Quantum Cryptography In OT?

Quantum Cryptography In OT?

We’ve received a few proposed sessions on quantum cryptography in OT in our S4x26 Call For Presentations. This isn’t new. We’ve received these every year this decade. They don’t get selected. Why? S4’s motto is Create The Future. While...

Week 31: Internal Segmentation Review

Your task this week will vary based on the type of system you operate. Asset owners with SCADA have more work this week. SCADA Systems SCADA systems monitoring and controlling geographically dispersed systems, such as pipelines, electric grids, and water delivery,...
What We Know – Stuxnet 15 Years Later

What We Know – Stuxnet 15 Years Later

The US House Homeland Security Committee’s subcommittee on Cybersecurity and Infrastructure Protection is holding a hearing today entitled Fully Operational: Stuxnet 15 Years Later and the Evolution of Cyber Threats To Critical Infrastructure. Two of the four...

Week 30: Securing Cloud Service Access To OT

Predictive maintenance, efficiency studies and controls, security monitoring, and other cloud services can offer real benefits to asset owners. This trend of vendors offering, and asset owners using, cloud services is almost certain to increase. The challenge is to...
Is EU Cybersecurity Regulation Effective?

Is EU Cybersecurity Regulation Effective?

We can’t answer that question yet, and it’s the time to figure out how we will measure their effectiveness. The EU and its member states are working furiously to figure out how to regulate, implement, and audit the Cyber Resilience Act (CRA) and Network...
Real Cyber Incident Data … First Half 2025

Real Cyber Incident Data … First Half 2025

Let’s start with the data, then the analysis. Source: Notes on the data: A material cyber incident should be reported in an 8K as an Item 1.05. The SEC also encourages reporting of cyber attacks that are immaterial or pending material determination in an 8K as...
Shields Up Redux … Did They Ever Come Down?

Shields Up Redux … Did They Ever Come Down?

The warnings went out after the US bombing of the Iranian nuclear facilities. Be prepared for an increased likelihood of an Iranian cyber attack. Shields Up! This is reasonable, perhaps even responsible to give this warning. The problem is there is no real guidance on...