OT Security and the Family Budget
Many responsible for addressing OT cyber risk have difficulty getting budget for their efforts. There are a long list of reasons including: They have not experienced a loss due to an OT cyber incident. They are viewed as spreading FUD because they have not experienced...
OT Detection Market – Q2 2023 Update
It has been 18 months since my last OT Detection Market Update. The market shook itself out in 2020/2021 and changes have been smaller. No serious new competitors entering. The VC money coming into the space is greatly reduced, although this is likely due to economic...
OT Security Cover Songs
I'm a big fan of cover songs. Not the covers that become more popular than the original. Rather the odd cover that it takes you 5 seconds to realize it's a cover of a song you know and like. They're not always good, rarely better, but often interesting. A lot of what...
Unwarranted Confidence On Mount Stupid
The OT and ICS security community has unwarranted confidence in our ability to manage OT cyber risk. I write this as someone who has been working on this problem for 23 years now and has finally descended Mount Stupid and is making my way out of...
Three Thoughts On The OT Security Workforce
1. Turning Down The Demand Curve A market has a supply curve and demand curve. Most OT security workforce shortage discussions focus on the lack of supply, the lack of the people in the field. This is to be expected for a new career category and with many companies...
The ETHOS Of Unusual Cooperation
There was a surprising announcement yesterday in the OT detection space with the creation of the Emerging Threat Open Sharing (ETHOS) organization, open source project and development plan. Surprising because of the members. The big three in OT detection:...
Will CISA Push Finally Lead To OT Secure By Default?
Last week CISA published Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default. While most of the attention has been on Security by Design, Security by Default can be a much more immediate result and a long...
Wanted: Cognitive Diversity In OT Security
We have a diversity problem in OT security. The obvious lack of diversity is social diversity. Racial, gender and even age diversity. It's important the community is taking this seriously and making progress. However there is another type of diversity lacking...
Another Swing At Chat62443
A Seth Godin blog and Peter Drucker daily digest one day last week brought me back to my IEC 62443's Future ... Encyclopedia Brittanica and AI article, originally published in January 2023. The article raised the ire of many on the 62443 committee, primarily...
New Recipe for Governments: Stop!, Hypothesis and Metric, Falsify Criteria
Governments have greatly increased the activity level on addressing OT security. Unfortunately, much, if not most, of the activity is wasted. I’ll use the US Dept of Energy’s CESER program as the example. This recipe applies to all government organizations, US and...
GET DALE'S ICS SECURITY NEWS & NOTES EMAIL EVERY FRIDAY
Article Archive By Year
Article Archive By Category
UPCOMING EVENTS
ICSJWG ... 9 - 11 May 2023 in Salt Lake City
I'll be giving my Security Truths and Consequences keynote at this free DHS event on May 10th.
S4x24 ... 4 - 7 March 2024 in Miami South Beach
Save the date. For the biggest and most future focused on ICS Security Event.