
Major ICS Vendors As OT Security Suppliers
There has been a steady series of announcements over the last four years of the largest ICS vendors, Emerson, Honeywell, Scheider Electric, Siemens, Yokogawa, etc., offering OT security services and security products. The marketing and sales of these solutions tends...

The Benefit Of Limits In The Era Of Cyber Hygiene
I performed my first ICS cybersecurity risk assessment in 2000 for a large water utility. Eye opening to the power of automation and lack of cybersecurity and cyber maintenance. In the six years that followed, the Digital Bond team performed numerous assessments and...

OT & Engineers … Lawyers & CEOs
Two weeks ago I wrote Not OT v IT ... It's OT & Engineering. While the article received a lot of positive comments, the most emphatic comments were from a small number of engineers and automation professionals who essentially said: We've got this. OT and all T...

Where’s The Early Win?
Cyber Informed Engineering (CIE), Secure By Design, SBOMs for all and everywhere, and large monitoring networks bringing back all sorts of data for visibility and analysis. These large programs, largely driven by government, make so much sense. Who wouldn't want...
Not OT v IT … It’s OT & Engineering
I spent the week in Singapore participating in CSA’s OTCEP event. While reduced from year’s past, there still were a number of slides and discussions how IT is different than OT. I’m not sure what’s more wrong in this discussion: straw man or lack of understanding of...

CISA 2024 – 2026 Strategic Plan … A Glimmer Of Hope?
CISA has issued a large number of documents during the Biden administration. Perhaps a flood the zone strategy to prove they are on it and how much they care. I've admittedly become a bit numb to reading them as they preach good practices for others with little CISA...

Organized Abandonment of Security Controls (and costs)
Security controls accumulate, as do the costs of security controls. We see this in what is being lumped into ‘cyber hygiene’. We see it in cyber security standards and good practices. The set of security controls being added to government regulations and forceful...

Faith In The Future
I started Digital Bond in 1998 to develop a product to secure stock trading transactions over the Internet. A smart card (chip card) would be the second form of authentication and digitally sign every transaction for non-repudiation. This would prevent...

SAIDI: What Cyber Incidents Should Be Excluded From Metrics?
The System Average Interruption Duration Index (SAIDI) is a reliability metric used in the electric sector. It's a measure of the average annual outage time for a customer. It can be measured by company, state, or country. The US data is available here. (btw, the...

Port of Nagoya Ransomware and Risk Management
The Port of Nagoya's Port Unified Terminal System responsible for "managing the loading of containers" was infected with LockBit 3.0 earlier this month. This caused the largest port in Japan to stop operations for 2.5 days, and had cascading...
GET DALE'S ICS SECURITY NEWS & NOTES EMAIL EVERY FRIDAY
Article Archive By Year
Article Archive By Category
UPCOMING EVENTS
OTCEP ... August 22 - 23 in Singapore
I'll be giving my OT Cybersecurity ... From Speculation To Science keynote and participating in panel discussions at the CSA's OT Cybersecurity Expert Panel event.
SoterICS Event ... Sept 19 in Antwerp, Belgium
SoterICS is celebrating their company's launch with a one-day event. I'll be giving my OT Cybersecurity ... From Speculation to Science keynote.
S4x24 ... 4 - 7 March 2024 in Miami South Beach
Save the date. For the biggest and most future focused on ICS Security Event.