Leading Indicator Metrics (Inspired by API RP 754)
Part 1 of this article is from my S4x24 Keynote: Believe!. Part 2 is the suggested related metrics for the US and other governments. Are some of you having trouble with Total Recordable Incident Rate? Or the SEC material incident rate? Or these outage pie charts. I...
US Government Cybersecurity Performance: Activity – Success, Achievement – Who Knows?
Last week continued the deluge of documents and activity from the US Government on the nation’s cybersecurity. The two most important for OT security were the 2024 Report On The Cybersecurity Posture Of The United States and the National Cybersecurity Strategy...
RSA Conference: OT Vs. IT Vs. Convergence
One of the first articles or presentations those new to OT generate is how OT is different from IT. Like other uses of T, there are tasks, goals and constraints that are different in OT than the employee desktop, application, server and infrastructure environment that...
Proposed Government Metric – Impacted People Days
This is the first in a series of articles on proposed government metrics (US and other) to measure the consequence of critical infrastructure OT cyber incidents. Impacted People Days – – The number of people impacted by an OT cyber incident multiplied by...Europe, Regulation and AI with Patrick Miller
Click To Subscribe Show Notes Patrick Miller has OT cybersecurity experience as an asset owner, PacificCorp. As a regulator and one of the first NERC CIP auditors with WECC. As a community organizer creating and leading EnergySec and the BeerISAC. And as an...
Tom Alrich Book Interview: Introduction To SBOM And VEX
Click To Subscribe Show Notes Tom Alrich is the author of the new book Introduction To SBOM And VEX. Host Dale Peterson and Tom discuss: Who Tom wrote the book for. Why the book had so much content prefaced by “in the author’s opinion” and “the author believes”. Early...
US National Cybersecurity Strategy Implementation Plan V2.0
This is the first iteration of the Implementation Plan, which is a living document that will be updated annually. US National Cybersecurity Strategy Implementation Plan, July 2023 We should be seeing the annual update, Version 2.0, of the Implementation Plan this...
A Barbell Strategy For OT Security
The barbell strategy is most common in finance and became more widely known after its use in Taleb’s Antifragile. Barbell Strategy: A dual strategy, a combination of two extremes, one safe and one speculative, deemed more robust than a “monomodal” strategy;...