A lot of content about the recent SEC rules around cyber security and cyber incidents is missing the mark, imo. No Change Companies already had the requirement to report any unscheduled material event, including cyber incidents that had a material impact,...
Digital Bond was born on October 5, 1998. We turn 25 this month. In this article I’ll crow a bit about successes and joy. Last week I covered failures and lessons learned. Nurturing Talent Most of the first 15 years were spent trying to grow a ICS security consulting...
Digital Bond was born on October 5, 1998. We turn 25 this month. In this article I’ll highlight the biggest failures and lessons learned, and next week I’ll crow a bit about the success. Swing(s) And A Miss In 1998 the dot com bubble was ballooning. With...
The classic 5 x 5 risk matrix with consequence broken out by category: financial, health & safety, customer impact, and reputation. Create scenarios and see where they fall on the martrix, with the ever present challenge of determining likelihood. The first...
There has been a steady series of announcements over the last four years of the largest ICS vendors, Emerson, Honeywell, Scheider Electric, Siemens, Yokogawa, etc., offering OT security services and security products. The marketing and sales of these solutions tends...
I performed my first ICS cybersecurity risk assessment in 2000 for a large water utility. Eye opening to the power of automation and lack of cybersecurity and cyber maintenance. In the six years that followed, the Digital Bond team performed numerous assessments and...
Two weeks ago I wrote Not OT v IT … It’s OT & Engineering. While the article received a lot of positive comments, the most emphatic comments were from a small number of engineers and automation professionals who essentially said: We’ve got this....
Cyber Informed Engineering (CIE), Secure By Design, SBOMs for all and everywhere, and large monitoring networks bringing back all sorts of data for visibility and analysis. These large programs, largely driven by government, make so much sense. Who...
I spent the week in Singapore participating in CSA’s OTCEP event. While reduced from year’s past, there still were a number of slides and discussions how IT is different than OT. I’m not sure what’s more wrong in this discussion: straw man or lack of understanding of...
CISA has issued a large number of documents during the Biden administration. Perhaps a flood the zone strategy to prove they are on it and how much they care. I’ve admittedly become a bit numb to reading them as they preach good practices for others with little...
