6 Sep 2024 | 2024
Why Checklists Win Talk to most security professionals, OT and IT, and they’ll tell you that applying a checklist approach to security controls across an industry sector makes no sense. Compliance to a standard or regulation does not equal security. Each company...
28 Aug 2024 | 2024
I was hooked on OT Security from day one. During my first SCADA security assessment in 2000 we went out to see damns, pumping stations, turnouts and other physical systems along a canal. This was much more interesting than sitting in a conference room or a data...
22 Aug 2024 | 2024
Unsurprisingly the largest category of submissions to S4x25 CFP have been AI related. Almost all of these submissions could have been written by generative AI. A paragraph or three on how AI is an important, fast growing technology that will have a major impact on OT...
13 Aug 2024 | 2024
Thomas Burke, longtime President of the OPC Foundation, had the best answer to this question in a podcast interview with Walker Reynolds. Success is measured by the level of adoption. That’s the key, when you go do anything with industry standards they’ve...
7 Aug 2024 | 2024
From 2001, the advent of ICS security, until 2019 PLC security was a “bump-in-the-line”. Place a Tofino or other industrial security solution in the network path to secure network communication to and from the PLC. This was widely understood to be a...
2 Aug 2024 | 2024
You can always count on Waterfall to take a different approach to solving a security need. (this is a good thing). They recently announced their Hardware Enforced Remote Access (HERA). HERA leverages Waterfall’s unidirectional technology (one-way, hardware enforced,...
23 Jul 2024 | 2024
And Still Awaiting Calls To Replace Unauthenticated Protocols Today Dragos released information on ICS malware they are calling FrostyGoop. The key lines from the release are: “It is the first ICS-specific malware that uses Modbus communications to achieve an...
18 Jul 2024 | 2024
The only OT security product market to date is OT Detection solutions (with a slice of asset inventory). It is led by Armis, Claroty, Dragos and Nozomi. There are another 5 credible vendors and 5 or more niche players. There has been a relatively large amount of...
9 Jul 2024 | 2024
Hospitals and other medical facilities get lumped into OT and cyber/physical because they have software and firmware that is monitoring and controling physical equipment and processes. It’s not wrong, but I don’t think it’s helpful. The high level, high quality OT...
3 Jul 2024 | 2024
Last week R.R. Donnelley (RRD) and the SEC reached a $2.125M settlement on issues related to a December 2021 cybersecurity incident. Coming after Solarwinds and being a resolved issue has led to less cybersecurity industry angst about the SEC’s RRD complaint than the...