Blake Sobczak, a reporter for Energy & Environment News, has been on fire lately with his coverage of electric sector cybersecurity. It seems like I’m consistently retweeting his stories and putting them into my Friday News & Notes email (are you subscribed?). So I brought him on the podcast to talk about it.

To me the most interesting discussion starting at 34:55 about decisions to cover stories that are promoted by ICS security vendors. We dig into the CyberReason Honeypot story coverage vs the similar NERC Lessons Learned story that got almost no coverage. We also compare the CyberReason Honeypot story to the Dragos Raspite story. How does Blake determine whether these single source, obvious promotional stories are credible to cover.

Also in this podcast:

  • The DHS sensationalized briefings on threats to the US Electric Sector that were quickly walked back
  • The political struggle between NERC / FERC / DoE / DHS and Utilities on electric sector cybersecurity
  • How utilities are dealing with regulatory risk and security risk


This episode was sponsored by CyberX. Founded by military cyber experts with nation-state expertise defending critical infrastructure, CyberX has developed an end-to-end platform for continuous ICS threat monitoring and risk mitigation.

Check out the CyberX Global ICS and IIoT Risk Report and my podcast from last year on the report with Phil Neray.