I’m trying something a bit different in this short 22 minute episode. I rant about two flawed ICS mantras that are gaining traction and detract from useful discussions, and there is an overview of the S4x19 agenda and OnRamp training.

 

1:47 Mantra: “If you are in critical infrastructure, you will be targeted. If you are targeted, you will be compromised.”

Andy Bochman and others at INL. This is pure FUD, and I explain a more reasonable and helpful adaptation of this.

14:06 Mantra: “If it isn’t secure, it isn’t safe.”

Not necessarily FUD, but just wrong and could have asset owners chasing down security issues that don’t impact safety. Also, are you ever going to make the claim that something is secure?

Links


This episode was sponsored by CyberX. Founded by military cyber experts with nation-state expertise defending critical infrastructure, CyberX has developed an end-to-end platform for continuous ICS threat monitoring and risk mitigation.

Check out the CyberX Executive Guide to the NIS Directive.