Why Little Secure Coding Interest In OT?

Why Little Secure Coding Interest In OT?

Most years we include a secure coding session on S4’s Stage 2 Technical Deep Dives. This year it was Colin Breck’s: It’s Not As Simple As “Use A Memory Safe Language”. The session drew a small audience, even though it was given a...
Rating Past OT Security Acquisitions

Rating Past OT Security Acquisitions

It’s been over five years now since the OT Asset Inventory and Detection market sorted itself out. The top tier has changed little. The increased acceptance of cloud-based solutions has helped Armis join original top tier vendors Claroty, Dragos, and Nozomi....
False and True: You Can’t Protect What You Don’t Know

False and True: You Can’t Protect What You Don’t Know

False One of the most common OT Security mantras this decade is “You Can’t Protect What You Don’t Know”. Those who say this are almost always saying you can’t protect your OT environment without a detailed and accurate OT cyber asset inventory. This is...
What’s Next For DHS / CISA In OT Security?

What’s Next For DHS / CISA In OT Security?

I’ve had the chance to interview the last three leaders of DHS’s OT security efforts at S4 (only missing out on Seán Paul McGurk). For good or bad, the message has been consistent. Emphasis on information sharing, public / private partnership, new .gov...
Anecdotes Are Not Data

Anecdotes Are Not Data

A large part of OT Security marketing is based around anecdotes. Some anecdotes are real. This small water utility was hacked and a tank overflowed. This manufacturer had ransomware and had to shut down certain factory operations for three days. This rail system was...