3 Incident Response Playbooks for OT

3 Incident Response Playbooks for OT

If you will forgive yet another article inspired by the Colonial Pipeline incident … it does represent the oldest of the three must have OT Incident Response Playbooks. Playbook 1 – Enterprise Network Compromised Pending additional details (this is written...
The Industrial Edge, Cloud Services, and Purdue Level 1 Devices

The Industrial Edge, Cloud Services, and Purdue Level 1 Devices

The Industrial Edge can be understood through an analogy of the different types and capabilities of a Purdue Reference Model Level 1 device. I’ll use the AWS terminology for this article, and it could be written around Azure and other mature in concept cloud...
Requiring SBOMs And Their Impact On OT

Requiring SBOMs And Their Impact On OT

Hope, 1 Step Backwards, and Business Models Hope The concept and benefits of a software bill of materials (SBOM) is simple to understand. A SBOM is a list of all software in an application or cyber asset.  Vendors need to create and maintain a SBOM to have any...
Sprinting To Secure The US Power Grid

Sprinting To Secure The US Power Grid

Last week a Bloomberg article covered the Biden Administration’s plan for a 100-day sprint to secure the power grid. I’ll comment on the three focus areas the article lays out and more broadly on 100-day efforts. Monitoring The Grid And Sending Data To The...
How Do We Solve The OT Cybersecurity Staffing Challenges?

How Do We Solve The OT Cybersecurity Staffing Challenges?

Three answers. 1. Women Women represent 51% of the population and 57% of the college graduates in the US. They comprise less than 10% of the OT Security workforce.  Solving the problem could be as simple as adding women to the OT Security workforce until they...
Recommended Security Controls For Level 0 and Level 1

Recommended Security Controls For Level 0 and Level 1

Part 1: Awareness of Purdue Level 0 and 1 (In)Security Part 2: Properly Prioritizing Level 0 and Level 1 Security In this third and final article in my Level 0 / Level 1 security series the focus is on the appropriate security controls. Sensors and Sensor Data The...
Properly Prioritizing Level 0 and Level 1 Security

Properly Prioritizing Level 0 and Level 1 Security

We have resolved the issue on whether the ICS security community knows that almost all Purdue Reference Model Level 0 and Level 1 devices, and the protocols that communicate with them, lack authentication. They know this. The next question is what to do about it from...
Awareness Of Purdue Level 0 and 1 (In)Security

Awareness Of Purdue Level 0 and 1 (In)Security

Solving a problem typically begins with awareness that there is a problem. Back at S4x12 a group of researchers under the Project Basecamp banner demonstrated that most PLC’s (Purdue Level 1 devices) were both insecure by design and ridden with exploitable bugs,...
Legacy System Problem Keeps Growing

Legacy System Problem Keeps Growing

If you find yourself in a hole, stop digging. Will Rogers The large amount of insecure legacy ICS and long ICS lifetimes mean we will need to live with this security risk for years / decades. We can argue about how long it should take to replace the deployed...