The Big Miss In The National Cybersecurity Strategy

The Big Miss In The National Cybersecurity Strategy

The Biden Administration released the new US National Cybersecurity Strategy last week (fact sheet and full document). I'm still puzzled on the timing, weeks after Chris Inglis leaves as National Cyber Director, and with no replacement announced (Kemba Walden is...

read more
Explore … S4x23 Intro

Explore … S4x23 Intro

How much do we really know about how to reduce outages due to a cyber attack?  We have over 1,000 of the worlds' foremost experts on defining and implementing OT security good practice in this room. If we had 1000 of the foremost doctors from 300 years ago at...

read more
What’s In A Name

What’s In A Name

The ICS security community often has instances were very talented, hardworking people spend days arguing about high level terminology. Passionate, well thought out, and well written or spoken content on why one term is better than another. This happens on a variety of...

read more
IEC 62443’s Future … Encyclopedia Brittanica and AI

IEC 62443’s Future … Encyclopedia Brittanica and AI

It happened again in the comments ... IEC 62443 covers this topic. Last week I wrote about vendors providing patch compatibility information as a first step down the SBOM path of automating the providing, importing and use of information. Vendors are testing patch...

read more
How Many ICS-OT Directed Attacks In 2022?

How Many ICS-OT Directed Attacks In 2022?

Daniel Ehrenreich posited in a LinkedIn comment that the number of ICS-OT directed attacks in a year is in the two digits range (10 - 99). My definition, not Daniel's, of an ICS-OT directed attack is an attack that is designed to compromise the availability or...

read more
Protect What You Don’t Know

Protect What You Don’t Know

Much of the OT and ICS security community's efforts and focus in recent years have been placed on creating and maintaining an OT cyber asset inventory. Now we are hearing it is not enough to know basic information such as vendor, OS, application, version numbers, and...

read more
Don’t Cry For The Cyber Insurance Industry

Don’t Cry For The Cyber Insurance Industry

The hand wringing about cyber insurance rate increases, effectiveness and even future viability have come in a steady stream the last two year. I don't claim to be an insurance expert, but I have come across some helpful numbers in a Moody's Investor Services Report...

read more
Moody’s Cyber Risk Heat Map

Moody’s Cyber Risk Heat Map

I had Jim Hempstead of Moody's Investors Service on a recent episode of the Unsolicited Response Show. There are two items related to Moody's reports this fall that are worth a deeper look. This week's article is on the Moody's Cyber Risk Cyber Heat Map and next...

read more

GET DALE'S ICS SECURITY NEWS & NOTES EMAIL EVERY FRIDAY

UPCOMING EVENTS

S4x24 ... 4 - 7 March 2024 in Miami South Beach

Save the date. For the biggest and most future focused on ICS Security Event.