Reimagining Cyber Episode #46: Energizing Cybersecurity: National Lab Perspective
« We got very good at testing things to failure. »
Virginia “Ginger” Wright is the Energy Cybersecurity Portfolio Manager for Idaho National Laboratory’s Cybercore division within its National and Homeland Security directorate. She leads programs focused on cybersecurity and resilience of critical infrastructure for the Department of Energy, DARPA [Defense Advanced Research Projects Agency], and other government agencies.
Her recent research areas include cyber supply chain for operational technology components, instant response, critical infrastructure modeling and simulation, and nuclear cybersecurity.
Some quotes from this episode:
« Idaho National Laboratory is the only national laboratory that is focused on nuclear energy. Part of that legacy was in testing what are today normal commercial nuclear installations and understanding where the boundaries of either operational resilience were or the boundaries of a particular material and installation methods that would cause that infrastructure to fail. We have, of course, taken that ability to turn things into failure and use that to develop our own adversary-guided thinking about defensive cybersecurity. »
« In the energy infrastructure, we have devices that are in regular use today that are decades old. In the IT world, I have Patch Tuesday, where every week, my critical infrastructure is updated. Then after about three years. I toss it, and I get another one that is completely and wholly built on the more modern incarnation of technology. When we think about operational technology, applications, energy, or water, we certainly can’t re-engineer those systems on that cycle of replacement. So often we may not be able to patch or the technology that we are using is so old that the vendor is now no longer supporting patches. »
« I think a lot of engineers understand materials that they build with. They understand wood and concrete, but they don’t often get taught to think about digital systems in the same way they think about materials – that these systems have stress points and failure points and they can be trusted to a certain level, but after that, we need to build protections into our system to protect us from the ways that they can fail or be brought to failure by an adversary. »
Listen on Apple, Buzzsprout, Stitcher, Google, and Spotify.
You can also check out the blog for this episode here: https://community.microfocus.com/cyberres/b/sws-22/posts/reimagining-cyber-podcast-energizing-cybersecurity-a-national-lab-perspective
Views : 3
cyber security
