The Security Floor … Not Secure By Design
It hit me during Megan Samford’s bullish comments on Secure By Design at the S4x24 Closing Panel. She believed it was possible to specify a minimum set of required security configuration parameters, development processes and security controls. While Megan referred to...
Gem: Minimal Viable Delivery Objective
This week a gem in the deluge of mostly repetitive cyber security information and initiatives coming out of the US Government. The President's Council of Advisors on Science & Technology (PCAST) issued their Strategy For Cyber-Physical Resilience. A lot of it is...
Volt Typhoon Is New Status Quo For ICS
Note: this article was triggered by a Dragos report and briefing Tuesday on Volt Typhoon (they call it VOLTZITE) and its potential future impact on cyber/physical systems. The real message, the key takeaway on Volt Typhoon for those running critical infrastructure ICS...
SEC Fines, Software Liability & Possible Consequences
Actions have consequences, intentional and unintentional. Last year the SEC provided specific cybersecurity disclosure rules. the Commission adopted final rules that will require public companies to disclose both material cybersecurity incidents they experience...
Support Vendor Laptops Continue To Be A Challenge
Most asset owners who have been working on OT security for 5+ years have dealt with the removable media risk. My preference is USB drives and other media dedicated to the OT environment; never used on another network. All needed software / firmware is brought through...
OT Security Unicorns
Aileen Lee coined the term Unicorn ten years ago. Unicorn: a VC-backed startup that has grown to be worth $1B+ within ten years. Aileen, now the Founder & Managing Partner of Cowboy Ventures, recently wrote the worth reading article Welcome...
Autonomous AI – – Understand The Future You Will Need To Secure and Defend
Guess the topic that produced the most S4x24 proposed sessions? AI, of course. All of the proposed sessions were on how GenAI, and other AI, would help cyber attackers and defenders. We selected two of these (more info below the line). It's important. What also is...
US Government: Guidance, Regulation, or Services?
There has been a deluge of guidance and services, and a growing desire to regulate, coming from the US Government in the last two years. A portion of that has been aimed at OT and ICS security. CISA has led the way in volume since Jen Easterly became Director. The...
Secure Default Configuration, Insecure By Design & Secure By Design
Admission: I’m adverse to large, multi-year programs. I don’t want to work on them, and I’m skeptical that they will achieve their goals. I favor a series of short term, quick and significant wins recognizing the Pareto Principle, 80/20 rule. My initial...
Advancing ICS Security Worthy Causes
We have two ways at S4x24 to raise awareness and advance worthy causes in OT & ICS Cybersecurity. There are 1,100 early adopters / influencers / people who drive change at S4x24. Grab their attention and jumpstart your worthy cause. Worthy Cause Exhibits We have...
GET DALE'S ICS SECURITY NEWS & NOTES EMAIL EVERY FRIDAY
Article Archive By Year
Article Archive By Category
UPCOMING EVENTS
S4x24 ... 4 - 7 March 2024 in Miami South Beach
Save the date. For the biggest and most future focused on ICS Security Event.