrastructures in the US, and the Feds are running around having no clue as to how to stop or fix this. They're always behind the curve. Which could be realistic unfortunately."
- They're embezzling the money back out of the system. So they're “Hey, we're gonna slide under the radar. We're gonna take a little bit of the cash, pull it across and then we're out" But the worm goes out and spreads further, so much money that they now have a bigger issue to deal with."
- "The NSA gets involved and there's all these thugs that steal a laptop, et cetera, et cetera. She comes across as somebody who's very resourceful, whether it be on a computer or physically and again there's lots of great action"
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]
As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings.
Next Episode
US National Cybersecurity Strategy and EU Cyber Resilience Act - Ep 61
In this episode, Rob and Stan look at a couple of drives to impose law and order on cybersecurity.
First the new US National Cybersecurity Strategy for the US.
“I actually see this as being a pretty sharp break from the past. If it's fully implemented, I think the potential to change the US cybersecurity posture will significantly be improved for the better.”
“The strategy does put an emphasis on holding software vendors more directly responsible for the security of their technologies. And it recognizes that if left to its own devices, the software market many times rewards vendors that under invest in security and get things out to market faster. It’s been proven time and time again that market pressures are not necessarily going to result in more secure products.”
“This is going to take time. They're talking about a 10 year window here for the cybersecurity act....so the implementation of this through various administrations who may have different priorities is going to be interesting.”
Rob and Stan also reflect on how the US strategy compares to the the EU Cyber Resilience Act, revealed in September 2022.
“They actually are very focused on personal data and ensuring that there's the protection and confidentiality and integrity of the data of the individuals. There are vulnerability disclosures that are required from the manufacturers.”
"If you are to improve compliance, you're not doing business in the EU. That's the one that really resonates, right? That's what's going to make people say “Well, I have to if I want to be able to generate the type of business I require from the entire EU marketplace.”"
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]
As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings.
Reimagining Cyber - real world perspectives on cybersecurity - Energizing Cybersecurity - Ep 60
Transcript
[00:00:00] Rob Aragao: Well welcome everyone to the Reimagining Cyber podcast and Stan, do you know what today is? It's our 50th anniversary. Our 50th episode. Imagine that. Who would've thought just about over two years ago, right when we launched this and what we thought we would do is there's been so many.
[00:00:22] Rob Aragao: conversations we've had with the guests that we brought on, it's difficult to pick one or two or three so we decided we're g
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/reimagining-cyber-real-world-perspectives-on-cybersecurity-221738/energizing-cybersecurity-ep-60-28905876"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to energizing cybersecurity - ep 60 on goodpods" style="width: 225px" /> </a>
Copy