dalepeterson, Author at Dale Peterson: ICS Security Catalyst

Is EU Cybersecurity Regulation Effective?

16 Jul 2025 | 2025

We can’t answer that question yet, and it’s the time to figure out how we will measure their effectiveness. The EU and its member states are working furiously to figure out how to regulate, implement, and audit the Cyber Resilience Act (CRA) and Network...

Week 29: Is Your OT Remote Access Necessary And Worth The Risk?

14 Jul 2025 | A Year In OT Security

Now that your OT remote access is secured, determine if the allowed remote access is necessary. Ideally user interactive remote access to OT for the purpose of performing control or administration should be rare. If this is the case, consider if it’s feasible to have...

Real Cyber Incident Data … First Half 2025

9 Jul 2025 | 2025

Let’s start with the data, then the analysis. Source: Notes on the data: A material cyber incident should be reported in an 8K as an Item 1.05. The SEC also encourages reporting of cyber attacks that are immaterial or pending material determination in an 8K as...

Week 28: Does Your OT Remote Access Require Multi-Factor Authentication?

7 Jul 2025 | A Year In OT Security

Most of the targeted, OT specific attacks, where the adversary has lived on the OT for many months, began with a compromise of remote access to OT. The limited OT cyber incident data we have clearly shows that multi-factor authentication (MFA) for OT remote access is...

Shields Up Redux … Did They Ever Come Down?

2 Jul 2025 | 2025

The warnings went out after the US bombing of the Iranian nuclear facilities. Be prepared for an increased likelihood of an Iranian cyber attack. Shields Up! This is reasonable, perhaps even responsible to give this warning. The problem is there is no real guidance on...

Week 27: Evaluate And Improve Your OT DMZ

30 Jun 2025 | A Year In OT Security

De-militarized zones (DMZ), semi-trusted zones, are a common electronic security perimeter good practice. The firewall segmenting IT from the Internet will often have one or more DMZ to limit direct Internet to IT network communication. A web server, database...

What Problem Are You Solving?

24 Jun 2025 | 2025

The application for S4x26 Proof of Concept (POC) Pavilion begins with a simple question. What problem is your product or service solving? The POC Pavilion will have a highly realistic asset owner OT environment. (You can watch the reveal of Pavilion provider, system,...

Week 26: Evaluate Your OT Electronic Security Perimeters

23 Jun 2025 | A Year In OT Security

Take the information gathered in Week 24 on your OT electronic security perimeters and evaluate the risk related to each communication allowed through the OT electronic security perimeter. This is typically a rule by rule analysis. If you have a well-documented...

Possible Isn’t A Compelling Argument

17 Jun 2025 | 2025

In a recent LinkedIn post Andrew Ginter made the case that legal liability is an argument for investing in cybersecurity. That those responsible for managing risk, and cybersecurity in particular, should put in place “reasonable” security controls to...

Week 25: Detour … S4x26 Call For Presentations … What’s Your Passion?

16 Jun 2025 | A Year In OT Security

The S4x26 Call For Presentations (CFP) opens this week and runs through August 31st. Information is available at s4xevents.com/cfp. Early submission improves your chances of getting on the S4 stage as we review submissions as they come, rather than waiting until the...