The Biden Administration released the new US National Cybersecurity Strategy last week (fact sheet and full document). I’m still puzzled on the timing, weeks after Chris Inglis leaves as National Cyber Director, and with no replacement announced (Kemba Walden is...
Part 1: Debilitating Effect Anne Riberio, an excellent & prolific reporter on the ICS security beat for Industrial Cyber, wrote about the ransomware attack causing outages at Dole last week. It begins with The recent ransomware attack on food giant Dole plc...
How much do we really know about how to reduce outages due to a cyber attack? We have over 1,000 of the worlds’ foremost experts on defining and implementing OT security good practice in this room. If we had 1000 of the foremost doctors from 300 years ago...
The ICS security community often has instances were very talented, hardworking people spend days arguing about high level terminology. Passionate, well thought out, and well written or spoken content on why one term is better than another. This happens on a variety of...
It happened again in the comments … IEC 62443 covers this topic. Last week I wrote about vendors providing patch compatibility information as a first step down the SBOM path of automating the providing, importing and use of information. Vendors are testing patch...
Daniel Ehrenreich posited in a LinkedIn comment that the number of ICS-OT directed attacks in a year is in the two digits range (10 – 99). My definition, not Daniel’s, of an ICS-OT directed attack is an attack that is designed to compromise the...
Awareness and activity increased in 2022 on OT vulnerability management, and it will likely increase even more in 2023. OT detection products’ key selling proposition is asset inventory, vuln management and increasingly mapping this information to risk scores. Same...
