Let’s Talk: Level 0 and Risk Management
Three topics for this week’s article: Importance, Risk Management, and Level 0 Risk Reduction. Importance Joe Weiss, who I call the Paul Revere of ICS security for his yeoman’s work raising the alarm in the 2000 – 2010 decade, was not a fan of my...
Pivot To Process Variable Anomaly Detection
Summary: Vendors who are focused on compromise of Level 0 to Level 1 communications should pivot to process variable anomaly detection. There are a handful of vendors (Siga being the most active, Mission Secure, Fortiphyd, … and a couple I likely missed) who focus on...
OT Security Product Market Winners = No Changes
The first OT Security product segment to have a company, actually multiple companies, valued over $1B is OT Detection. The next OT security product segment that is seeing multiple early stage investments and has the same look of fast market cap growth in the next 1-3...
Would My Cyber Insurance Policy Cover NotPetya?
Would my cyber insurance policy cover losses due to NotPetya? It’s one important type of question to ask your insurance provider each time before renewal. The answer from the New Jersey Superior Court for Merck was yes. The War or Hostile Acts exclusion in their...
Per Endpoint Risk Calculation
Industrial Defender version 7.4 was announced last week. One feature caught my attention: Per Endpoint Risk Calculations: Allows customization of risk profiles on a per asset basis using threat vectors such as unpatched vulnerabilities, security events and health...
2022: The Year Of?
The Year Of descriptors are done retrospectively and looking forward. 2021 from an OT and ICS Security standpoint was … The year when a cyber incident (Colonial Pipeline) finally had a significant impact on US critical infrastructure?The year of the ICS Security...
OT Security 2021: Progress
Progress in addressing OT / ICS cyber risk remains painfully slow as it has over the past two decades. There is progress, and the fact that we are seeing the increased attention and are achieving progress during these Covid years is worth highlighting at year’s...
OT Security 2021: Perspective
The primary goal of OT cyber risk management is to insure OT cyber incidents do not have an unacceptable impact to the business, customers and community. A secondary goal is to reduce, and ideally eliminate, the frequency of overall OT cyber incidents. It is clear...