Week 45: Create Cybersecurity Call Outs

3 Nov 2025 | A Year In OT Security

Call outs are common in Operations. If this happens, contact this person, take this action, watch this reading, order this maintenance, … Your task this week is to create OT detection call outs, the beginning of response. These call outs are actions assigned to roles....
Two OT Security Debates

Two OT Security Debates

21 Oct 2025 | 2025

We’ve had some great debates on the S4 stage. One of my favorites was a debate I had with Eric Byres entitled Is Eric Byres a SCADA Apologist or a SCADA Realist?. The key to a good debate is to find an issue where a 10% – 25% minority of the audience has a...

Week 43: OT Security Log Management

20 Oct 2025 | A Year In OT Security

Security logs are essential in incident response and after incident investigations. Do you know: What OT security related logs you have? where they are? where they’re archived?  who is responsible for the log?  would the log still be available after a cyber incident? ...
Water Treatment Honeynet Incident Analysis

Water Treatment Honeynet Incident Analysis

14 Oct 2025 | 2025

Forescout’s Verdere Labs reported that a honeynet posing as a water treatment system was compromised by TwoNet, a Russian-aligned group. According to the blog entry TwoNet caused: Defacement: Login page changed to HACKED BY BARLATI, F*** Process Disruption:...
OT Is The Venice Of Security Infrastructure

OT Is The Venice Of Security Infrastructure

7 Oct 2025 | 2025

I get tired of writing that 90%+ of the OT protocols used to communicate with PLC’s and other Level 1 devices (and Level 0 … hello Joe) are insecure by design. They lack cryptographic authentication of the source or contents, intentionally. They were...

Week 41: Identify OT Detection Information Sources

6 Oct 2025 | A Year In OT Security

Before you go out and spend a lot of resources to purchase, deploy, and run a sophisticated OT cyber detection system, ask yourself if you are taking advantage of existing, higher fidelity detection sources.  This week’s task is to use interview and brainstorming...
What Is The True Level Of OT Cyber Incidents?

What Is The True Level Of OT Cyber Incidents?

1 Oct 2025 | 2025

This article attempts to frame the question after my back and forth with Robert M. Lee last Friday. Question: How many cyber attacks are resulting in non-trivial consequence events in OT / Operations? Stipulation 1: Ransomware and other causes of outages on IT cyber...

Week 40: Review ICS Access Control

29 Sep 2025 | A Year In OT Security

Access control is one area where ICS have had robust security controls for decades. These access controls can be customized down to the point or tag level, although this is rarely required. Remember our goal is to enforce least privilege. A user should only be able to...