dalepeterson, Author at Dale Peterson: ICS Security Catalyst

What’s Next For DHS / CISA In OT Security?

14 May 2025 | 2025

I’ve had the chance to interview the last three leaders of DHS’s OT security efforts at S4 (only missing out on Seán Paul McGurk). For good or bad, the message has been consistent. Emphasis on information sharing, public / private partnership, new .gov...

Week 20: What Is Your “Island Mode”? Your Response To A Compromise On IT

12 May 2025 | A Year In OT Security

Your IT network has been compromised. Your OT network seems to be working fine, but you’re worried that the compromise will spread to OT. What do you do? Colonial Pipeline faced this situation in 2021 when ransomware infected their IT network. Their response? Shut...

Anecdotes Are Not Data

6 May 2025 | 2025

A large part of OT Security marketing is based around anecdotes. Some anecdotes are real. This small water utility was hacked and a tank overflowed. This manufacturer had ransomware and had to shut down certain factory operations for three days. This rail system was...

Week 19: What Systems On IT Does OT Rely On?

5 May 2025 | A Year In OT Security

The most frequent category of a cyber attack caused outage in OT and Operations, is ransomware infecting systems on the IT network, also called the corporate or enterprise network. Stated another way, most cyber incidents causing an outage in Operations never reach...

Frenos: Is “Continuous and Autonomous OT Assessment” A Sustainable Product Category?

30 Apr 2025 | 2025

Frenos is hot. They won the Datatribe Challenge, and then raised $3.88M in a seed round led by Datatribe. They got Rob Lee on their Advisory Board. And the founders have hired some well known talent in the space such as Tony Turner and Vivek Ponnada. There...

Week 18: Develop The Cost / Risk Reduction Package To Get Funding

28 Apr 2025 | A Year In OT Security

Common complaint in OT security: the company won’t spend money on OT security. This week you begin to experience the joy of getting funding for your OT cyber risk reduction project. Let’s review this month’s activities: You’ve identified and understood the safety and...

“Discovering ICS Vulns Is So Yesterday”

22 Apr 2025 | 2025

Love this comment from Bryan Owen on one of my posts. Discovering ICS vulns is so yesterday, discovering implants is the new, new thing. In observation, there needs to be more emphasis and coverage on discovered implants… otherwise sponsors of defensive programs...

Week 17: Prevent OT Compromise From Affecting Safety And Protection

21 Apr 2025 | A Year In OT Security

If any of your failure scenarios from last week required isolating the safety and protection devices and systems from OT, then this week you will design your solution. Note: Even if you don’t need to isolate your safety and protection you should read this section. The...

Mythology and Metrics

15 Apr 2025 | 2025

OT Security needs metrics. I originally wrote more metrics, but we have almost no metrics. We includes asset owners, governments, vendors, industry groups, … We shouldn’t be funding anything that doesn’t include a hypothesis and a metric that will...

Week 16: No High Consequence Events If (When?) OT Is Compromised

14 Apr 2025 | A Year In OT Security

Last week you identified failure scenarios that could cause a high consequence event when OT is compromised. This week’s task is simple and important. For each failure scenario from Week 15, identify a solution that would prevent the high consequence event if OT were...