ICS / IIoT Market Segmentation Needed So We Can Communicate Effectively
There have been many events and data points that show even people knowledgeable in ICS and security are having difficulty communicating together because we have different views and experiences on what an ICS is. The latest example is Kaspersky’s Threat Landscape...Unsolicited Response Podcast: Ralph Langner Interview on ICS Product Market
In this episode I speak with Ralph Langner of Langner Communications about the ICS Product Security Market. Ralph is famous for his work on Stuxnet, and he has done a lot of great work before and after Stuxnet. For the last two years he has set aside his decades of...
ICS Product Categories and Composition
Thinking Out Loud … The ICS Detection market is new and highly competitive as covered in an early article. A question as interesting as who will be the winners in this market, is what the composition and capabilities of the winning solutions will be? The diagram...Blake Sobczak of E&E News on Electric Sector Cybersecurity
Blake Sobczak, a reporter for Energy & Environment News, has been on fire lately with his coverage of electric sector cybersecurity. It seems like I’m consistently retweeting his stories and putting them into my Friday News & Notes email (are you...Two Real Questions on the Weissian Crusade for Securing Process Sensors, Actuators and Drives
I like to call ICS security legend Joe Weiss the Paul Revere of the community. In the five years after the Sept 11th attacks, he was the most effective advocate and loudly carried the message that we have a huge risk that was not being addressed. He didn’t stop...The Future of the ICS Cyber Security Detection Market
The ICS Cyber Security Detection market has 20+ vendors chasing this niche with most focused on passive network monitoring to create an asset inventory and identify cyber incidents. I’ve written on this developing market, interviewed participants on stage and in...Podcast: CCE with Andy Bochman of INL
Andy Bochman with INL joins me to discuss their Consequence-Driven, Cyber-Informed Engineering methodology (CCE). It is appealing because it places emphasis on the often neglected consequence part of the risk equation....
Michael Assante on the Podcast
Michael Assante is my guest for this episode. He has a storied career and recently won the RSA Conference Award for Excellence in Information Security. Mike was the VP/CSO of NERC, active at INL in the Aurora demonstration, led the development and implementation of the SANS ICS Security Training program, and even began working as CSO for an electric utility. We talk about driving change, what regulation would work, the lessons learned and failures of Aurora and much more.
Let’s Kill (Or Correct) The Term “Cyber Hygiene” In ICS
Hygiene was obviously selected by Andy and many others because it is easy to understand from its common usage, and who can possibly be against hygiene. Wash your hands before eating. Brush your teeth. Take a bath or shower. Change into clean clothes. Oh yes, we need cyber hygiene.
The easiest way to see the misuse and flaws in this term is that periodic wellness exams and vaccinations are not hygiene. Not everything a person does, and little a person has done for them, to maintain health is considered hygiene.
If we must keep the term cyber hygiene, then cyber hygiene should only include: