dalepeterson, Author at Dale Peterson: ICS Security Catalyst

It Won’t Work In OT

12 Aug 2025 | 2025

What Will Fall Next? A common refrain for any new proposed technology: It Won’t Work In OT. A short and incomplete list or examples: 90’s: Windows and Ethernet (yes, there was a battle with many experts insisting Windows workstations and servers connected by Ethernet...

Week 33: Review And Update The Removable Media And Portable Computer Policy

11 Aug 2025 | A Year In OT Security

In a perfect world, all removable media and portable computers connected to OT would be dedicated to OT. They would only be connected and used on OT. Never on IT or any other network. One way to achieve this is to deploy data transfer servers in an OT DMZ that can...

Week 32: Identify How Updates, Information, & Applications Are Brought Into The OT Environment

4 Aug 2025 | A Year In OT Security

Many OT security professionals have busted the airgap myth by asking questions on how software or firmware updates, schedules, recipes, anti-virus signatures, or applications are brought into the OT environment. They often are brought in through the approved OT...

Quantum Cryptography In OT?

30 Jul 2025 | 2025

We’ve received a few proposed sessions on quantum cryptography in OT in our S4x26 Call For Presentations. This isn’t new. We’ve received these every year this decade. They don’t get selected. Why? S4’s motto is Create The Future. While...

Week 31: Internal Segmentation Review

28 Jul 2025 | A Year In OT Security

Your task this week will vary based on the type of system you operate. Asset owners with SCADA have more work this week. SCADA Systems SCADA systems monitoring and controlling geographically dispersed systems, such as pipelines, electric grids, and water delivery,...

What We Know – Stuxnet 15 Years Later

23 Jul 2025 | 2025

The US House Homeland Security Committee’s subcommittee on Cybersecurity and Infrastructure Protection is holding a hearing today entitled Fully Operational: Stuxnet 15 Years Later and the Evolution of Cyber Threats To Critical Infrastructure. Two of the four...

Week 30: Securing Cloud Service Access To OT

21 Jul 2025 | A Year In OT Security

Predictive maintenance, efficiency studies and controls, security monitoring, and other cloud services can offer real benefits to asset owners. This trend of vendors offering, and asset owners using, cloud services is almost certain to increase. The challenge is to...

Is EU Cybersecurity Regulation Effective?

16 Jul 2025 | 2025

We can’t answer that question yet, and it’s the time to figure out how we will measure their effectiveness. The EU and its member states are working furiously to figure out how to regulate, implement, and audit the Cyber Resilience Act (CRA) and Network...

Week 29: Is Your OT Remote Access Necessary And Worth The Risk?

14 Jul 2025 | A Year In OT Security

Now that your OT remote access is secured, determine if the allowed remote access is necessary. Ideally user interactive remote access to OT for the purpose of performing control or administration should be rare. If this is the case, consider if it’s feasible to have...

Real Cyber Incident Data … First Half 2025

9 Jul 2025 | 2025

Let’s start with the data, then the analysis. Source: Notes on the data: A material cyber incident should be reported in an 8K as an Item 1.05. The SEC also encourages reporting of cyber attacks that are immaterial or pending material determination in an 8K as...