Week 41: OT Security Patching Audit

As we come to the year’s end, it’s a good time to perform a first audit of the OT Security Patching Program you put in place in Weeks 36 – 37. If you have other OT cyber maintenance activities defined, audit these too. Is the team doing what they committed to do? A...
Premature Consensus In OT Security Made Worse With AI

Premature Consensus In OT Security Made Worse With AI

We know very little about what security controls and consequence reduction actions reduce the number and impact of incidents that includes an OT cyber component. Read that again. We have hypotheses. I have hypotheses, and wrote a book on the topic A Year In OT...

Week 39: Evaluate And Verify Backups

ICS in OT have achieved very high availability due to redundancy. This high availability decreases the frequency that backups are needed for recovery, and this often leads to less rigor in the backup process. This week’s task is to verify you can answer yes to the...

Week 36: Validate Detection And Call Outs

Does your detection work? Will it identify aspects of a cyber attack as designed? Will it present the events / alerts / information to the appropriate role? Does that role understand their Call Outs? This week you will test each detection source and each Call Out...

Week 35: Create Cybersecurity Call Outs

Call outs are common in Operations. If this happens, contact this person, take this action, watch this reading, order this maintenance, … Your task this week is to create OT detection call outs, the beginning of response. These call outs are actions assigned to roles....