EP 65: Hacking Critical Infrastructure Through Supply Chains
Critical Infrastructure software lacks the strict liability standards found in industries like automotive manufacturing, leading to minimal accountability for insecure products when they get exploited. Alex Santos, CEO of Fortress Information Security, explains how they’re typically hired by buyers of ICS equipment—such as utilities—to assess and mitigate supply chain risks, including working with OEMs to improve security.
--------
30:22
--------
30:22
EP 64: Volt Typhoon
While cybersecurity threats targeting critical infrastructure, particularly focusing on the vulnerabilities of operational technology (OT) and industrial control systems (ICS).mostly originate on the business or IT side, there’s increasing concern about attacks crossing into OT, which could result in catastrophic consequences, especially in centralized systems like utilities. Michael Welch, managing director from MorganFranklin Cyber, discusses how Volt Typhoon and other attacks are living off the land, and lying in wait.
--------
43:44
--------
43:44
EP 63: Chief Hacking Officer
This is a story about a Chief Hacking Officer who draws on his expertise in physical and virtual security assessments—along with some intuitive AI-driven coding—to safeguard Operational Technology. Colin Murphy of Frenos and Mitnick Security talks about how some of his early assessment work with Kevin Mitnick is helping him with OT security today.
--------
27:04
--------
27:04
EP 62: Defending the Unknown in OT Security
ROI is always a tricky subject in cybersecurity. If you’re paying millions of dollars in securing your OT networks, you’d want to be able to show that it was worth it. Andrew Hural of UnderDefense talks about the need for continuous vigilance, risk management, and proactive defense, acknowledging both the human and technological elements in cybersecurity and how just because something didn’t happen doesn’t mean that it didn’t.
--------
31:38
--------
31:38
EP 61: Applying Zero Trust to OT systems
Zero Trust is a security model based on default-deny policies and fine-grained access control governed by identity, authentication, and contextual signals. For RSAC 2025, John Kindervag, Chief Evangelist of Illumio and the creator of Zero Trust, talks about introducing a "protect surface" into legacy OT systems —isolating critical data, applications, assets, or services into secure zones for targeted Zero Trust implementation.
Error Code is a biweekly narrative podcast that provides you both context and conversation with some of the best minds working today toward code resilience and dependability. Work that can lead to autonomous vehicles and smart cities. It’s your window in the research solving tomorrow’s code problems today.
Netherlands