Awareness Of Purdue Level 0 and 1 (In)Security
Solving a problem typically begins with awareness that there is a problem. Back at S4x12 a group of researchers under the Project Basecamp banner demonstrated that most PLC’s (Purdue Level 1 devices) were both insecure by design and ridden with exploitable bugs,...
Legacy System Problem Keeps Growing
If you find yourself in a hole, stop digging. Will Rogers The large amount of insecure legacy ICS and long ICS lifetimes mean we will need to live with this security risk for years / decades. We can argue about how long it should take to replace the deployed...
Maturing Past Maturity-Based To Risk-Based
I recently stumbled upon a McKinsey article from October 2019 that more elegantly, in McKinsey speak, made the argument against “cyber hygiene” than I do. Over the past three years I’ve seen many asset owners go through the same process: Board or...
ICS Security Company Valuation and Value Investing
Frank, non-flattering admission … I am terrible at determining how much an ICS security company is worth, it’s valuation. While I believe that I can analyze the market, identify the product and service trends, evaluate company strategies, and identify the...Women In ICS Security
Kelly Jackson Higgins of Dark Reading joins Dale Peterson to co-host this episode of the Unsolicited Response Show. The topic is Women In ICS Security, and all the guests are Women In ICS Security: – Kristin Demoranville – MJ Emanuel – Najo Ifield...
My Recollection of the F**g Salmon Dinner
Chapter 2 of Nicole Perlroth’s book This Is How They Tell Me The World Ends is all about S4x13 and particularly about a dinner I hosted that she called The F**king Salmon dinner. We were all in Miami to attend the same bizarre conference – an annual...
Consequence and INL’s CCE
The long awaited detail of INL’s Consequence-driven, Cyber-informed Engineering (CCE) methodology is now available in the Andy Bochman / Sarah Freemen book Countering Cyber Sabotage. I had the opportunity to interview the authors for an hour in this week’s...
An Operator Turing Test
Proposal: A small group in the ICS world develop a test to determine if a “machine” can be trained from only historian data to perform as good (indistinguishable) or better than a representative Operator. In 1950 Alan Turing wrote an article on what...