Security Outcomes in ICS
Cisco recently published their 2021 Security Outcomes Study. It is worth a close look. Not so much for the results and conclusions applicable to the enterprise, but the methodology is worth adopting for the ICS environment. It would be great if ARC or someone...Grateful To Be In ICS Security
Happy Thanksgiving to my US readers. There is much to be thankful for if you are in the ICS security community. In my S4x20 keynote this past January, I contended that this is a great time to be in ICS security. Two months later, COVID shook the world. I know many of...
Chris Krebs Firing Changes What?
Is It Time To Change Mission, Or At Least Expectations, For DHS? President Trump’s firing of CISA Director Chris Krebs on Tuesday served no purpose except for petty vengeance. In just over two months he would not have to deal with Chris or any other appointees....
Ransomware and ICS
Hype And Recovery A woman died in Germany concurrently with a ransomware attack on a hospital, and the media was flooded with articles about ransomware causing its first death. Wired’s article this week, The Untold Story of a Cyber Attack, a Hospital...
Long Hidden ICS Cyber Risk, Not Increased Threat, Driving Disruption
I’m giving a keynote at an upcoming event, Fortinet’s Secure OT 2020 on Nov 24-25, that has as its theme “Innovation Through Disruption. While I’ll focus mostly on three ICS disrupting innovations in the next 1-3 years, I gave some thought...Podcast: October Month In Review
Jason Nations and I go over October’s top three stories plus our Win, Fail and Prediction of the month.
Russian hackers charged, ICS vendor security services, and risk metrics.
Wanted: ICS Cloud Services Security Product
The technology exists. It just isn’t being marketed and sold for this need. The majority of ICS related cloud services currently deployed are for predictive maintenance and performance analysis. These are ‘open loop’ services. Open loop in the sense...IEC 62443 Standards Are Ready For Their Close-Up
About every 18 months, I end up, as I am now, on a project where the asset owner wants to follow IEC 62443 security documents as closely as possible. As I re-read and use them, I’m struck by two things: There is a large amount of great content in the published...