dalepeterson, Author at Dale Peterson: ICS Security Catalyst

Week 32: Identify How Updates, Information, & Applications Are Brought Into The OT Environment

4 Aug 2025 | A Year In OT Security

Many OT security professionals have busted the airgap myth by asking questions on how software or firmware updates, schedules, recipes, anti-virus signatures, or applications are brought into the OT environment. They often are brought in through the approved OT...

Quantum Cryptography In OT?

30 Jul 2025 | 2025

We’ve received a few proposed sessions on quantum cryptography in OT in our S4x26 Call For Presentations. This isn’t new. We’ve received these every year this decade. They don’t get selected. Why? S4’s motto is Create The Future. While...

Week 31: Internal Segmentation Review

28 Jul 2025 | A Year In OT Security

Your task this week will vary based on the type of system you operate. Asset owners with SCADA have more work this week. SCADA Systems SCADA systems monitoring and controlling geographically dispersed systems, such as pipelines, electric grids, and water delivery,...

What We Know – Stuxnet 15 Years Later

23 Jul 2025 | 2025

The US House Homeland Security Committee’s subcommittee on Cybersecurity and Infrastructure Protection is holding a hearing today entitled Fully Operational: Stuxnet 15 Years Later and the Evolution of Cyber Threats To Critical Infrastructure. Two of the four...

Week 30: Securing Cloud Service Access To OT

21 Jul 2025 | A Year In OT Security

Predictive maintenance, efficiency studies and controls, security monitoring, and other cloud services can offer real benefits to asset owners. This trend of vendors offering, and asset owners using, cloud services is almost certain to increase. The challenge is to...

Is EU Cybersecurity Regulation Effective?

16 Jul 2025 | 2025

We can’t answer that question yet, and it’s the time to figure out how we will measure their effectiveness. The EU and its member states are working furiously to figure out how to regulate, implement, and audit the Cyber Resilience Act (CRA) and Network...

Week 29: Is Your OT Remote Access Necessary And Worth The Risk?

14 Jul 2025 | A Year In OT Security

Now that your OT remote access is secured, determine if the allowed remote access is necessary. Ideally user interactive remote access to OT for the purpose of performing control or administration should be rare. If this is the case, consider if it’s feasible to have...

Real Cyber Incident Data … First Half 2025

9 Jul 2025 | 2025

Let’s start with the data, then the analysis. Source: Notes on the data: A material cyber incident should be reported in an 8K as an Item 1.05. The SEC also encourages reporting of cyber attacks that are immaterial or pending material determination in an 8K as...

Week 28: Does Your OT Remote Access Require Multi-Factor Authentication?

7 Jul 2025 | A Year In OT Security

Most of the targeted, OT specific attacks, where the adversary has lived on the OT for many months, began with a compromise of remote access to OT. The limited OT cyber incident data we have clearly shows that multi-factor authentication (MFA) for OT remote access is...

Shields Up Redux … Did They Ever Come Down?

2 Jul 2025 | 2025

The warnings went out after the US bombing of the Iranian nuclear facilities. Be prepared for an increased likelihood of an Iranian cyber attack. Shields Up! This is reasonable, perhaps even responsible to give this warning. The problem is there is no real guidance on...