Questions on AI in OT & ICS Security
Unsurprisingly the largest category of submissions to S4x25 CFP have been AI related. Almost all of these submissions could have been written by generative AI. A paragraph or three on how AI is an important, fast growing technology that will have a major impact on OT...
How Successful Is Your Standard?
Thomas Burke, longtime President of the OPC Foundation, had the best answer to this question in a podcast interview with Walker Reynolds. Success is measured by the level of adoption. That’s the key, when you go do anything with industry standards they’ve...
Embedded PLC Security Is Happening
From 2001, the advent of ICS security, until 2019 PLC security was a “bump-in-the-line”. Place a Tofino or other industrial security solution in the network path to secure network communication to and from the PLC. This was widely understood to be a...
How Would You Like Your OT Remote Access?
You can always count on Waterfall to take a different approach to solving a security need. (this is a good thing). They recently announced their Hardware Enforced Remote Access (HERA). HERA leverages Waterfall’s unidirectional technology (one-way, hardware enforced,...
FrostyGoop: 2004 Is Calling
And Still Awaiting Calls To Replace Unauthenticated Protocols Today Dragos released information on ICS malware they are calling FrostyGoop. The key lines from the release are: “It is the first ICS-specific malware that uses Modbus communications to achieve an...
The Next OT Security Product Market
The only OT security product market to date is OT Detection solutions (with a slice of asset inventory). It is led by Armis, Claroty, Dragos and Nozomi. There are another 5 credible vendors and 5 or more niche players. There has been a relatively large amount of...
Hospitals Are Different
Hospitals and other medical facilities get lumped into OT and cyber/physical because they have software and firmware that is monitoring and controling physical equipment and processes. It’s not wrong, but I don’t think it’s helpful. The high level, high quality OT...
SEC Action On R.R. Donnelley – – Much More Concerning Than Solarwinds
Last week R.R. Donnelley (RRD) and the SEC reached a $2.125M settlement on issues related to a December 2021 cybersecurity incident. Coming after Solarwinds and being a resolved issue has led to less cybersecurity industry angst about the SEC’s RRD complaint than the...