Start / Nexus: A Claroty Podcast / Richard thomas joe gardiner on cve discovery time for ics

Richard Thomas, Joe Gardiner on CVE Discovery Time for ICS

41 min • 24 november 2020

Richard Thomas of the University of Birmingham and Joseph Gardiner of the Bristol Cyber Security Group, University of Bristol, discuss their recently published paper: "Catch Me If You Can: An In-Depth Study of CVE Discovery Time and Inconsistencies for Managing Risks in Critical Infrastructures." The paper examines how long ICS and OT vulnerabilities are in the wild before being discovered, and also shortcomings in ICS-related CVEs, which are often the first touch organizations have with vulnerabilities on their networks. Learn how long vulnerabilities are present before they're uncovered, and exactly what the gap is between CVE information and the details about affected products. The researchers also share recommendations for suggested improvements.

Senaste avsnitt

Richard Thomas, Joe Gardiner on CVE Discovery Time for ICS

Senaste avsnitt

Austin Allen on the Cybersecurity Realities Facing Healthcare

Gentry Lane on the Use of 'Salami Cuts' in Cyber Conflict

Pedro Umbelino on Exploiting ATG Devices in Fuel Storage

Steven Sim on OT-ISAC and the State of Information Sharing

Sarah Fluchs on the Cyber Resilience Act

Andrew Ohrt on Cyber-Informed Engineering

Megan Stifel on the Impact of the Ransomware Task Force

Joe Slowik on Identifying Truly 'Critical' Infrastructure

Danielle Jablanski on Critical Infrastructure Protection

Cassie Crossley on Hardware Security, HBOMs

Christiaan Beek on Ransomware's Evolution and Economics

Florence Hudson on the IEEE/UL 2933 Clinical IOT Cybersecurity Standard

Mike Holcomb on Starting and Succeeding in OT Cybersecurity

Ron Fabela on Low-Skilled OT and ICS Threat Actors

Munish Walther-Puri on Creating a Scale for Cybersecurity Incidents

Brian Foster on the Risks of a Hyperconnected Grid

CISA's Matthew Rogers on Secure by Demand for OT

Noam Moshe on the IOCONTROL Malware

Team82 on Attacking the Insecure IoT Cloud

Volexity's Steven Adair on the Nearest Neighbor Attack

Joe Saunders on Advanced Cyberattacks Against Critical Infrastructure

Grant Geyer on the Business Impact of Disruptions from Cyberattacks

Alethe Denis on Social Engineering, Red-Teaming

Alon Dankner on Extracting Crypto Keys from PLCs

Noam Moshe on Extracting Forensic Data from Unitronics PLCs

Alexander Antukh on Cyber Risk Quantification

Vincente Diaz on Using AI for Malware Analysis

Ahmik Hindman on Patching OT and ICS

Dr. Bilyana Lilly on Information Warfare

Vinnie Liu on Offensive Security Testing During Incidents

Diana Kelley on Protecting the AI Lifecycle

Jennifer Minella on OT Cybersecurity Convergence

Charles Blauner on the Changing Role of the CISO

Mikko Hypponen on a Decade of Corporate Ransomware Attacks

Adm. Michael Rogers on Geopolitics and Cybersecurity

Abel Archundia on Complexity in Critical Infrastructure

Adam Gluck on Industrial DevOps

Greg Garcia on the Change Healthcare Cyberattack

Ryan Pickren on New Web-Based PLC Malware Research

Mike Rogers on Understanding a CISO's Personal Exposure in Cyber Incidents

Team82 Answers More of your OT Cybersecurity Questions

Juan Piacquadio on Securing Pharma 4.0

David Elfering on CISOs and Cyber Liability Insurance

Team82 Answers Your Vulnerability Research Questions

Mandiant on Sandworm APT Attacks in Ukraine

Don Weber on Security Culture in Control Environments, STAR Methodology

MITRE on Caldera for OT

Jim LaBonty on the OT Security Stack

Stephen Reynolds on Protecting the CISO During Incident Investigations

Team82 on NAS Research, OPC UA Exploit Framework

Bishop Fox on OSDP Weaknesses Putting Secure Facilities at Risk

Jennifer Lyn Walker on Cybersecurity Risks in the Water Sector

Kathleen Moriarty on CIS' IoT Security Guidance

Walter Risi on the CISO's Journey from IT to OT

Noam Moshe on Teltonika 4G IIoT Router Cybersecurity Research

Charles Carmakal on Cybersecurity Threats to Healthcare

Lorrie Cranor on IoT Security and Privacy Labels

Skip Sorrels on the 405(d) HICP, Healthcare Cybersecurity

Dave Elfering on Cyber Liability Insurance

Vera Mens on Akuvox E11 Vulnerabilities

Adm. Mike Rogers on the National Cybersecurity Strategy

Katherine Gronberg on the Federal Government and OT/IoT Cybersecurity

Noam Moshe on a Generic WAF Bypass Technique

Sharon Brizinov on Hacking IoT

Joe Slowik on TRITON Malware, XENOTIME Hacking Group

Inside Team82's EvilPLC Attack

Sarah Fluchs Revisits the Top 20 Secure PLC Coding Practices List

Vergle Gipson on Cyber-Informed Engineering

Noam Moshe on the Evil PLC Attack

Dan Gunter on Threat Hunting in Industrial Control Systems

Dan Ricci on the ICS Advisory Project

Vera Mens on Hacking Flow Computers

Don C. Weber on ICS Cybersecurity Training, Education

Idaho National Lab on the INL Control Environment Laboratory Resource (CELR)

Thomas Schmidt and Martin Scheu on the Common Security Advisory Framework

Daniel Kapellmann Zafra on Incontroller/Pipedream ICS Attack Tools

Sharon Brizinov on Hacking and Securing PLCs

Kylie McClanahan on Automating the Gathering of Vulnerability Information