Since the early days of NERC CIP I have been unable to identify what I would do for OT Critical Infrastructure Cyber Security Regulations if I were omnipotent and could specify and enforce whatever I thought would work. After spending a week in Singapore this July...
As I wrote two weeks ago, in the medium to long term the winners in the OT SBOM market will be those who can effectively play the SBOM/VEXie middleman between vendors and asset owners. The ability to create SBOMs won’t be a determining factor. But competitors need to...
Last week’s article covered analysis on how the SBOM market winners will be determined by who can best play the role of middleman between the large number of ICS vendors and the even larger number of ICS asset owners. This week let’s look at what will lead to...
The image in this article is what I believe will determine winners and losers in the SBOM marketplace. Who will develop and implement the best business model of mediating the need for vendors to provide and asset owners to access SBOMs with VEXies. Here is my...
Based on the early stage venture funding, the SBOM, or software / firmware visibility and risk analysis, product segment appears to be potentially the next big thing in the OT security category. It’s in a similar place as the OT detection and visibility product...
Last week I was in Singapore at the CSA OTCEP event. You notice the differences between Singapore and the US as soon as you step into the airport and go through customs. There at least three major differences that apply to a government succeeding in managing a...
Last week’s article highlighted a recent paper, Fact and Fiction: Demystifying the Myth of the 85% by Azrilyant, Sidun and Dolashvili, and focused on the fact that 85% of the US population is served by public sector water companies, not the oft quoted 85%...
And What It Means For Government Action / Inaction For as long as I can remember, it has been an accepted and repeated “fact” that 85% of US critical infrastructure is privately owned. With the subtext of this “fact” that government...
CISA launched their Shields Up campaign in mid-February purportedly to meet the increased threat Russia posed due the war in Ukraine. From the initial release: While there are not currently any specific credible threats to the U.S. homeland, we are mindful of the...
We have mantras in ICS security and OT that we say, and mostly believe, but we don’t act as if they are true. My favorite is OT is different than IT. Have you ever heard that before? Have you ever said it? When I hear someone say this what they usually mean is: keep...
