dalepeterson, Author at Dale Peterson: ICS Security Catalyst

Week 27: Evaluate And Improve Your OT DMZ

30 Jun 2025 | A Year In OT Security

De-militarized zones (DMZ), semi-trusted zones, are a common electronic security perimeter good practice. The firewall segmenting IT from the Internet will often have one or more DMZ to limit direct Internet to IT network communication. A web server, database...

What Problem Are You Solving?

24 Jun 2025 | 2025

The application for S4x26 Proof of Concept (POC) Pavilion begins with a simple question. What problem is your product or service solving? The POC Pavilion will have a highly realistic asset owner OT environment. (You can watch the reveal of Pavilion provider, system,...

Week 26: Evaluate Your OT Electronic Security Perimeters

23 Jun 2025 | A Year In OT Security

Take the information gathered in Week 24 on your OT electronic security perimeters and evaluate the risk related to each communication allowed through the OT electronic security perimeter. This is typically a rule by rule analysis. If you have a well-documented...

Possible Isn’t A Compelling Argument

17 Jun 2025 | 2025

In a recent LinkedIn post Andrew Ginter made the case that legal liability is an argument for investing in cybersecurity. That those responsible for managing risk, and cybersecurity in particular, should put in place “reasonable” security controls to...

Week 25: Detour … S4x26 Call For Presentations … What’s Your Passion?

16 Jun 2025 | A Year In OT Security

The S4x26 Call For Presentations (CFP) opens this week and runs through August 31st. Information is available at s4xevents.com/cfp. Early submission improves your chances of getting on the S4 stage as we review submissions as they come, rather than waiting until the...

Week 24: Identify All OT Electronic Security Perimeters

9 Jun 2025 | A Year In OT Security

Last week’s task identified, and initiated steps to remove, all unauthorized or insecure Internet access to OT. The remaining OT network access will come from your IT networks or business partner networks. The first step to evaluating the OT electronic security...

Why Little Secure Coding Interest In OT?

3 Jun 2025 | 2025

Most years we include a secure coding session on S4’s Stage 2 Technical Deep Dives. This year it was Colin Breck’s: It’s Not As Simple As “Use A Memory Safe Language”. The session drew a small audience, even though it was given a...

Week 23: Is Your OT Environment Accessible From The Internet?

2 Jun 2025 | A Year In OT Security

Hopefully you believe the answer to this question is no. If any person or device on the Internet can access any of your OT environments you need to take immediate action. Note: “any person or device on the Internet” doesn’t include an employee or partner with...

Rating Past OT Security Acquisitions

27 May 2025 | 2025

It’s been over five years now since the OT Asset Inventory and Detection market sorted itself out. The top tier has changed little. The increased acceptance of cloud-based solutions has helped Armis join original top tier vendors Claroty, Dragos, and Nozomi....

Week 22: Evaluate The Ability To Recover And Meet The RTO (1st Pass)

26 May 2025 | A Year In OT Security

In Week 21 you identified the recovery time objective (RTO). Your task this week is to evaluate, at a high level via interview and inspection, if that RTO can be credibly met. Assume a scenario where everything with an IP address in IT and OT has been compromised and...