Actions have consequences, intentional and unintentional. Last year the SEC provided specific cybersecurity disclosure rules. the Commission adopted final rules that will require public companies to disclose both material cybersecurity incidents they experience...
Most asset owners who have been working on OT security for 5+ years have dealt with the removable media risk. My preference is USB drives and other media dedicated to the OT environment; never used on another network. All needed software / firmware is brought through...
Aileen Lee coined the term Unicorn ten years ago. Unicorn: a VC-backed startup that has grown to be worth $1B+ within ten years. Aileen, now the Founder & Managing Partner of Cowboy Ventures, recently wrote the worth reading article Welcome...
Guess the topic that produced the most S4x24 proposed sessions? AI, of course. All of the proposed sessions were on how GenAI, and other AI, would help cyber attackers and defenders. We selected two of these (more info below the line). It’s important. What also...
There has been a deluge of guidance and services, and a growing desire to regulate, coming from the US Government in the last two years. A portion of that has been aimed at OT and ICS security. CISA has led the way in volume since Jen Easterly became Director. The...
Admission: I’m adverse to large, multi-year programs. I don’t want to work on them, and I’m skeptical that they will achieve their goals. I favor a series of short term, quick and significant wins recognizing the Pareto Principle, 80/20 rule. My initial...
We have two ways at S4x24 to raise awareness and advance worthy causes in OT & ICS Cybersecurity. There are 1,100 early adopters / influencers / people who drive change at S4x24. Grab their attention and jumpstart your worthy cause. Worthy Cause Exhibits We have...
My article last week, How To Measure’s CISA’s Performance, was only out for hours before CISA published their first metrics for the FY 2024 – 2026 Strategic Plan. The metrics are related to CISA’s Vulnerability Scanning...
Let’s set aside the important question of whether the US Government’s OT cybersecurity and risk management program, led by CISA, is wise. Instead let’s focus on CISA’s own metrics on CISA’s strategy and programs. CISA issued a Strategic...
We’re Doing It The Hard And Wrong Way Part 3 of my OT asset inventory series. Part 1: Wrong! “You Can’t Protect What You Don’t Know”. Part 2: What Does “Know” Mean? There are three automated approaches to creating and maintaining an...
