US Government: Guidance, Regulation, or Services?

US Government: Guidance, Regulation, or Services?

There has been a deluge of guidance and services, and a growing desire to regulate, coming from the US Government in the last two years. A portion of that has been aimed at OT and ICS security. CISA has led the way in volume since Jen Easterly became Director. The...

Advancing ICS Security Worthy Causes

We have two ways at S4x24 to raise awareness and advance worthy causes in OT & ICS Cybersecurity. There are 1,100 early adopters / influencers / people who drive change at S4x24. Grab their attention and jumpstart your worthy cause. Worthy Cause Exhibits We have...
How To Measure CISA’s Performance?

How To Measure CISA’s Performance?

Let’s set aside the important question of whether the US Government’s OT cybersecurity and risk management program, led by CISA, is wise. Instead let’s focus on CISA’s own metrics on CISA’s strategy and programs. CISA issued a Strategic...
Part 3: Creating An OT Asset Inventory

Part 3: Creating An OT Asset Inventory

We’re Doing It The Hard And Wrong Way Part 3 of my OT asset inventory series. Part 1: Wrong! “You Can’t Protect What You Don’t Know”. Part 2: What Does “Know” Mean? There are three automated approaches to creating and maintaining an...
Part 2 – What Does “Know” Mean?

Part 2 – What Does “Know” Mean?

My article last week debunked the claim that “you can’t protect what you don’t know”. Many of the public and private comments insisted that an asset inventory is required to provide any protection. And stressing it is foundational, one of the first things that should...
Wrong: “You Can’t Protect What You Don’t Know”

Wrong: “You Can’t Protect What You Don’t Know”

One of the most common OT Security mantras this decade is “You Can’t Protect What You Don’t Know”. Have you heard that one? It implies that without an accurate and detailed asset inventory you can’t protect cyber assets. You Can’t Protect What You Don’t Know. This is...
Comparing OT Vulnerability Management Solutions

Comparing OT Vulnerability Management Solutions

Vendors will gladly provide demos. Of course, the demo attempts to show the solution in the best light. You’d never show a demo where your product is lagging or lacking. Each company selects its own advantageous environment and circumstances. This makes comparing even...
Rockwell Automation Acquires Verve … Part 2

Rockwell Automation Acquires Verve … Part 2

Last week ICS manufacturer Rockwell Automation bought OT security company Verve Industrial Protection for an undisclosed (non-material) price. On Tuesday I wrote on this from the Verve and OT security company’s point of view. Today’s article covers the...