Living With Dirty Cyber Assets
The theme for S4x22 was No Limits. In my 10-minute opening of the event, I suggested one way to break free from limits is to take conventional wisdom and flip it. Look at the world as if the opposite were true. I gave three examples, and my favorite was: flipping...Can We Share Information? (Log4j and CODESYS)
It started with Bryan Owen’s reply to a tweet. Was hoping response for Incontroller/Pipedream would have been a rally call to inventory ICS with embedded Codesys. A community approach similar to Log4j inventory could have been lead by @cisagov — bryan owen...
The ICS Dichotomy of Surface Area
I finished up Volume 3 of The Great Mental Models and the model, or concept, that has me thinking is Surface Area. Where we need to reduce it and where we need to expand it. The application to security is obvious and used in the chapter. We want to minimize the attack...
Will CISA Recommend Securing ICS?
Hold on – – – hasn’t CISA since its birth and DHS before that recommended securing ICS? No, not really. The recommendations have been keep the attackers out, perform cyber hygiene, and detect attacks, but they have rarely recommended the monitoring...Hope In The ICS Security Workforce
We had the pleasure of hosting ~800 ICS security professionals in Miami South Beach last week at S4x22. While the record number of attendees was a good sign of the growing attention being paid to ICS security, it was the composition of the attendees that is even more...
Shields Up For ICS
The US CISA put out a Shields Up advisory in conjunction with Russia’s invasion of Ukraine. It’s probably necessary, as they would have been disparaged if they didn’t, and not terribly useful. The recommendations were primarily the same as they have been...
Let’s Talk: Level 0 and Risk Management
Three topics for this week’s article: Importance, Risk Management, and Level 0 Risk Reduction. Importance Joe Weiss, who I call the Paul Revere of ICS security for his yeoman’s work raising the alarm in the 2000 – 2010 decade, was not a fan of my...
Pivot To Process Variable Anomaly Detection
Summary: Vendors who are focused on compromise of Level 0 to Level 1 communications should pivot to process variable anomaly detection. There are a handful of vendors (Siga being the most active, Mission Secure, Fortiphyd, … and a couple I likely missed) who focus on...