OT Is The Venice Of Security Infrastructure

OT Is The Venice Of Security Infrastructure

I get tired of writing that 90%+ of the OT protocols used to communicate with PLC’s and other Level 1 devices (and Level 0 … hello Joe) are insecure by design. They lack cryptographic authentication of the source or contents, intentionally. They were...

Week 41: Identify OT Detection Information Sources

Before you go out and spend a lot of resources to purchase, deploy, and run a sophisticated OT cyber detection system, ask yourself if you are taking advantage of existing, higher fidelity detection sources.  This week’s task is to use interview and brainstorming...
What Is The True Level Of OT Cyber Incidents?

What Is The True Level Of OT Cyber Incidents?

This article attempts to frame the question after my back and forth with Robert M. Lee last Friday. Question: How many cyber attacks are resulting in non-trivial consequence events in OT / Operations? Stipulation 1: Ransomware and other causes of outages on IT cyber...

Week 40: Review ICS Access Control

Access control is one area where ICS have had robust security controls for decades. These access controls can be customized down to the point or tag level, although this is rarely required. Remember our goal is to enforce least privilege. A user should only be able to...
Disconnected: Manufacturing and OT Security

Disconnected: Manufacturing and OT Security

Last week I attended Inductive Automation’s Ignition Community Conference (ICC). Primarily to get smarter on what’s going on in bleeding edge manufacturing, but also to verify and understand why there is a disconnection between manufacturing automation /...

Week 39: Review OT User Accounts

Week 35 addressed user accounts for cyber assets at unmanned sites. This week you will perform a user account review on all OT systems as part of your OT cyber maintenance. Identify all OT applications, systems, and devices that have user accounts. These could be...
My OT Security Vendor Was Aquired … What Should I Do?

My OT Security Vendor Was Aquired … What Should I Do?

Here is an anonymized question I received after the Mitsubishi Electronics acquisition of Nozomi Networks. I have a project ongoing right now to select an asset inventory/detection product. This news hit right before our proof of concept phase, and obviously I...

Week 38: Get Your S4x26 Ticket And Hotel Room

S4x26 tickets go on sale on Sept 15th at 12:01 AM EDT (New York). We hold the best price, the ticket 1 – 100 price, for the first 36 hours. We were at ticket block 501 – 750 after the first 36 hours of S4x25 ticket sales. You saved $550 if you bought a ticket in those...
We Won, We Lost (Part 2)

We Won, We Lost (Part 2)

Check out Part 1 here. We Won: An OT Security Community There is a thriving OT security community in 2025. This is a huge win. We started S4 in 2007 because there was no place where one of our researchers could present the first publicly disclosed OT vulnerabilities...