Requiring SBOMs And Their Impact On OT

Requiring SBOMs And Their Impact On OT

Hope, 1 Step Backwards, and Business Models Hope The concept and benefits of a software bill of materials (SBOM) is simple to understand. A SBOM is a list of all software in an application or cyber asset.  Vendors need to create and maintain a SBOM to have any...

read more
How Do We Solve The OT Cybersecurity Staffing Challenges?

How Do We Solve The OT Cybersecurity Staffing Challenges?

Three answers. 1. Women Women represent 51% of the population and 57% of the college graduates in the US. They comprise less than 10% of the OT Security workforce.  Solving the problem could be as simple as adding women to the OT Security workforce until they...

read more
Recommended Security Controls For Level 0 and Level 1

Recommended Security Controls For Level 0 and Level 1

Part 1: Awareness of Purdue Level 0 and 1 (In)Security Part 2: Properly Prioritizing Level 0 and Level 1 Security In this third and final article in my Level 0 / Level 1 security series the focus is on the appropriate security controls. Sensors and Sensor Data The...

read more
Properly Prioritizing Level 0 and Level 1 Security

Properly Prioritizing Level 0 and Level 1 Security

We have resolved the issue on whether the ICS security community knows that almost all Purdue Reference Model Level 0 and Level 1 devices, and the protocols that communicate with them, lack authentication. They know this. The next question is what to do about it from...

read more
Awareness Of Purdue Level 0 and 1 (In)Security

Awareness Of Purdue Level 0 and 1 (In)Security

Solving a problem typically begins with awareness that there is a problem. Back at S4x12 a group of researchers under the Project Basecamp banner demonstrated that most PLC's (Purdue Level 1 devices) were both insecure by design and ridden with exploitable bugs, as...

read more
Legacy System Problem Keeps Growing

Legacy System Problem Keeps Growing

If you find yourself in a hole, stop digging. Will Rogers The large amount of insecure legacy ICS and long ICS lifetimes mean we will need to live with this security risk for years / decades. We can argue about how long it should take to replace the deployed...

read more
Maturing Past Maturity-Based To Risk-Based

Maturing Past Maturity-Based To Risk-Based

I recently stumbled upon a McKinsey article from October 2019 that more elegantly, in McKinsey speak, made the argument against "cyber hygiene" than I do. Over the past three years I've seen many asset owners go through the same process: Board or C-levels discover...

read more
ICS Security Company Valuation and Value Investing

ICS Security Company Valuation and Value Investing

Frank, non-flattering admission ... I am terrible at determining how much an ICS security company is worth, it's valuation. While I believe that I can analyze the market, identify the product and service trends, evaluate company strategies, and identify the winners...

read more

Women In ICS Security

Kelly Jackson Higgins of Dark Reading joins Dale Peterson to co-host this episode of the Unsolicited Response Show. https://youtu.be/Q97-f5yeVg4 The topic is Women In ICS Security, and all the guests are Women In ICS Security: - Kristin Demoranville - MJ Emanuel -...

read more

GET DALE'S ICS SECURITY NEWS & NOTES EMAIL EVERY FRIDAY

UPCOMING EVENTS

Accenture Operation: Next Closing Keynote ... March 24th

Dale will speak on Creating The Future of OT and ICS Security

S4x22 ... 25-27 Jan 2022 in Miami South Beach

Save the date. Big comeback event after one year off!

2021/2020 Past Events

ICS CYBERSEC 2021 Israel ... February 11th

Dale spoke on the topic of Less

Fortinet Secure OT 2020 Virtual 

Dale's keynote on Innovation Through Disruption.

Hack The Capitol Virtual

Led panel discussion on VC for ICS Security companies

OT-ISAC Virtual Keynote

ICSJWG Virtual Meeting

The Future of ICS Security Products (video)

S4x20 in Miami South Beach

See the videos from the event.