dalepeterson, Author at Dale Peterson: ICS Security Catalyst

Week 24: Identify All OT Electronic Security Perimeters

9 Jun 2025 | A Year In OT Security

Last week’s task identified, and initiated steps to remove, all unauthorized or insecure Internet access to OT. The remaining OT network access will come from your IT networks or business partner networks. The first step to evaluating the OT electronic security...

Why Little Secure Coding Interest In OT?

3 Jun 2025 | 2025

Most years we include a secure coding session on S4’s Stage 2 Technical Deep Dives. This year it was Colin Breck’s: It’s Not As Simple As “Use A Memory Safe Language”. The session drew a small audience, even though it was given a...

Week 23: Is Your OT Environment Accessible From The Internet?

2 Jun 2025 | A Year In OT Security

Hopefully you believe the answer to this question is no. If any person or device on the Internet can access any of your OT environments you need to take immediate action. Note: “any person or device on the Internet” doesn’t include an employee or partner with...

Rating Past OT Security Acquisitions

27 May 2025 | 2025

It’s been over five years now since the OT Asset Inventory and Detection market sorted itself out. The top tier has changed little. The increased acceptance of cloud-based solutions has helped Armis join original top tier vendors Claroty, Dragos, and Nozomi....

Week 22: Evaluate The Ability To Recover And Meet The RTO (1st Pass)

26 May 2025 | A Year In OT Security

In Week 21 you identified the recovery time objective (RTO). Your task this week is to evaluate, at a high level via interview and inspection, if that RTO can be credibly met. Assume a scenario where everything with an IP address in IT and OT has been compromised and...

False and True: You Can’t Protect What You Don’t Know

20 May 2025 | 2025

False One of the most common OT Security mantras this decade is “You Can’t Protect What You Don’t Know”. Those who say this are almost always saying you can’t protect your OT environment without a detailed and accurate OT cyber asset inventory. This is...

Week 21: Identify The Recovery Time Objective (RTO)

19 May 2025 | A Year In OT Security

Your manufacturing line is down. How fast do you need to have it back in operation to avoid a high or catastrophic consequence that you identified in Weeks 11 – 12? The same “how fast do you need it back in operation to avoid a high or catastrophic consequence”...

What’s Next For DHS / CISA In OT Security?

14 May 2025 | 2025

I’ve had the chance to interview the last three leaders of DHS’s OT security efforts at S4 (only missing out on Seán Paul McGurk). For good or bad, the message has been consistent. Emphasis on information sharing, public / private partnership, new .gov...

Week 20: What Is Your “Island Mode”? Your Response To A Compromise On IT

12 May 2025 | A Year In OT Security

Your IT network has been compromised. Your OT network seems to be working fine, but you’re worried that the compromise will spread to OT. What do you do? Colonial Pipeline faced this situation in 2021 when ransomware infected their IT network. Their response? Shut...

Anecdotes Are Not Data

6 May 2025 | 2025

A large part of OT Security marketing is based around anecdotes. Some anecdotes are real. This small water utility was hacked and a tank overflowed. This manufacturer had ransomware and had to shut down certain factory operations for three days. This rail system was...