ICS Security Maturity Model (Levels 4 – 6)

ICS Security Maturity Model (Levels 4 – 6)

See Part 1 with Levels 1 - 3. I must admit I switched the order of Basic Detection and eliminate High Consequence Events multiple times in writing this article. As always I welcome your comments including your own maturity levels. Maturity Level 4: Basic Detection...

read more
Hidden Value In Creating Cybersecurity Audit Programs

Hidden Value In Creating Cybersecurity Audit Programs

One of my first tasks after leaving NSA for private industry in the early 90s was to write my new company’s information security policy. I’m not sure my previous job as a cryptanalyst left me qualified for this, but I was viewed as the security guy. So, I attacked the...

read more
Who Manages The Edge?

Who Manages The Edge?

Bryan Owen in his OnRamp ICS Cloud Services module described open and closed loop cloud services. Securing open loop cloud services is simple because communications can be limited to pushing ICS data to the cloud. Closed loop cloud services can involve the external...

read more
Try Different Roles & Companies In Your First Two Decades

Try Different Roles & Companies In Your First Two Decades

It's hard to keep up with all the movement of OT security professionals between companies, Tim Yardley, Zachery Lambert, Isiah Jones, Pascal Ackerman, Ron Brash, ... There is no sign that demand for OT security pro's will diminish in the next to 1 to 3 years. If...

read more
Supply Chain Cybersecurity: Calamity or Shoulder Shrug II

Supply Chain Cybersecurity: Calamity or Shoulder Shrug II

In August, I wrote about the likely hyperbole in an article, Cybersecurity Risks Loom Large In Hospitals. The financial risk stated in the article that "loomed large" was tiny compared to other financial risks at a large hospital. The numbers in that article would get...

read more
(You Should Have) Zero Trust In PLCs

(You Should Have) Zero Trust In PLCs

Last week at the Singapore CSA OTCEP event a panel I was on received the question: what do we think about the use of zero trust in OT? I'm not sure why we all hesitated to answer. Being polite? Unsure of how to answer? Tired from jet lag or crazy time zones? I can't...

read more
Overwhelmed With Shoulds And Shalls

Overwhelmed With Shoulds And Shalls

Last week the US Government published the Preliminary Critical Infrastructure System Cybersecurity Performance Goals and Objectives that included nine categories of recommended practices. Last week the US Government also published a draft of SP1800-10 Protecting...

read more
More OT Professionals Needed

More OT Professionals Needed

(and maybe fewer OT Security Pro's than originally thought) Kelly Shortridge gave a great keynote on DevOps coming to the OT world at S4x20. I originally asked Kelly to give a talk on DevSecOps. She pushed back on the use of that term because security isn't separate...

read more
Sorry, Security Is A Cost

Sorry, Security Is A Cost

After a recent virtual keynote I was asked a perennial hopeful question: How we can make cybersecurity a source of revenue rather than a cost? The short answer for an OT asset owner is, you can't. The motivation is understandable. Businesses and their executives try...

read more

GET DALE'S ICS SECURITY NEWS & NOTES EMAIL EVERY FRIDAY

UPCOMING EVENTS

S4x22 ... 25-27 Jan 2022 in Miami South Beach

Save the date. Big comeback event after one year off!

2021/2020 Past Events

Accenture Operation: Next Closing Keynote ... March 24th

Dale will speak on Creating The Future of OT and ICS Security

ICS CYBERSEC 2021 Israel ... February 11th

Dale spoke on the topic of Less

Fortinet Secure OT 2020 Virtual 

Dale's keynote on Innovation Through Disruption.

Hack The Capitol Virtual

Led panel discussion on VC for ICS Security companies

OT-ISAC Virtual Keynote

ICSJWG Virtual Meeting

The Future of ICS Security Products (video)

S4x20 in Miami South Beach

See the videos from the event.