2020 Articles

Operations Has More Mass And More Unbalanced Force

Operations Has More Mass And More Unbalanced Force

IT Security May Be Harder To Change My article two weeks ago, Isaac Newton, Inertia and OT Security, discussed that OT Security / Operations inertia and IT security inertia was preventing progress in securing ICS, and how COVID-19 could be an unbalanced force to...

read more
Podcast: S4x20 Closing Panel

Podcast: S4x20 Closing Panel

Ralph Langner of Langner, Inc. and Zach Tudor of INL join me on the S4x20 Closing Panel. This is always one of the most fun and highly rated session at S4. https://traffic.libsyn.com/secure/unsolicitedresponse/2020-11_S4x21_Closing_Panel.mp3 We cover a lot of ground...

read more
The Back Door Is Irrelevant If The Front Door Is Open

The Back Door Is Irrelevant If The Front Door Is Open

No Insecure By Design ICS Should Be Pre-Qualified On May 1st President Trump issued an Executive Order On Securing the United States Bulk-Power System. This Executive Order could create a list of pre-qualified ICS equipment and vendors, as noted in the excerpt...

read more
Isaac Newton, Inertia and OT Security

Isaac Newton, Inertia and OT Security

Isaac Newton's First Law of Motion: An object at rest stays at rest and an object in motion stays in motion with the same speed and in the same direction unless acted upon by an unbalanced force. And his second law of motion states that acceleration of an object is...

read more
Interview with Inventor & Legend Ed Schweitzer

Interview with Inventor & Legend Ed Schweitzer

This podcast is the audio from my S4x20 Main Stage interview with electric sector and ICS legend Ed Schweitzer. He was the perfect person to interview related to the event theme: Create The Future in OT and ICS security. It's a wide ranging and fun interview. (Ed has...

read more
ICS Cyber Threat Perception: From Wave To Barbell

ICS Cyber Threat Perception: From Wave To Barbell

Cyber risk, and ICS cyber threat in particular, could be charted as a growing wave, with perceived risk increasing every year, about to crash ... until the COVID-19 pandemic. The diagram below is from the Solarium report issued just last month, although the chart...

read more
Podcast: Interview with Bryan Owen of OSIsoft

Podcast: Interview with Bryan Owen of OSIsoft

Winner of the 2020 Michael J. Assante ICS Security Lifetime Achievement Award Bryan and I were scheduled to go skiing prior to ICSJWG in Park City. With that squashed we decided to record a podcast instead. Bryan and I begin with what winning the Michael J. Assante...

read more
20 Years Since My First SCADA Security Assessment

20 Years Since My First SCADA Security Assessment

April 2000 was my introduction to ICS. A water organization with a canal found the Digital Bond website, and asked if we could do a cybersecurity security assessment of their SCADA system. Being a consultant and owner of a struggling start-up, of course the answer was...

read more

Podcast: Tenable’s OT Strategy with Marty Edwards

Marty Edwards has worked for an ICS asset owner, INL, DHS, ISA and late last year he made the move to a security product vendor, Tenable. This happened at the same time that Tenable acquired Indegy for $78M, indicating they are serious about OT security space. I talk...

read more

ICS Consequence Reduction Off-Site Exercise

Something Your Team Can Do During This April Work From Home Time Many asset owners have the minimal staff on site required to continue ICS-related operations, and have put projects on hold until the full staff can return. Which means those non-essential are working...

read more

More Engineers, Fewer Operators in ICS Future

It's a good time for some future casting to break the focus on the dismal present. The history of automation, in ICS and elsewhere, has been about reducing the number of people it takes to accomplish a task. It is amazing to see how a handful of people can operate a...

read more

Podcast: ICS Threat Intel with Sergio Caltagirone

Sergio began his career doing threat intelligence in the US Government's NSA and now is the VP of Threat Intel at Dragos. We focus in this episode on where the data for threat intel is obtained, how the threat intel product is created, and how it should be used by an...

read more

Solarium Report Eclipsed By Pandemic

And This Is A Good Thing The long awaited U.S. Cyberspace Solarium Commission Report came out and received very little attention given more pressing pandemic events. And this is a good thing. I'll provide some critique and then, to be fair, provide my...

read more
Create The Future Of OT & ICS Security

Create The Future Of OT & ICS Security

Note: This week has been full of depressing events, and our main hope is for everyone to get through this safely. The future will be brighter, and let's use some of this time of isolation to figure out what we want and start...

read more

It Won’t Work In ICS … Until It Does

My most vivid early experience with 'it won't work in ICS' was in 2006. We had received a DHS research contract to develop Snort intrusion detection signatures and preprocessors for ICS protocols (originally Modbus and DNP3). I was presenting the working solution at a...

read more
Kelly Jackson Higgins Interviews Dale

Kelly Jackson Higgins Interviews Dale

The tables are turned in this episode of the Unsolicited Response podcast with Kelly Jackson Higgins of Dark Reading interviewing Dale in the S4x20 Green Room. Kelly has been coming to S4 and covering the ICS security space for over seven years, and this experience...

read more

Everyone Can Play In OT / ICS Security

Seth Godin wrote this in a recent daily blog post: You Can't Say You Can't Play. Lenny Levine was a great kindergarten teacher. And he ran his class by this one rule. It means that if another kid comes along, you need to include them in your game. That's it. This is...

read more
Megan Samford – ICS4ICS

Megan Samford – ICS4ICS

Dale Peterson interviews Megan Samford of Rockwell Automation in the S4x20 Green Room. The main topic is Megan's idea of an Incident Command System for Industrial Control Systems (ICS4ICS). While working for the State of Virginia, Megan was active with and saw first...

read more

2019 – What Changed in ICS Security?

Increase In Community Size/Talent and "The Dip" In December I was preparing my 15-minute mini-keynote to kick off for S4x20 in January, and I was having a hard time finding anything truly unique or significant change in ICS security in 2019. So I asked eight people I...

read more
Interview with CISA Director Krebs

Interview with CISA Director Krebs

We created a lot of great content at S4x20, including a number of interviews that we will be releasing in the podcast. This episode is my ~30 minute interview with DHS CISA Director Chris Krebs in the S4x20 Green Room....

read more

UPCOMING EVENTS

Everything 2020 is on COVID-19 hold

 

S4x21 ... Jan 26-28 in Miami South Beach

Save the date. CFP open June 1st - Aug 15th. 

2019 PAST EVENTS

S4x20 ... Jan 21 - 23 in Miami South Beach

Make sure you mark your calendar for the largest and most advanced OT / ICS Security event. And you can catch up on past S4 on the S4xEvents YouTube Channel.

Sept 19-20 in Sochi, Russia

I'll give a keynote at the Kaspersky Industrial Cybersecurity Conference 2019. I spoke at this event in 2017, and Kaspersky is always a tremendous host.

Sept 12 in Phoenix

I spoke at a private company event.

April 11th in Cebu

A private event where I'll discuss the future of attacks on and defense of Level 1 devices (PLC's). A lot changed in 2018, and this is just a hint as to what is coming.

 

 

2020-Articles

by | Mar 15, 2020