Organized Abandonment of Security Controls (and costs)

Organized Abandonment of Security Controls (and costs)

Security controls accumulate, as do the costs of security controls. We see this in what is being lumped into ‘cyber hygiene’. We see it in cyber security standards and good practices. The set of security controls being added to government regulations and forceful...
Faith In The Future

Faith In The Future

I started Digital Bond in 1998 to develop a product to secure stock trading transactions over the Internet. A smart card (chip card) would be the second form of authentication and digitally sign every transaction for non-repudiation. This would prevent...
SAIDI: What Cyber Incidents Should Be Excluded From Metrics?

SAIDI: What Cyber Incidents Should Be Excluded From Metrics?

The System Average Interruption Duration Index (SAIDI) is a reliability metric used in the electric sector. It’s a measure of the average annual outage time for a customer. It can be measured by company, state, or country. The US data is available here....
Port of Nagoya Ransomware and Risk Management

Port of Nagoya Ransomware and Risk Management

The Port of Nagoya’s Port Unified Terminal System responsible for “managing the loading of containers” was infected with LockBit 3.0 earlier this month. This caused the largest port in Japan to stop operations for 2.5 days, and...
One-Way Data Diodes and School Zones

One-Way Data Diodes and School Zones

One-way / data diode / unidirectional technology is a powerful security control. It’s physics, rather than software so it can’t be hacked. It will only allow information to flow in one direction. When one-way is set up at a security perimeter it can allow...
Pursuit of Happiness

Pursuit of Happiness

On the 4th of July Americans are reminded of our Declaration of Independence. We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the...
Time and Expectations

Time and Expectations

The US Government’s Impact On OT Cyber Risk (Begins with the bad, and ends with the good) The US Government Hindering, Not Helping, Reduce OT Cyber Risk In The 1 To 3 Year Timeframe I’ve been frustrated with the mountains of OT security guidance and...
The Rationale Behind Recent OT Cybersecurity Layoffs

The Rationale Behind Recent OT Cybersecurity Layoffs

Multiple OT cybersecurity vendors have laid off employees in May and June. The largest layoffs came from two of the largest companies, Dragos and Nozomi. Many smaller vendors have laid off smaller numbers. Why?  The public answer is a lengthening sales cycle....
OT Security and the Family Budget

OT Security and the Family Budget

Many responsible for addressing OT cyber risk have difficulty getting budget for their efforts. There are a long list of reasons including: They have not experienced a loss due to an OT cyber incident. They are viewed as spreading FUD because they have not experienced...
OT Detection Market – Q2 2023 Update

OT Detection Market – Q2 2023 Update

It has been 18 months since my last OT Detection Market Update. The market shook itself out in 2020/2021 and changes have been smaller. No serious new competitors entering. The VC money coming into the space is greatly reduced, although this is likely due to economic...