It’s Out! Top 20 Secure PLC Coding Practices
It began with Jake Brodsky’s S4x20 session on tips and tricks he had learned in his long career with a water utility to improve the resiliency, maintenance and security of a PLC and the underlying physical process. Today, it results in the release of Version 1.0...
I’m Waiting For …
I’m waiting for a company that is ready for ransomware in the same way they would be ready for a weather event. Imagine something like the following response if this hypothetical company gets hit with ransomware: Today approximately 25% of our computers have...
Two Tracks Needed – Remedial and Create The Future
In 2008 I had three US electric utility clients who were making impressive progress in securing their ICS used in generation and transmission. They had implemented the basic security controls and were pushing with questions like “what should we do next year to be more...
Resilience Is More Than A Synonym For Security
The World Economic Forum (WEF) recently published Cyber Resilience in the Oil and Gas Industry: Playbook for Boards and Corporate Officers. This is timely coming weeks after the Colonial Pipeline incident, which was a resilience failure not an OT security failure....
ICS Detection Market Update – Q2 2021
See previous analysis on my ICS Detection Market page. We Have A Winner The ICS Detection Market is the clear ICS security market winner of 2021 to date. Even before the Colonial Pipeline incident it was clear that well funded and relentless marketing by vendors in...
3 Incident Response Playbooks for OT
If you will forgive yet another article inspired by the Colonial Pipeline incident … it does represent the oldest of the three must have OT Incident Response Playbooks. Playbook 1 – Enterprise Network Compromised Pending additional details (this is written...
The Industrial Edge, Cloud Services, and Purdue Level 1 Devices
The Industrial Edge can be understood through an analogy of the different types and capabilities of a Purdue Reference Model Level 1 device. I’ll use the AWS terminology for this article, and it could be written around Azure and other mature in concept cloud...
Requiring SBOMs And Their Impact On OT
Hope, 1 Step Backwards, and Business Models Hope The concept and benefits of a software bill of materials (SBOM) is simple to understand. A SBOM is a list of all software in an application or cyber asset. Vendors need to create and maintain a SBOM to have any...