Let's set aside the important question of whether the US Government's OT cybersecurity and risk management program, led by CISA, is wise. Instead let's focus on CISA's own metrics on CISA's strategy and programs. CISA issued a Strategic Plan for FY2023 - 2025 in...

We’re Doing It The Hard And Wrong Way Part 3 of my OT asset inventory series. Part 1: Wrong! "You Can't Protect What You Don't Know". Part 2: What Does "Know" Mean? There are three automated approaches to creating and maintaining an OT asset inventory. Here’s the...

My article last week debunked the claim that “you can’t protect what you don’t know”. Many of the public and private comments insisted that an asset inventory is required to provide any protection. And stressing it is foundational, one of the first things that should...

One of the most common OT Security mantras this decade is “You Can’t Protect What You Don’t Know”. Have you heard that one? It implies that without an accurate and detailed asset inventory you can’t protect cyber assets. You Can’t Protect What You Don’t Know. This is...

Vendors will gladly provide demos. Of course, the demo attempts to show the solution in the best light. You’d never show a demo where your product is lagging or lacking. Each company selects its own advantageous environment and circumstances. This makes comparing even...

Last week ICS manufacturer Rockwell Automation bought OT security company Verve Industrial Protection for an undisclosed (non-material) price. On Tuesday I wrote on this from the Verve and OT security company’s point of view. Today's article covers the...

Last week ICS manufacturer Rockwell Automation bought OT security company Verve Industrial Protection for an undisclosed (non-material) price. Today I'll cover this from the Verve and OT security company’s point of view. On Thursday I'll have a bonus article that...

CISA has a Secure Our World campaign as part of October being Cybersecurity Awareness Month. The tag line is "simple ways to protect yourself, your family and your business from online threats." There's a 1-minute video aimed every "digital citizen from K to...

A lot of content about the recent SEC rules around cyber security and cyber incidents is missing the mark, imo. No Change Companies already had the requirement to report any unscheduled material event, including cyber incidents that had a material impact,...

Digital Bond was born on October 5, 1998. We turn 25 this month. In this article I’ll crow a bit about successes and joy. Last week I covered failures and lessons learned. Nurturing Talent Most of the first 15 years were spent trying to grow a ICS security consulting...