dalepeterson, Author at Dale Peterson: ICS Security Catalyst

Week 38: Get Your S4x26 Ticket And Hotel Room

15 Sep 2025 | A Year In OT Security

S4x26 tickets go on sale on Sept 15th at 12:01 AM EDT (New York). We hold the best price, the ticket 1 – 100 price, for the first 36 hours. We were at ticket block 501 – 750 after the first 36 hours of S4x25 ticket sales. You saved $550 if you bought a ticket in those...

We Won, We Lost (Part 2)

9 Sep 2025 | 2025

Check out Part 1 here. We Won: An OT Security Community There is a thriving OT security community in 2025. This is a huge win. We started S4 in 2007 because there was no place where one of our researchers could present the first publicly disclosed OT vulnerabilities...

Week 37: Develop An OT Security Patching Program And Schedule

8 Sep 2025 | A Year In OT Security

Last week you identified the types and number of OT cyber assets in each of the three security patching categories. This week you will take this information and develop an OT Security Patching Program and Schedule. Remember the guiding factor is efficient risk...

We Won, We Lost (Part 1)

2 Sep 2025 | 2025

It’s been 24 years since the 9/11 attacks, and the beginning of serious OT security concerns. It’s been 15 years since Stuxnet was discovered. The results are an odd dichotomy. We Won – The Impact Of OT Cyber Incidents Has Been Minimal Experts have...

Week 36: Create Prioritized Security Patching Categories

1 Sep 2025 | A Year In OT Security

Security patching can be a high resource task if you try to apply security patches to all your OT cyber assets on a frequent basis, such as monthly or quarterly. The risk reduction achieved through this large effort is typically minimal given the insecure by design...

USG Reset … What About Private Industry?

26 Aug 2025 | 2025

I had a number of public comments and private “yes, and” conversations after last week’s US Government (USG) Reset article similar to: just as government needs to show results, so does industry. Outside of entrenched, IT specific security providers,...

Week 35: Cyber Security At Unmanned Sites

25 Aug 2025 | A Year In OT Security

Good security practice requires user authentication on all systems and applications. It also requires users to logout or be locked out when they physically leave the area or leave the cyber asset idle for too long. Many OT environments and cyber assets don’t follow...

US Government Reset On OT Security Is An Opportunity

19 Aug 2025 | 2025

CISA and other US government departments have accomplished little in OT cyber security and risk management over the past two decades. There has been an increase in funding and activity, not results. While the loss of talent and capability this year in the USG is...

Week 34: Evaluate Physical Security Of OT Cyber Assets At Manned Sites

18 Aug 2025 | A Year In OT Security

You probably aren’t a physical security expert. I’m not. We should rely on people with domain expertise to design and evaluate physical security. Your task this week is to evaluate the physical security assumptions and plan at OT manned sites and areas. What are...

It Won’t Work In OT

12 Aug 2025 | 2025

What Will Fall Next? A common refrain for any new proposed technology: It Won’t Work In OT. A short and incomplete list or examples: 90’s: Windows and Ethernet (yes, there was a battle with many experts insisting Windows workstations and servers connected by Ethernet...