Last week CISA published Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default. While most of the attention has been on Security by Design, Security by Default can be a much more immediate result and a long...
We have a diversity problem in OT security. The obvious lack of diversity is social diversity. Racial, gender and even age diversity. It’s important the community is taking this seriously and making progress. However there is another type of diversity...
A Seth Godin blog and Peter Drucker daily digest one day last week brought me back to my IEC 62443’s Future … Encyclopedia Brittanica and AI article, originally published in January 2023. The article raised the ire of many on the 62443 committee,...
Governments have greatly increased the activity level on addressing OT security. Unfortunately, much, if not most, of the activity is wasted. I’ll use the US Dept of Energy’s CESER program as the example. This recipe applies to all government organizations, US and...
Hat’s off to the Waterfall marketing team on the buildup for their new WF-600. They treated it like a movie release with a trailer and other social media content designed to peak interest in the new product release. Part of the reason it was so...
There was only one catch and that was Catch-22, which specified that a concern for one’s own safety in the face of dangers that were real and immediate was the process of a rational mind. Orr was crazy and could be grounded. All he had to do was ask; and as soon...
The Biden Administration released the new US National Cybersecurity Strategy last week (fact sheet and full document). I’m still puzzled on the timing, weeks after Chris Inglis leaves as National Cyber Director, and with no replacement announced (Kemba Walden is...
Part 1: Debilitating Effect Anne Riberio, an excellent & prolific reporter on the ICS security beat for Industrial Cyber, wrote about the ransomware attack causing outages at Dole last week. It begins with The recent ransomware attack on food giant Dole plc...
How much do we really know about how to reduce outages due to a cyber attack? We have over 1,000 of the worlds’ foremost experts on defining and implementing OT security good practice in this room. If we had 1000 of the foremost doctors from 300 years ago...
The ICS security community often has instances were very talented, hardworking people spend days arguing about high level terminology. Passionate, well thought out, and well written or spoken content on why one term is better than another. This happens on a variety of...
