Is IT/OT Convergence’s Momentum Unstoppable?
My interview last week with Nozomi Networks CEO Edgard Capdevielle dug deep into the OT visibility and detection market today and more importantly where it was heading in the next 1-3 years. Lots of candor and interesting comments from Edgard, and Edgard’s thoughts of...
Calamity or Shoulder Shrug
You Must Understand Your Organization’s Risk Management Do you want support and funding for your ICS security initiatives? Then you need to understand what executives view as high, unacceptable consequences that believably could be caused by a cyber or...
Universities Beginning To Offer ICS Security Courses and Degree Programs – More Needed
The number of jobs in the ICS Security category is growing quickly. Asset owners, ICS and ICS security vendors, integrators, consulting firms, and governments are all trying to hire ICS security talent from a limited talent pool. The most common solution to grow ICS...
Easy, Moderate and Hard SBOM Wins
Easy Win – Procurement A simple request to inspect Security Development Lifecycle (SDL) artifacts, such as the threat model and fuzz testing plan and results, will tell you if the SDL is more than a dream put down on paper. (In the early 2010’s it was more...
Evaluating The ICS ATT&CK Evaluations
Last week the MITRE Engenuity team released the results from their first ATT&CK Evaluations for ICS. I spent hours looking at the MITRE published results and the evaluated vendors’ write ups of the results. It was a professionally executed and realistic...
ICS Security Buzzword Rankings
It’s summer, and I’m on vacation. So here is a light, breezy article to not take too seriously. Below is my non-scientific, highly US influenced, filter bubble warning, rankings of the ICS buzzwords rated by popularity and impact. Ransomware … Number...
Terminology and Tipping Points
The cybersecurity community loves a good terminology fight, and the ICS (if that is the right term) security community niche is no different. A recent and predictable raging discussion on a popular email list on a single term is the latest example. It’s not...
Key Management and ICS … Time To Stop Hand Waving
There has been so little cryptography in OT / Purdue Levels 0 – 2 that managing the keys for cryptography has not been much of an issue. And the lift to get encryption and authentication into OT is so heavy that even those of us who know the importance of key...