ICS Security Buzzword Rankings

ICS Security Buzzword Rankings

It’s summer, and I’m on vacation. So here is a light, breezy article to not take too seriously. Below is my non-scientific, highly US influenced, filter bubble warning, rankings of the ICS buzzwords rated by popularity and impact. Ransomware … Number...
Terminology and Tipping Points

Terminology and Tipping Points

The cybersecurity community loves a good terminology fight, and the ICS (if that is the right term) security community niche is no different. A recent and predictable raging discussion on a popular email list on a single term is the latest example. It’s not...
Key Management and ICS … Time To Stop Hand Waving

Key Management and ICS … Time To Stop Hand Waving

There has been so little cryptography in OT / Purdue Levels 0 – 2 that managing the keys for cryptography has not been much of an issue. And the lift to get encryption and authentication into OT is so heavy that even those of us who know the importance of key...
Will The Narrative Fallacy Leading To Satisficing?

Will The Narrative Fallacy Leading To Satisficing?

Alternate Title: Will We Require A Few OT Security Controls And Claim Victory? Nassim Taleb described the “Narrative Fallacy” in his book The Black Swan. We like stories, we like to summarize and we like to simplify… what I call the narrative...
Claroty Is Back In The Game

Claroty Is Back In The Game

The next (last?) phase of the OT Detection market as we know it began with Drago’s $110M round in December 2020. It was only a question of time until the other two major independent players, Claroty and Nozomi, responded. Last week Claroty announced they raised...
It’s Out! Top 20 Secure PLC Coding Practices

It’s Out! Top 20 Secure PLC Coding Practices

It began with Jake Brodsky’s S4x20 session on tips and tricks he had learned in his long career with a water utility to improve the resiliency, maintenance and security of a PLC and the underlying physical process. Today, it results in the release of Version 1.0...
I’m Waiting For …

I’m Waiting For …

I’m waiting for a company that is ready for ransomware in the same way they would be ready for a weather event. Imagine something like the following response if this hypothetical company gets hit with ransomware: Today approximately 25% of our computers have...
Two Tracks Needed – Remedial and Create The Future

Two Tracks Needed – Remedial and Create The Future

In 2008 I had three US electric utility clients who were making impressive progress in securing their ICS used in generation and transmission. They had implemented the basic security controls and were pushing with questions like “what should we do next year to be more...
Resilience Is More Than A Synonym For Security

Resilience Is More Than A Synonym For Security

The World Economic Forum (WEF) recently published Cyber Resilience in the Oil and Gas Industry: Playbook for Boards and Corporate Officers. This is timely coming weeks after the Colonial Pipeline incident, which was a resilience failure not an OT security failure....
ICS Detection Market Update – Q2 2021

ICS Detection Market Update – Q2 2021

See previous analysis on my ICS Detection Market page. We Have A Winner The ICS Detection Market is the clear ICS security market winner of 2021 to date. Even before the Colonial Pipeline incident it was clear that well funded and relentless marketing by vendors in...