2020 Articles

2020 Predictions – Right, Wrong & Pending

2020 Predictions – Right, Wrong & Pending

I made a number of predictions in 2020, some overlapping, in both my coverage of the detection market and as a feature of the monthly ICS security month in review episodes of the Unsolicited Response podcast. The predictions help with my analysis and hopefully...

read more
ICS Detection Market Analysis – Part 2

ICS Detection Market Analysis – Part 2

Since I began seriously covering the ICS Detection Space in 2016, the products were quite similar. They passively listened on switch span ports and taps to: create an asset inventory (and provide vulnerability management but not asset management)detect attacks...

read more
ICS Detection Market – Part 1

ICS Detection Market – Part 1

Part 1 looks at some of the major changes in the competitors focused primarily on the ICS detection market since the May update. Part 2 comes out next Tuesday and will map out where the competitors stand relative to each other and be a major change to the Tiers...

read more
Security Outcomes in ICS

Security Outcomes in ICS

Cisco recently published their 2021 Security Outcomes Study. It is worth a close look. Not so much for the results and conclusions applicable to the enterprise, but the methodology is worth adopting for the ICS environment. It would be great if ARC or someone...

read more

Grateful To Be In ICS Security

Happy Thanksgiving to my US readers. There is much to be thankful for if you are in the ICS security community. In my S4x20 keynote this past January, I contended that this is a great time to be in ICS security. https://youtu.be/IyLgMQEap44 Two months later, COVID...

read more
Chris Krebs Firing Changes What?

Chris Krebs Firing Changes What?

Is It Time To Change Mission, Or At Least Expectations, For DHS? President Trump's firing of CISA Director Chris Krebs on Tuesday served no purpose except for petty vengeance. In just over two months he would not have to deal with Chris or any other appointees. At a...

read more
Ransomware and ICS

Ransomware and ICS

Hype And Recovery A woman died in Germany concurrently with a ransomware attack on a hospital, and the media was flooded with articles about ransomware causing its first death. Wired's article this week, The Untold Story of a Cyber Attack, a Hospital and a...

read more

Podcast: October Month In Review

Jason Nations and I go over October’s top three stories plus our Win, Fail and Prediction of the month.

Russian hackers charged, ICS vendor security services, and risk metrics.

read more
Wanted: ICS Cloud Services Security Product

Wanted: ICS Cloud Services Security Product

The technology exists. It just isn't being marketed and sold for this need. The majority of ICS related cloud services currently deployed are for predictive maintenance and performance analysis. These are 'open loop' services. Open loop in the sense that the cloud...

read more

IEC 62443 Standards Are Ready For Their Close-Up

About every 18 months, I end up, as I am now, on a project where the asset owner wants to follow IEC 62443 security documents as closely as possible. As I re-read and use them, I'm struck by two things: There is a large amount of great content in the published and...

read more
Podcast: September ICS Security Month In Review

Podcast: September ICS Security Month In Review

The ICS Security Month in Review episodes cover two to three big stories from the month plus a win, a fail and a prediction. This month's stories include: S4x21's cancellation and S4x22 dates(7:01) Ransomware in ICS (12:30) SCIDMark and other ICS cyber incident...

read more
Podcast: ATT&CK For ICS Evaluations

Podcast: ATT&CK For ICS Evaluations

Detecting Triton Type Attacks In this episode I talk with Otis Alexander of MITRE about ATT&CK for ICS Evaluations. We begin with a discussion on ATT&CK and the ICS version of ATT&CK. If you are familiar with this, skip to 17:09 where we begin our...

read more
Podcast: Splunk’s OT Security Add-On

Podcast: Splunk’s OT Security Add-On

Most of the OT Detection and Asset Management solutions have developed 'integrations' with SIEMs, with Splunk and QRadar being the most common. I put integrations in quotes because they did little more than push alerts and events to the SIEMs with little context. This...

read more
Podcast: What OT Can Learn From IT

Podcast: What OT Can Learn From IT

We hear it all the time. OT is different than IT, and IT doesn't understand OT. People argue about IT/OT convergence. In all these discussions I believe two things are true. OT doesn't really understand IT, and the similar, but not identical, requirements that mission...

read more

Podcast: P.W. Singer – Author of Burn In

P.W. Singer and August Cole recently published their second work of fiction – Burn In: A Novel About The Real Robotic Revolution. While it is a fiction, it uses over 300 examples of what might happen as robotics and revolution change the world over the next two decades.

read more
Why Did Microsoft Acquire CyberX?

