Moody’s Cyber Risk Heat Map

Moody’s Cyber Risk Heat Map

I had Jim Hempstead of Moody's Investors Service on a recent episode of the Unsolicited Response Show. There are two items related to Moody's reports this fall that are worth a deeper look. This week's article is on the Moody's Cyber Risk Cyber Heat Map and next...

read more
The S4 SBOM Challenge

The S4 SBOM Challenge

First, I’m excited to announce that Idaho National Laboratory (INL) will be running the SBOM Challenge at S4x23 next Feb 14-16 in Miami South Beach. Virginia Wright and Ethan Huffman will be leading the team there. We learned from our two OT Detection Challenges that...

read more
Project: DFIR for PLCs (and other OT Embedded Systems)

Project: DFIR for PLCs (and other OT Embedded Systems)

I frequently pound CISA for not having metrics. What are they trying to do and how will we know if it's working or not? So, #walkthetalk. We have goals and associated metrics to measure the success of S4. For example, one goal and metric related to our Create The...

read more
OT Cyber Security Regulation (if I were omnipotent)

OT Cyber Security Regulation (if I were omnipotent)

Since the early days of NERC CIP I have been unable to identify what I would do for OT Critical Infrastructure Cyber Security Regulations if I were omnipotent and could specify and enforce whatever I thought would work. After spending a week in Singapore this July...

read more
What Will Determine Near Term SBOM Winners (Part 2)

What Will Determine Near Term SBOM Winners (Part 2)

As I wrote two weeks ago, in the medium to long term the winners in the OT SBOM market will be those who can effectively play the SBOM/VEXie middleman between vendors and asset owners. The ability to create SBOMs won’t be a determining factor. But competitors need to...

read more
What Will Determine Near Term SBOM Vendor Wins? (Part 1)

What Will Determine Near Term SBOM Vendor Wins? (Part 1)

Last week’s article covered analysis on how the SBOM market winners will be determined by who can best play the role of middleman between the large number of ICS vendors and the even larger number of ICS asset owners. This week let’s look at what will lead to sale's...

read more
ICS SBOM Market Winners

ICS SBOM Market Winners

The image in this article is what I believe will determine winners and losers in the SBOM marketplace. Who will develop and implement the best business model of mediating the need for vendors to provide and asset owners to access SBOMs with VEXies. Here is my...

read more
SBOM In OT: Near Term Wins & Long Term Work

SBOM In OT: Near Term Wins & Long Term Work

Based on the early stage venture funding, the SBOM, or software / firmware visibility and risk analysis, product segment appears to be potentially the next big thing in the OT security category. It's in a similar place as the OT detection and visibility product...

read more
The Differences

The Differences

Last week I was in Singapore at the CSA OTCEP event. You notice the differences between Singapore and the US as soon as you step into the airport and go through customs.  There at least three major differences that apply to a government succeeding in managing a...

read more

GET DALE'S ICS SECURITY NEWS & NOTES EMAIL EVERY FRIDAY

UPCOMING EVENTS

OTCEP Forum ... July 12-13 in Singapore

Dale will give his Security Truth or Consequences keynote and participate in panels.

S4x23 ... 13-16 Feb 2023 in Miami South Beach

Save the date. For the biggest and most future focused on ICS Security Event.