Deconstructing risk can help focus where we should be spending our time and money to reduce risk. Most security controls in OT reduce the likelihood of a cyber incident that causes an impact on operations. How much of a reduction of likelihood, and consequentially...

Europe has taken the initiative from the US in OT security. The Cyber Resilience Act (CRA) and NIS2 Directive will impact vendors, integrators, and asset owners who are active in the EU. And I'm standing on the outside watching with great interest. I was invited to be...

One reason new ideas, concepts, and methodologies fail is they take too long to try and get early wins. I think CIE is in danger of becoming a well-documented, good comprehensive methodology, and ultimately failed approach to a problem. This is not an argument against...

Recently I wrote about the dichotomy between the reports and experts annually citing a big increase in the cyber threat to OT systems and the year after year tiny actual impact of cyber attacks on OT. Outside of ransomware on IT, not reaching OT, affecting Operations,...

My favorite OT security vendor threat / incident report was released last week: The Waterfall / ICS Strive 2026 OT Cyber Threat Report. It's my favorite because of their criteria of "cyber incidents causing physical impacts" and because they include the data on each...

The impact of OT cyber incidents, excluding ransomware on IT, has been less than 1% of all cause OT outages and OT related financial loss. A motivated and skilled OT cyber attacker could cause a high or catastrophic incident on many OT systems in almost every sector....

Where does the media get the information and quotes that turn a couple of residential swimming pools of water spilling out of a water tank (Muleshoe) into a major story and congressional hearing ... from us, the OT security community. Since we are part of the problem,...

Below is what I intended to say on stage. It always varies a little bit live. The video will be out next week. Each S4 Conference has a single word theme. This year's theme is Connect. Connections are exciting, unpredictable, scary, they bring opportunity, and for...

2025 saw two of the four top tier OT detection + asset inventory vendors get acquired. First Mitsubishi Electronics acquired Nozomi Networks at a valuation of $950M (read my analysis of the Nozomi acquisition). Then last month ServiceNow announced they will be...

I'm finishing my 25th year focused on OT security (called SCADA security when I started, then ICS security, and now OT security). So many failures, successes, changed analysis, and lessons learned over that time. Here are 3 lessons that I wish hadn't taken me so long...