US Government Cybersecurity Performance: Activity – Success, Achievement – Who Knows?
Last week continued the deluge of documents and activity from the US Government on the nation's cybersecurity. The two most important for OT security were the 2024 Report On The Cybersecurity Posture Of The United States and the National Cybersecurity Strategy...
RSA Conference: OT Vs. IT Vs. Convergence
One of the first articles or presentations those new to OT generate is how OT is different from IT. Like other uses of T, there are tasks, goals and constraints that are different in OT than the employee desktop, application, server and infrastructure environment that...
Proposed Government Metric – Impacted People Days
This is the first in a series of articles on proposed government metrics (US and other) to measure the consequence of critical infrastructure OT cyber incidents. Impacted People Days - - The number of people impacted by an OT cyber incident multiplied by the number of...
US National Cybersecurity Strategy Implementation Plan V2.0
This is the first iteration of the Implementation Plan, which is a living document that will be updated annually. US National Cybersecurity Strategy Implementation Plan, July 2023 We should be seeing the annual update, Version 2.0, of the Implementation Plan this...
A Barbell Strategy For OT Security
The barbell strategy is most common in finance and became more widely known after its use in Taleb's Antifragile. Barbell Strategy: A dual strategy, a combination of two extremes, one safe and one speculative, deemed more robust than a “monomodal” strategy; often a...
Clorox Investor Cyber Incident Concerns
Lost Manufacturing Capacity & Recovering Shelf Space Clorox had suffered a cyber incident on their enterprise network, not OT, in August of 2023. They lost 26% of their manufacturing capacity during that quarter as they had to move to manual order processing....
Water Hysteria and Reality
Reality There has not been a publicly disclosed cyber incident on a US water utility’s OT system that has affected the delivery of safe, drinkable water for years. There has not been a publicly disclosed cyber incident that can even be called a near miss. Not...
Tough Times In The OT Security Job Market
There was one sour note amongst the good feelings as the S4 community met in early March - - some were missing because they had been laid off. Talented, innovative professionals who had their choice of jobs not too long ago. The OT security job market faced a...
The Security Floor … Not Secure By Design
It hit me during Megan Samford’s bullish comments on Secure By Design at the S4x24 Closing Panel. She believed it was possible to specify a minimum set of required security configuration parameters, development processes and security controls. While Megan referred to...
Gem: Minimal Viable Delivery Objective
This week a gem in the deluge of mostly repetitive cyber security information and initiatives coming out of the US Government. The President's Council of Advisors on Science & Technology (PCAST) issued their Strategy For Cyber-Physical Resilience. A lot of it is...
GET DALE'S ICS SECURITY NEWS & NOTES EMAIL EVERY FRIDAY
Article Archive By Year
Article Archive By Category
UPCOMING EVENTS
S4x24 ... 4 - 7 March 2024 in Miami South Beach
Save the date. For the biggest and most future focused on ICS Security Event.