Clorox Investor Cyber Incident Concerns
Lost Manufacturing Capacity & Recovering Shelf Space Clorox had suffered a cyber incident on their enterprise network, not OT, in August of 2023. They lost 26% of their manufacturing capacity during that quarter as they had to move to manual order processing....
Water Hysteria and Reality
Reality There has not been a publicly disclosed cyber incident on a US water utility’s OT system that has affected the delivery of safe, drinkable water for years. There has not been a publicly disclosed cyber incident that can even be called a near miss. Not...
Tough Times In The OT Security Job Market
There was one sour note amongst the good feelings as the S4 community met in early March – – some were missing because they had been laid off. Talented, innovative professionals who had their choice of jobs not too long ago. The OT security job...
The Security Floor … Not Secure By Design
It hit me during Megan Samford’s bullish comments on Secure By Design at the S4x24 Closing Panel. She believed it was possible to specify a minimum set of required security configuration parameters, development processes and security controls. While Megan referred to...
Gem: Minimal Viable Delivery Objective
This week a gem in the deluge of mostly repetitive cyber security information and initiatives coming out of the US Government. The President’s Council of Advisors on Science & Technology (PCAST) issued their Strategy For Cyber-Physical Resilience. A lot of...
Volt Typhoon Is New Status Quo For ICS
Note: this article was triggered by a Dragos report and briefing Tuesday on Volt Typhoon (they call it VOLTZITE) and its potential future impact on cyber/physical systems. The real message, the key takeaway on Volt Typhoon for those running critical infrastructure ICS...
SEC Fines, Software Liability & Possible Consequences
Actions have consequences, intentional and unintentional. Last year the SEC provided specific cybersecurity disclosure rules. the Commission adopted final rules that will require public companies to disclose both material cybersecurity incidents they experience...
Support Vendor Laptops Continue To Be A Challenge
Most asset owners who have been working on OT security for 5+ years have dealt with the removable media risk. My preference is USB drives and other media dedicated to the OT environment; never used on another network. All needed software / firmware is brought through...