Sorry, Security Is A Cost

Sorry, Security Is A Cost

After a recent virtual keynote I was asked a perennial hopeful question: How we can make cybersecurity a source of revenue rather than a cost? The short answer for an OT asset owner is, you can't. The motivation is understandable. Businesses and their executives try...

read more
Cyber Insurance, One (Temporary) Step Backwards

Cyber Insurance, One (Temporary) Step Backwards

I still do a bit of ICS security consulting for asset owners in between S4, speaking at events, and the Unsolicited Response show. This consulting typically requires a $1M Professional Liability Insurance policy. It's renewal time, and below are two new exclusions...

read more
Is IT/OT Convergence’s Momentum Unstoppable?

Is IT/OT Convergence’s Momentum Unstoppable?

My interview last week with Nozomi Networks CEO Edgard Capdevielle dug deep into the OT visibility and detection market today and more importantly where it was heading in the next 1-3 years. Lots of candor and interesting comments from Edgard, and Edgard’s thoughts of...

read more
Calamity or Shoulder Shrug

Calamity or Shoulder Shrug

You Must Understand Your Organization's Risk Management Do you want support and funding for your ICS security initiatives? Then you need to understand what executives view as high, unacceptable consequences that believably could be caused by a cyber or cyber/physical...

read more
Easy, Moderate and Hard SBOM Wins

Easy, Moderate and Hard SBOM Wins

Easy Win - Procurement A simple request to inspect Security Development Lifecycle (SDL) artifacts, such as the threat model and fuzz testing plan and results, will tell you if the SDL is more than a dream put down on paper. (In the early 2010’s it was more...

read more
Evaluating The ICS ATT&CK Evaluations

Evaluating The ICS ATT&CK Evaluations

Last week the MITRE Engenuity team released the results from their first ATT&CK Evaluations for ICS. I spent hours looking at the MITRE published results and the evaluated vendors’ write ups of the results. It was a professionally executed and realistic...

read more
ICS Security Buzzword Rankings

ICS Security Buzzword Rankings

It's summer, and I'm on vacation. So here is a light, breezy article to not take too seriously. Below is my non-scientific, highly US influenced, filter bubble warning, rankings of the ICS buzzwords rated by popularity and impact. Ransomware ... Number 1 is an easy...

read more
Terminology and Tipping Points

Terminology and Tipping Points

The cybersecurity community loves a good terminology fight, and the ICS (if that is the right term) security community niche is no different. A recent and predictable raging discussion on a popular email list on a single term is the latest example. It's not surprising...

read more
Key Management and ICS … Time To Stop Hand Waving

Key Management and ICS … Time To Stop Hand Waving

There has been so little cryptography in OT / Purdue Levels 0 - 2 that managing the keys for cryptography has not been much of an issue. And the lift to get encryption and authentication into OT is so heavy that even those of us who know the importance of key...

read more

GET DALE'S ICS SECURITY NEWS & NOTES EMAIL EVERY FRIDAY

UPCOMING EVENTS

S4x22 ... 25-27 Jan 2022 in Miami South Beach

Save the date. Big comeback event after one year off!

2021/2020 Past Events

Accenture Operation: Next Closing Keynote ... March 24th

Dale will speak on Creating The Future of OT and ICS Security

ICS CYBERSEC 2021 Israel ... February 11th

Dale spoke on the topic of Less

Fortinet Secure OT 2020 Virtual 

Dale's keynote on Innovation Through Disruption.

Hack The Capitol Virtual

Led panel discussion on VC for ICS Security companies

OT-ISAC Virtual Keynote

ICSJWG Virtual Meeting

The Future of ICS Security Products (video)

S4x20 in Miami South Beach

See the videos from the event.