This is a shorter solo-sode rather than the typical interview format. I wanted to hold off on making any COVID-19 analysis or comments until the rawness and shock of the event had subsided somewhat....read more
IT Security May Be Harder To Change My article two weeks ago, Isaac Newton, Inertia and OT Security, discussed that OT Security / Operations inertia and IT security inertia was preventing progress in securing ICS, and how COVID-19 could be an unbalanced force to...read more
Ralph Langner of Langner, Inc. and Zach Tudor of INL join me on the S4x20 Closing Panel. This is always one of the most fun and highly rated session at S4. https://traffic.libsyn.com/secure/unsolicitedresponse/2020-11_S4x21_Closing_Panel.mp3 We cover a lot of ground...read more
No Insecure By Design ICS Should Be Pre-Qualified On May 1st President Trump issued an Executive Order On Securing the United States Bulk-Power System. This Executive Order could create a list of pre-qualified ICS equipment and vendors, as noted in the excerpt...read more
Isaac Newton's First Law of Motion: An object at rest stays at rest and an object in motion stays in motion with the same speed and in the same direction unless acted upon by an unbalanced force. And his second law of motion states that acceleration of an object is...read more
I’ve been pulled into discussions in social and in the OnRamp and Highway ICS Security training the past two weeks on which of the five NIST CSF Functions (Identify, Protect, Detect, Respond, Recover) should be prioritized in an ICS...read more
This podcast is the audio from my S4x20 Main Stage interview with electric sector and ICS legend Ed Schweitzer. He was the perfect person to interview related to the event theme: Create The Future in OT and ICS security. It's a wide ranging and fun interview. (Ed has...read more
Cyber risk, and ICS cyber threat in particular, could be charted as a growing wave, with perceived risk increasing every year, about to crash ... until the COVID-19 pandemic. The diagram below is from the Solarium report issued just last month, although the chart...read more
Winner of the 2020 Michael J. Assante ICS Security Lifetime Achievement Award Bryan and I were scheduled to go skiing prior to ICSJWG in Park City. With that squashed we decided to record a podcast instead. Bryan and I begin with what winning the Michael J. Assante...read more
April 2000 was my introduction to ICS. A water organization with a canal found the Digital Bond website, and asked if we could do a cybersecurity security assessment of their SCADA system. Being a consultant and owner of a struggling start-up, of course the answer was...read more
Marty Edwards has worked for an ICS asset owner, INL, DHS, ISA and late last year he made the move to a security product vendor, Tenable. This happened at the same time that Tenable acquired Indegy for $78M, indicating they are serious about OT security space. I talk...read more
Something Your Team Can Do During This April Work From Home Time Many asset owners have the minimal staff on site required to continue ICS-related operations, and have put projects on hold until the full staff can return. Which means those non-essential are working...read more
A big challenge facing any team trying to deal with OT and ICS cyber risk is getting executive leadership and the Board of Directors support and leadership on this issue. The problems that arise tend to be related to communication styles, understanding of what is...read more
It's a good time for some future casting to break the focus on the dismal present. The history of automation, in ICS and elsewhere, has been about reducing the number of people it takes to accomplish a task. It is amazing to see how a handful of people can operate a...read more
Sergio began his career doing threat intelligence in the US Government's NSA and now is the VP of Threat Intel at Dragos. We focus in this episode on where the data for threat intel is obtained, how the threat intel product is created, and how it should be used by an...read more
And This Is A Good Thing The long awaited U.S. Cyberspace Solarium Commission Report came out and received very little attention given more pressing pandemic events. And this is a good thing. I'll provide some critique and then, to be fair, provide my...read more
In this episode Dale Peterson interviews Sandworm author and Wired Senior Writer Andy Greenberg on the S4x20 Main Stage. They focus on the ICS issues in the story. http://traffic.libsyn.com/unsolicitedresponse/20-5_Andy_Greenberg.mp3 The discussion includes: What led...read more
Note: This week has been full of depressing events, and our main hope is for everyone to get through this safely. The future will be brighter, and let's use some of this time of isolation to figure out what we want and start...read more
My most vivid early experience with 'it won't work in ICS' was in 2006. We had received a DHS research contract to develop Snort intrusion detection signatures and preprocessors for ICS protocols (originally Modbus and DNP3). I was presenting the working solution at a...read more
The tables are turned in this episode of the Unsolicited Response podcast with Kelly Jackson Higgins of Dark Reading interviewing Dale in the S4x20 Green Room. Kelly has been coming to S4 and covering the ICS security space for over seven years, and this experience...read more
Seth Godin wrote this in a recent daily blog post: You Can't Say You Can't Play. Lenny Levine was a great kindergarten teacher. And he ran his class by this one rule. It means that if another kid comes along, you need to include them in your game. That's it. This is...read more
I spoke with two Digital Bond alumni and Lord Remorin at the S4x20 Cabana Sessions about a wide ranging set of technical topics. http://traffic.libsyn.com/unsolicitedresponse/2020-3_Cabana_Sessions.mp3 Reid Wightman, Principal Vulnerability Analyst at Dragos What he...read more
I've made three predictions to date in my analysis of the ICS detection market, and now I'm adding a fourth. The first three are: The 'we only do passive, active is dangerous' mantra will be replaced as asset owners realize adding legitimate ICS active requests...read more
Dale Peterson interviews Megan Samford of Rockwell Automation in the S4x20 Green Room. The main topic is Megan's idea of an Incident Command System for Industrial Control Systems (ICS4ICS). While working for the State of Virginia, Megan was active with and saw first...read more
Increase In Community Size/Talent and "The Dip" In December I was preparing my 15-minute mini-keynote to kick off for S4x20 in January, and I was having a hard time finding anything truly unique or significant change in ICS security in 2019. So I asked eight people I...read more
We created a lot of great content at S4x20, including a number of interviews that we will be releasing in the podcast. This episode is my ~30 minute interview with DHS CISA Director Chris Krebs in the S4x20 Green Room....read more
Article Archive By Year
Article Archive By Category
Everything 2020 is on COVID-19 hold
S4x21 ... Jan 26-28 in Miami South Beach
Save the date. CFP open June 1st - Aug 15th.
2019 PAST EVENTS
S4x20 ... Jan 21 - 23 in Miami South Beach
Make sure you mark your calendar for the largest and most advanced OT / ICS Security event. And you can catch up on past S4 on the S4xEvents YouTube Channel.
Sept 19-20 in Sochi, Russia
I'll give a keynote at the Kaspersky Industrial Cybersecurity Conference 2019. I spoke at this event in 2017, and Kaspersky is always a tremendous host.
Sept 12 in Phoenix
I spoke at a private company event.
April 11th in Cebu
A private event where I'll discuss the future of attacks on and defense of Level 1 devices (PLC's). A lot changed in 2018, and this is just a hint as to what is coming.