![Tom Alrich Book Interview: Introduction To SBOM And VEX](https://dale-peterson.com/wp-content/uploads/2024/04/Screenshot-2024-04-15-at-5.10.05 PM-1080x560.png)
![Tom Alrich Book Interview: Introduction To SBOM And VEX](https://dale-peterson.com/wp-content/uploads/2024/04/Screenshot-2024-04-15-at-5.10.05 PM-1080x560.png)
![US National Cybersecurity Strategy Implementation Plan V2.0](https://dale-peterson.com/wp-content/uploads/2024/04/jumpstory-download20240409-194356.jpg)
US National Cybersecurity Strategy Implementation Plan V2.0
This is the first iteration of the Implementation Plan, which is a living document that will be updated annually. US National Cybersecurity Strategy Implementation Plan, July 2023 We should be seeing the annual update, Version 2.0, of the Implementation Plan this...![A Barbell Strategy For OT Security](https://dale-peterson.com/wp-content/uploads/2024/04/Picture2-1080x675.png)
A Barbell Strategy For OT Security
The barbell strategy is most common in finance and became more widely known after its use in Taleb’s Antifragile. Barbell Strategy: A dual strategy, a combination of two extremes, one safe and one speculative, deemed more robust than a “monomodal” strategy;...![Clorox Investor Cyber Incident Concerns](https://dale-peterson.com/wp-content/uploads/2024/04/1712066408752.jpeg)
Clorox Investor Cyber Incident Concerns
Lost Manufacturing Capacity & Recovering Shelf Space Clorox had suffered a cyber incident on their enterprise network, not OT, in August of 2023. They lost 26% of their manufacturing capacity during that quarter as they had to move to manual order processing....![Water Hysteria and Reality](https://dale-peterson.com/wp-content/uploads/2024/04/1711405042292.jpeg)
Water Hysteria and Reality
Reality There has not been a publicly disclosed cyber incident on a US water utility’s OT system that has affected the delivery of safe, drinkable water for years. There has not been a publicly disclosed cyber incident that can even be called a near miss. Not...![Tough Times In The OT Security Job Market](https://dale-peterson.com/wp-content/uploads/2023/06/IMG_0093-1.jpeg)
Tough Times In The OT Security Job Market
There was one sour note amongst the good feelings as the S4 community met in early March – – some were missing because they had been laid off. Talented, innovative professionals who had their choice of jobs not too long ago. The OT security job...![The Security Floor … Not Secure By Design](https://dale-peterson.com/wp-content/uploads/2024/03/jumpstory-download20240311-184553.jpg)
The Security Floor … Not Secure By Design
It hit me during Megan Samford’s bullish comments on Secure By Design at the S4x24 Closing Panel. She believed it was possible to specify a minimum set of required security configuration parameters, development processes and security controls. While Megan referred to...![Gem: Minimal Viable Delivery Objective](https://dale-peterson.com/wp-content/uploads/2024/02/jumpstory-download20240229-172152.jpg)
Gem: Minimal Viable Delivery Objective
This week a gem in the deluge of mostly repetitive cyber security information and initiatives coming out of the US Government. The President’s Council of Advisors on Science & Technology (PCAST) issued their Strategy For Cyber-Physical Resilience. A lot of...![Volt Typhoon Is New Status Quo For ICS](https://dale-peterson.com/wp-content/uploads/2024/02/jumpstory-download20240214-203058.jpg)
Volt Typhoon Is New Status Quo For ICS
Note: this article was triggered by a Dragos report and briefing Tuesday on Volt Typhoon (they call it VOLTZITE) and its potential future impact on cyber/physical systems. The real message, the key takeaway on Volt Typhoon for those running critical infrastructure ICS...![SEC Fines, Software Liability & Possible Consequences](https://dale-peterson.com/wp-content/uploads/2024/02/Truth-or-Consequences-1080x675.jpg)