Why Did Microsoft Acquire CyberX?

The rumors started in February and became reality this week. Microsoft acquired CyberX. The price is not a material event for Microsoft. It will never be officially released. A recent article claimed the price was $165M, and I predicted it would be...

read more
Building & Using Digital Twins

Building & Using Digital Twins

An Interview with Mike Aylott of KBC There are many articles on digital twins that describe what they are and how they can help with predictive maintenance, efficiency studies, and other tasks of increasing interest and value. On the security side digital twins...

read more
Panama Canal: 3 Lessons

Panama Canal: 3 Lessons

I just finished David McCullough's book on the building of the Panama Canal. At 700-pages it's a bit of a slog so I can't recommend it, and yet there were so many fascinating stories and details. Here are my top three. Amazing Early Example Of A Control System...

read more
Podcast: Matt Wyckhouse of FiniteState

Podcast: Matt Wyckhouse of FiniteState

I interview Matt Wyckhouse, Founder and CEO of Finite State. They have a solution that tests ICS firmware to help with supply chain issues. We talk about starting a company, VC’s, firmware testing and business models.

read more
No Limits: More Than Moving To Remote and Virtual

No Limits: More Than Moving To Remote and Virtual

This January in Miami South Beach I announced the theme of S4x21 the following January: No Limits! We selected No Limits because our plan was to rethink every element of the event, unrestricted by what we did in the past or conference norms, AND we were going to place...

read more
ICS Security – Month In Review – May

ICS Security – Month In Review – May

I've been wanting to start adding a month in review episode to the Unsolicited Response podcast ever since I became a fan of the Pivot podcast. Have a looser conversation on the stories of the month and then predictions, wins and fails with someone in the ICS security...

read more
ICS Detection Market Q2 Update

ICS Detection Market Q2 Update

Part 2: Acquirers, Enterprise Vendors and Tier 3 See Part 1: COVID 19 Impact, Tier 2 and Tier 1 Analysis, and Valuation First the updated chart and then the analysis below. You will see big changes in Tiers 2 & 3. Funding data comes from Crunchbase. Acquirers and...

read more
Security Outcomes in ICS

ICS Detection Market Q2 Update

Part 1 - COVID 19 Impact, Tier 2 and Tier 1 Analysis, and Valuation My previous ICS Detection Market Update was in November, 2019. A lot has changed. Part 2 next week will include analysis of the acquirers, enterprise vendors and Tier 3. As always, huge respect for...

read more
Operations Has More Mass And More Unbalanced Force

Operations Has More Mass And More Unbalanced Force

IT Security May Be Harder To Change My article two weeks ago, Isaac Newton, Inertia and OT Security, discussed that OT Security / Operations inertia and IT security inertia was preventing progress in securing ICS, and how COVID-19 could be an unbalanced force to...

read more
Podcast: S4x20 Closing Panel

Podcast: S4x20 Closing Panel

Ralph Langner of Langner, Inc. and Zach Tudor of INL join me on the S4x20 Closing Panel. This is always one of the most fun and highly rated session at S4. https://traffic.libsyn.com/secure/unsolicitedresponse/2020-11_S4x21_Closing_Panel.mp3 We cover a lot of ground...

read more
The Back Door Is Irrelevant If The Front Door Is Open

The Back Door Is Irrelevant If The Front Door Is Open

No Insecure By Design ICS Should Be Pre-Qualified On May 1st President Trump issued an Executive Order On Securing the United States Bulk-Power System. This Executive Order could create a list of pre-qualified ICS equipment and vendors, as noted in the excerpt...

read more
Isaac Newton, Inertia and OT Security

Isaac Newton, Inertia and OT Security

Isaac Newton's First Law of Motion: An object at rest stays at rest and an object in motion stays in motion with the same speed and in the same direction unless acted upon by an unbalanced force. And his second law of motion states that acceleration of an object is...

read more
Interview with Inventor & Legend Ed Schweitzer

Interview with Inventor & Legend Ed Schweitzer

This podcast is the audio from my S4x20 Main Stage interview with electric sector and ICS legend Ed Schweitzer. He was the perfect person to interview related to the event theme: Create The Future in OT and ICS security. It's a wide ranging and fun interview. (Ed has...

read more
ICS Cyber Threat Perception: From Wave To Barbell

ICS Cyber Threat Perception: From Wave To Barbell

Cyber risk, and ICS cyber threat in particular, could be charted as a growing wave, with perceived risk increasing every year, about to crash ... until the COVID-19 pandemic. The diagram below is from the Solarium report issued just last month, although the chart...

read more
Podcast: Interview with Bryan Owen of OSIsoft

Podcast: Interview with Bryan Owen of OSIsoft

Winner of the 2020 Michael J. Assante ICS Security Lifetime Achievement Award Bryan and I were scheduled to go skiing prior to ICSJWG in Park City. With that squashed we decided to record a podcast instead. Bryan and I begin with what winning the Michael J. Assante...

read more
20 Years Since My First SCADA Security Assessment

20 Years Since My First SCADA Security Assessment

April 2000 was my introduction to ICS. A water organization with a canal found the Digital Bond website, and asked if we could do a cybersecurity security assessment of their SCADA system. Being a consultant and owner of a struggling start-up, of course the answer was...

read more

Podcast: Tenable’s OT Strategy with Marty Edwards

Marty Edwards has worked for an ICS asset owner, INL, DHS, ISA and late last year he made the move to a security product vendor, Tenable. This happened at the same time that Tenable acquired Indegy for $78M, indicating they are serious about OT security space. I talk...

read more

ICS Consequence Reduction Off-Site Exercise

Something Your Team Can Do During This April Work From Home Time Many asset owners have the minimal staff on site required to continue ICS-related operations, and have put projects on hold until the full staff can return. Which means those non-essential are working...

read more

More Engineers, Fewer Operators in ICS Future

It's a good time for some future casting to break the focus on the dismal present. The history of automation, in ICS and elsewhere, has been about reducing the number of people it takes to accomplish a task. It is amazing to see how a handful of people can operate a...

read more

Podcast: ICS Threat Intel with Sergio Caltagirone

Sergio began his career doing threat intelligence in the US Government's NSA and now is the VP of Threat Intel at Dragos. We focus in this episode on where the data for threat intel is obtained, how the threat intel product is created, and how it should be used by an...

read more

Solarium Report Eclipsed By Pandemic

And This Is A Good Thing The long awaited U.S. Cyberspace Solarium Commission Report came out and received very little attention given more pressing pandemic events. And this is a good thing. I'll provide some critique and then, to be fair, provide my...

read more
Create The Future Of OT & ICS Security

Create The Future Of OT & ICS Security

Note: This week has been full of depressing events, and our main hope is for everyone to get through this safely. The future will be brighter, and let's use some of this time of isolation to figure out what we want and start...

read more

It Won’t Work In ICS … Until It Does

My most vivid early experience with 'it won't work in ICS' was in 2006. We had received a DHS research contract to develop Snort intrusion detection signatures and preprocessors for ICS protocols (originally Modbus and DNP3). I was presenting the working solution at a...

read more
Kelly Jackson Higgins Interviews Dale

Kelly Jackson Higgins Interviews Dale

The tables are turned in this episode of the Unsolicited Response podcast with Kelly Jackson Higgins of Dark Reading interviewing Dale in the S4x20 Green Room. Kelly has been coming to S4 and covering the ICS security space for over seven years, and this experience...

read more

Everyone Can Play In OT / ICS Security

Seth Godin wrote this in a recent daily blog post: You Can't Say You Can't Play. Lenny Levine was a great kindergarten teacher. And he ran his class by this one rule. It means that if another kid comes along, you need to include them in your game. That's it. This is...

read more

UPCOMING EVENTS

S4x24 ... 4 - 7 March 2024 in Miami South Beach

Save the date. For the biggest and most future focused on ICS Security Event.

 

 

2020-Articles

by | Mar 15, 2020