Most cybersecurity conversations focus on stolen data, breached accounts, and attacks that live entirely on screens. This episode looks at a far more consequential threat: what happens when cyberattacks target the physical systems that keep society running. Power, water, transportation, and manufacturing. When those systems fail, the consequences aren't just digital. They're immediate, visible, and sometimes dangerous.
My guest is Lesley Carhart, Technical Director of Incident Response at Dragos, a cybersecurity firm focused exclusively on protecting critical infrastructure. Lesley specializes in industrial control systems and operational technology, investigating real-world attacks against power plants, water systems, transportation networks, and industrial facilities built on aging, irreplaceable technology.
We talk about why these environments are uniquely vulnerable, how ransomware groups and nation-state actors quietly gain long-term access, and why many compromises go undetected for years. The conversation also explores the limits of traditional cybersecurity thinking, the real-world constraints operators face, and what organizations can realistically do to improve security when failure isn't an option.
Show Notes:
- [01:30] Lesley Carhart is here and explains what operational technology is and why industrial systems are uniquely vulnerable
- [03:40] How decades-old computers still run power plants, water systems, and transportation infrastructure
- [06:10] Why industrial environments can't simply patch, upgrade, or shut systems down
- [08:25] The mindset shift required when safety and continuity matter more than stopping an intrusion
- [10:40] Why air-gapped systems are mostly a myth in modern critical infrastructure
- [13:15] How remote access became unavoidable—and one of the biggest risk factors
- [16:05] The three main threat categories facing industrial systems: ransomware, insiders, and nation-state actors
- [18:45] Why ransomware is especially damaging in power, water, and manufacturing environments
- [21:30] How nation-state attackers quietly establish footholds years before taking action
- [24:20] Why many industrial compromises go undetected for months—or even years
- [27:10] What incident response looks like when you can't just "pull the plug"
- [30:05] The most common causes of industrial failures: human error, maintenance issues, and environment
- [32:40] A surprising incident that looked like a nation-state attack—but wasn't
- [34:55] Why critical infrastructure organizations often feel pressure to pay ransoms
- [37:00] Practical starting steps for organizations with aging, mission-critical systems
- [39:20] Advice for people interested in industrial cybersecurity and working with legacy technology
- [42:10] Why mentorship matters and why Lesley chooses to give back to the field
Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.
Links and Resources:
