Who Manages The Edge?
Bryan Owen in his OnRamp ICS Cloud Services module described open and closed loop cloud services. Securing open loop cloud services is simple because communications can be limited to pushing ICS data to the cloud. Closed loop cloud services can involve the external...
Try Different Roles & Companies In Your First Two Decades
It’s hard to keep up with all the movement of OT security professionals between companies, Tim Yardley, Zachery Lambert, Isiah Jones, Pascal Ackerman, Ron Brash, … There is no sign that demand for OT security pro’s will diminish in the next to 1 to 3...
Supply Chain Cybersecurity: Calamity or Shoulder Shrug II
In August, I wrote about the likely hyperbole in an article, Cybersecurity Risks Loom Large In Hospitals. The financial risk stated in the article that “loomed large” was tiny compared to other financial risks at a large hospital. The numbers in that...
(You Should Have) Zero Trust In PLCs
Last week at the Singapore CSA OTCEP event a panel I was on received the question: what do we think about the use of zero trust in OT? I’m not sure why we all hesitated to answer. Being polite? Unsure of how to answer? Tired from jet lag or crazy time zones? I...
Overwhelmed With Shoulds And Shalls
Last week the US Government published the Preliminary Critical Infrastructure System Cybersecurity Performance Goals and Objectives that included nine categories of recommended practices. Last week the US Government also published a draft of SP1800-10 Protecting...
More OT Professionals Needed
(and maybe fewer OT Security Pro’s than originally thought) Kelly Shortridge gave a great keynote on DevOps coming to the OT world at S4x20. I originally asked Kelly to give a talk on DevSecOps. She pushed back on the use of that term because security...
Sorry, Security Is A Cost
After a recent virtual keynote I was asked a perennial hopeful question: How we can make cybersecurity a source of revenue rather than a cost? The short answer for an OT asset owner is, you can’t. The motivation is understandable. Businesses and their executives...
Cyber Insurance, One (Temporary) Step Backwards
I still do a bit of ICS security consulting for asset owners in between S4, speaking at events, and the Unsolicited Response show. This consulting typically requires a $1M Professional Liability Insurance policy. It’s renewal time, and below are two new...