17 Oct 2023 | 2023
A lot of content about the recent SEC rules around cyber security and cyber incidents is missing the mark, imo. No Change Companies already had the requirement to report any unscheduled material event, including cyber incidents that had a material impact,...
10 Oct 2023 | 2023
Digital Bond was born on October 5, 1998. We turn 25 this month. In this article I’ll crow a bit about successes and joy. Last week I covered failures and lessons learned. Nurturing Talent Most of the first 15 years were spent trying to grow a ICS security consulting...
3 Oct 2023 | 2023
Digital Bond was born on October 5, 1998. We turn 25 this month. In this article I’ll highlight the biggest failures and lessons learned, and next week I’ll crow a bit about the success. Swing(s) And A Miss In 1998 the dot com bubble was ballooning. With...
26 Sep 2023 | 2023
The classic 5 x 5 risk matrix with consequence broken out by category: financial, health & safety, customer impact, and reputation. Create scenarios and see where they fall on the martrix, with the ever present challenge of determining likelihood. The first...
19 Sep 2023 | 2023
There has been a steady series of announcements over the last four years of the largest ICS vendors, Emerson, Honeywell, Scheider Electric, Siemens, Yokogawa, etc., offering OT security services and security products. The marketing and sales of these solutions tends...
12 Sep 2023 | 2023
I performed my first ICS cybersecurity risk assessment in 2000 for a large water utility. Eye opening to the power of automation and lack of cybersecurity and cyber maintenance. In the six years that followed, the Digital Bond team performed numerous assessments and...
5 Sep 2023 | 2023
Two weeks ago I wrote Not OT v IT … It’s OT & Engineering. While the article received a lot of positive comments, the most emphatic comments were from a small number of engineers and automation professionals who essentially said: We’ve got this....
29 Aug 2023 | 2023
Cyber Informed Engineering (CIE), Secure By Design, SBOMs for all and everywhere, and large monitoring networks bringing back all sorts of data for visibility and analysis. These large programs, largely driven by government, make so much sense. Who...
22 Aug 2023 | 2023
I spent the week in Singapore participating in CSA’s OTCEP event. While reduced from year’s past, there still were a number of slides and discussions how IT is different than OT. I’m not sure what’s more wrong in this discussion: straw man or lack of understanding of...
15 Aug 2023 | 2023
CISA has issued a large number of documents during the Biden administration. Perhaps a flood the zone strategy to prove they are on it and how much they care. I’ve admittedly become a bit numb to reading them as they preach good practices for others with little...
