It’s Out! Top 20 Secure PLC Coding Practices

It’s Out! Top 20 Secure PLC Coding Practices

It began with Jake Brodsky's S4x20 session on tips and tricks he had learned in his long career with a water utility to improve the resiliency, maintenance and security of a PLC and the underlying physical process. Today, it results in the release of Version 1.0 of...

read more
I’m Waiting For …

I’m Waiting For …

I'm waiting for a company that is ready for ransomware in the same way they would be ready for a weather event. Imagine something like the following response if this hypothetical company gets hit with ransomware: Today approximately 25% of our computers have been...

read more
Two Tracks Needed – Remedial and Create The Future

Two Tracks Needed – Remedial and Create The Future

In 2008 I had three US electric utility clients who were making impressive progress in securing their ICS used in generation and transmission. They had implemented the basic security controls and were pushing with questions like “what should we do next year to be more...

read more
Resilience Is More Than A Synonym For Security

Resilience Is More Than A Synonym For Security

The World Economic Forum (WEF) recently published Cyber Resilience in the Oil and Gas Industry: Playbook for Boards and Corporate Officers. This is timely coming weeks after the Colonial Pipeline incident, which was a resilience failure not an OT security failure....

read more
ICS Detection Market Update – Q2 2021

ICS Detection Market Update – Q2 2021

See previous analysis on my ICS Detection Market page. We Have A Winner The ICS Detection Market is the clear ICS security market winner of 2021 to date. Even before the Colonial Pipeline incident it was clear that well funded and relentless marketing by vendors in...

read more
3 Incident Response Playbooks for OT

3 Incident Response Playbooks for OT

If you will forgive yet another article inspired by the Colonial Pipeline incident ... it does represent the oldest of the three must have OT Incident Response Playbooks. Playbook 1 - Enterprise Network Compromised Pending additional details (this is written Monday...

read more
Requiring SBOMs And Their Impact On OT

Requiring SBOMs And Their Impact On OT

Hope, 1 Step Backwards, and Business Models Hope The concept and benefits of a software bill of materials (SBOM) is simple to understand. A SBOM is a list of all software in an application or cyber asset.  Vendors need to create and maintain a SBOM to have any...

read more
How Do We Solve The OT Cybersecurity Staffing Challenges?

How Do We Solve The OT Cybersecurity Staffing Challenges?

Three answers. 1. Women Women represent 51% of the population and 57% of the college graduates in the US. They comprise less than 10% of the OT Security workforce.  Solving the problem could be as simple as adding women to the OT Security workforce until they...

read more
Recommended Security Controls For Level 0 and Level 1

Recommended Security Controls For Level 0 and Level 1

Part 1: Awareness of Purdue Level 0 and 1 (In)Security Part 2: Properly Prioritizing Level 0 and Level 1 Security In this third and final article in my Level 0 / Level 1 security series the focus is on the appropriate security controls. Sensors and Sensor Data The...

read more

GET DALE'S ICS SECURITY NEWS & NOTES EMAIL EVERY FRIDAY

UPCOMING EVENTS

Accenture Operation: Next Closing Keynote ... March 24th

Dale will speak on Creating The Future of OT and ICS Security

S4x22 ... 25-27 Jan 2022 in Miami South Beach

Save the date. Big comeback event after one year off!

2021/2020 Past Events

ICS CYBERSEC 2021 Israel ... February 11th

Dale spoke on the topic of Less

Fortinet Secure OT 2020 Virtual 

Dale's keynote on Innovation Through Disruption.

Hack The Capitol Virtual

Led panel discussion on VC for ICS Security companies

OT-ISAC Virtual Keynote

ICSJWG Virtual Meeting

The Future of ICS Security Products (video)

S4x20 in Miami South Beach

See the videos from the event.