Ransomware and ICS
Hype And Recovery A woman died in Germany concurrently with a ransomware attack on a hospital, and the media was flooded with articles about ransomware causing its first death. Wired’s article this week, The Untold Story of a Cyber Attack, a Hospital...
Long Hidden ICS Cyber Risk, Not Increased Threat, Driving Disruption
I’m giving a keynote at an upcoming event, Fortinet’s Secure OT 2020 on Nov 24-25, that has as its theme “Innovation Through Disruption. While I’ll focus mostly on three ICS disrupting innovations in the next 1-3 years, I gave some thought...Podcast: October Month In Review
Jason Nations and I go over October’s top three stories plus our Win, Fail and Prediction of the month.
Russian hackers charged, ICS vendor security services, and risk metrics.
Wanted: ICS Cloud Services Security Product
The technology exists. It just isn’t being marketed and sold for this need. The majority of ICS related cloud services currently deployed are for predictive maintenance and performance analysis. These are ‘open loop’ services. Open loop in the sense...IEC 62443 Standards Are Ready For Their Close-Up
About every 18 months, I end up, as I am now, on a project where the asset owner wants to follow IEC 62443 security documents as closely as possible. As I re-read and use them, I’m struck by two things: There is a large amount of great content in the published...
Podcast: September ICS Security Month In Review
The ICS Security Month in Review episodes cover two to three big stories from the month plus a win, a fail and a prediction. This month’s stories include: S4x21’s cancellation and S4x22 dates(7:01) Ransomware in ICS (12:30) SCIDMark and other ICS cyber...
Podcast: ATT&CK For ICS Evaluations
Detecting Triton Type Attacks In this episode I talk with Otis Alexander of MITRE about ATT&CK for ICS Evaluations. We begin with a discussion on ATT&CK and the ICS version of ATT&CK. If you are familiar with this, skip to 17:09 where we begin our...
Podcast: Splunk’s OT Security Add-On
Most of the OT Detection and Asset Management solutions have developed ‘integrations’ with SIEMs, with Splunk and QRadar being the most common. I put integrations in quotes because they did little more than push alerts and events to the SIEMs with little...