dalepeterson, Author at Dale Peterson: ICS Security Catalyst

USG Reset … What About Private Industry?

26 Aug 2025 | 2025

I had a number of public comments and private “yes, and” conversations after last week’s US Government (USG) Reset article similar to: just as government needs to show results, so does industry. Outside of entrenched, IT specific security providers,...

Week 35: Cyber Security At Unmanned Sites

25 Aug 2025 | A Year In OT Security

Good security practice requires user authentication on all systems and applications. It also requires users to logout or be locked out when they physically leave the area or leave the cyber asset idle for too long. Many OT environments and cyber assets don’t follow...

US Government Reset On OT Security Is An Opportunity

19 Aug 2025 | 2025

CISA and other US government departments have accomplished little in OT cyber security and risk management over the past two decades. There has been an increase in funding and activity, not results. While the loss of talent and capability this year in the USG is...

Week 34: Evaluate Physical Security Of OT Cyber Assets At Manned Sites

18 Aug 2025 | A Year In OT Security

You probably aren’t a physical security expert. I’m not. We should rely on people with domain expertise to design and evaluate physical security. Your task this week is to evaluate the physical security assumptions and plan at OT manned sites and areas. What are...

It Won’t Work In OT

12 Aug 2025 | 2025

What Will Fall Next? A common refrain for any new proposed technology: It Won’t Work In OT. A short and incomplete list or examples: 90’s: Windows and Ethernet (yes, there was a battle with many experts insisting Windows workstations and servers connected by Ethernet...

Week 33: Review And Update The Removable Media And Portable Computer Policy

11 Aug 2025 | A Year In OT Security

In a perfect world, all removable media and portable computers connected to OT would be dedicated to OT. They would only be connected and used on OT. Never on IT or any other network. One way to achieve this is to deploy data transfer servers in an OT DMZ that can...

Week 32: Identify How Updates, Information, & Applications Are Brought Into The OT Environment

4 Aug 2025 | A Year In OT Security

Many OT security professionals have busted the airgap myth by asking questions on how software or firmware updates, schedules, recipes, anti-virus signatures, or applications are brought into the OT environment. They often are brought in through the approved OT...

Quantum Cryptography In OT?

30 Jul 2025 | 2025

We’ve received a few proposed sessions on quantum cryptography in OT in our S4x26 Call For Presentations. This isn’t new. We’ve received these every year this decade. They don’t get selected. Why? S4’s motto is Create The Future. While...

Week 31: Internal Segmentation Review

28 Jul 2025 | A Year In OT Security

Your task this week will vary based on the type of system you operate. Asset owners with SCADA have more work this week. SCADA Systems SCADA systems monitoring and controlling geographically dispersed systems, such as pipelines, electric grids, and water delivery,...

What We Know – Stuxnet 15 Years Later

23 Jul 2025 | 2025

The US House Homeland Security Committee’s subcommittee on Cybersecurity and Infrastructure Protection is holding a hearing today entitled Fully Operational: Stuxnet 15 Years Later and the Evolution of Cyber Threats To Critical Infrastructure. Two of the four...