Most organizations ask one question:
“Are we compliant?”

The question that actually matters is:
“Will we still be operating when things go wrong?”

In this Threat Talks episode, Lieuwe Jan Koning speaks with Jasper Nagtegaal about what NIS2 is really trying to change - and why cyber resilience fails when organizations treat it as a policy exercise instead of a business risk.

This isn’t about regulators.
It’s about how digital risk is explained, understood, and acted on - from technical teams to the boardroom - and why organizations that meet NIS2 in practice think very differently from those that end up explaining them.

• (00:15) - Fine or resilience: the question that changes everything
• (02:20:26) - Why cyber incidents are business failures, not IT failures
• (05:30:35) - NIS2 in plain terms: resilience over compliance
• (06:35:31) - Building resilience before incidents — not after fines
• (13:31:12) - Risk-based focus: you can’t protect everything
• (16:12:37) - Why consequences still matter - and when they appear
• (18:37:18) - What cybersecurity can learn from aviation, energy & healthcare
• (18:18) - Why digital risk is still treated as a compliance burden
• (05:18:14) - Why cyber regulation works differently across countries
• (09:14:13) - What to do tomorrow: risk, boards, and real accountability
• (21:13:28) - Wrap: resilience first, compliance follows

Click here to view the episode transcript.

You’re Port Control. A vessel requests entry.
No captain. No crew. Just autonomy.

In maritime cybersecurity, the risk isn’t that the ship is autonomous.
It’s that you no longer know who’s steering.

Lieuwe Jan Koning (Co-Founder & CTO, ON2IT) joins Stephen McCombie (Professor of Maritime IT Security, NHL Stenden) and Hans Quivooij (CISO, Damen Shipyards) to expose the illusion of control in autonomous shipping - where technology moves fast, responsibility blurs, and regulation lags behind.

• (00:05) - No captain, just code: the Port Control dilemma
• (02:05:15) - Autonomous shipping is here - and it’s remote by design
• (06:15:48) - When it crashes: who owns the blame (and the bill)?
• (07:38:12) - Ready or not: why “keeping watch” breaks at sea
• (10:12:49) - Predictable = steerable: the risks most teams miss
• (13:49:46) - Visibility vs compromise: when the ship becomes a weapon
• (18:46:10) - The mindset shift: from castles to constant compromise
• (20:10:45) - Regulation gap: high impact, low control
• (21:45:50) - Too late? Only if you stay blind to real threats
• (01:50:19) - Stop splitting IT and OT: defend vessels like HQ
• (05:19:42) - Put it on the agenda: ask better questions, run scenarios
• (09:42:22) - Wrap: make it tangible, build security into autonomy

Related ON2IT content & explicitly referenced resources
Before the Mayday: Cyber Attacks at Sea: https://www.youtube.com/watch?v=4rxWUmjbYOo
Hack the Boat episode: https://www.youtube.com/watch?v=Xa0TJ3eRTCw
Threat Talks: https://threat-talks.com/
ON2IT (Zero Trust as a Service): https://on2it.net/
AMS-IX: https://www.ams-ix.net/ams

Threat Talks connects cyber threats to operational reality - every week.
Subscribe and turn on notifications to stay ahead of emerging cyber threats across IT, OT, and critical infrastructure.

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
===
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

Could Stuxnet happen again - this time at sea?

In this Threat Talks episode, host Lieuwe Jan Koning sits down with Professor Stephen McCombie, global expert in maritime cybersecurity, to unpack real-world cyber attacks on critical infrastructure and why the maritime sector is dangerously exposed.

From GPS spoofing and insider threats to aging ship systems and state-sponsored attacks, this conversation reveals how maritime cyber risk is no longer theoretical - it’s already disrupting global trade, safety, and geopolitics.

If your organization depends on shipping, ports, or industrial OT environments, this is an episode you really shouldn’t ignore.

• (00:00) - – 01:15 Why Cyber Attacks at Sea Matter
• (01:15) - – 04:01 What Makes the Maritime Industry Uniquely Vulnerable
• (04:01) - – 07:15 Legacy Ships vs. Modern Ships: Where the Real Risk Lies
• (07:15) - – 13:17 Stuxnet and the Blueprint for Physical Cyber Attacks
• (13:17) - – 14:17 Today’s Biggest Maritime Cyber Threats
• (14:17) - – 17:04 Learning from Real Incidents: The MCAT Database
• (17:04) - – 23:19 Real Attacks at Sea: Insider Threats & GPS Spoofing
• (24:34) - – 33:11 From Awareness to Action: Solutions That Actually Help
• (33:11) - – 37:25 The Ship Honeynet: Detecting Attacks Before the Mayday
• (37:25) - – 38:24 End Key Takeaways & What Comes Next

Related ON2IT Content & Referenced Resources
Threat Talk episode - Hack the Boat: https://youtu.be/Xa0TJ3eRTCw?si=oQPhu4iyfVJEh0CQ
Threat Talk episode - Maritime Cyber Attack Database: https://maritimecybersecurity.nl/
Threat Talk website: https://threat-talks.com/
ON2IT website: https://on2it.net/
AMS-IX website: https://www.ams-ix.net/ams
https://www.mcatdatabase.org/
https://www.nhlstenden.com/
https://www.marinetraffic.com/

Click here to view the episode transcript.

Subscribe and turn on notifications to stay ahead of emerging cyber threats across IT, OT, and critical infrastructure.

🔔 Follow and Support our channel! 🔔
===
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX