Episode Details

Volt Typhoon spent years pre-positioning inside US critical infrastructure. Salt Typhoon pulled off one of the largest espionage campaigns in history. They didn't break in. They were already there.

So what do you actually do about it?

Caitlin Clarke, Senior Director of Cybersecurity Services at Venable and former Special Assistant to the President for Cybersecurity and Emerging Technology, joins Lieuwe Jan Koning, Co-founder and CTO at ON2IT Cybersecurity, to work through the practical steps security leaders should be taking right now, before the regulatory guidance catches up with the threat.

What's in this episode for you:

• A clearer view of what's actually in your stack. Hardware is the easy part. Software updates, open source libraries, AI-generated code, outsourced R&D — any of it could be adversarial, and most teams have never asked.
• A practical way to map your supply chain before you have to. Fourth party. Nth party. Vendor exit strategies baked into business continuity. Procurement and security in the same room before the purchase, not after the incident.

A framing that goes beyond the technical. Insider risk. IP theft. Economic espionage. Nation state actors target people and research, not just networks — and that's the gap most organizations leave wide open.

 Timestamps

00:00 – Introduction: Critical Infrastructure and the Nation State Threat

01:45 – Volt Typhoon, Salt Typhoon and Why CISOs Need to Think Differently

03:21 – What Is Actually in Your Stack: Critical Infrastructure Cybersecurity Beyond Hardware

09:32 – Mapping Your Supply Chain Including Your Supplier's Suppliers

16:34 – Software, Open Source and AI: The Layers of Risk Most Organizations Have Not Mapped

21:59 – Insider Risk, IP Theft and Economic Security + Wrap Up

Key Topics Covered

• Why cost-driven procurement decisions create long-term security exposure
• How to map your supply chain including your supplier's suppliers
• What the Huawei rip-and-replace experience tells us about waiting too long
• How software, open source and AI-generated code extend the risk beyond hardware
• Why insider risk and IP theft belong in the same conversation as supply chain security

Resources

• Threat Talks – New US Cyber Strategy https://youtu.be/KIByq-ynIZA
• Threat Talks: https://threat-talks.com/  
• ON2IT (Zero Trust as a Service): https://on2it.net/   
• AMS-IX: https://www.ams-ix.net/ams    

 Subscribe to Threat Talks and turn on notifications for deep dives into the world’s most active cyber threats and hands-on exploitation techniques.

🔔 Follow and Support our channel! 🔔

 === 

► YOUTUBE:    / @threattalks  

► SPOTIFY: https://open.spotify.com/show/1SXUyUE...

► APPLE: https://podcasts.apple.com/us/podcast...

👕 Receive your Threat Talks T-shirt

https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️

https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX