“Discovering ICS Vulns Is So Yesterday”

“Discovering ICS Vulns Is So Yesterday”

Love this comment from Bryan Owen on one of my posts. Discovering ICS vulns is so yesterday, discovering implants is the new, new thing. In observation, there needs to be more emphasis and coverage on discovered implants… otherwise sponsors of defensive programs...
Mythology and Metrics

Mythology and Metrics

OT Security needs metrics. I originally wrote more metrics, but we have almost no metrics. We includes asset owners, governments, vendors, industry groups, … We shouldn’t be funding anything that doesn’t include a hypothesis and a metric that will...
Volt Typhoon Is A Fait Accompli In Cyber Persistence Theory

Volt Typhoon Is A Fait Accompli In Cyber Persistence Theory

All Sides Accept Some Level Of Compromise Of Critical Infrastructure For Reconnaissance and Pre-Positioning If you want to understand US government cyber strategy, offense and defense, you need to master Cyber Persistence Theory. The US would argue they didn’t...
Gresham’s Law – Part 2

Gresham’s Law – Part 2

Gresham’s law is a monetary principle stating that “bad money drives out good”. For example, if there are two forms of commodity money in circulation, which are accepted by law as having similar face value, the more valuable commodity will gradually...
Gresham’s Law – Part 1

Gresham’s Law – Part 1

Gresham’s law is a monetary principle stating that “bad money drives out good”. For example, if there are two forms of commodity money in circulation, which are accepted by law as having similar face value, the more valuable...
Does CambiOS Academy Shake Up The OT Security Training Market?

Does CambiOS Academy Shake Up The OT Security Training Market?

There were 12 organizations at the OT Security Training Roundup at S4x25. The entry bar was low. Buy a ticket and have an OT security training course to promote. The most noteworthy entrant was the launch of CambiOS Academy. The founders behind CambiOS Academy are a...
Gartner’s OT Visibility Magic Quadrant

Gartner’s OT Visibility Magic Quadrant

Advisory services vendor Gartner put out their magic quadrant for “CPS Protection Platforms” on February 12th. (Right in the middle of S4x25, coincidence?) Having covered this market since 2016, I have a few things to say about their magic quadrant and...
S4x25 Keynote: Your Value As An OT Security Professional

S4x25 Keynote: Your Value As An OT Security Professional

Here’s the text version of my S4x25 keynote delivered on Feb 12th. Of course you don’t get the seesaw that you have in the video. What are you worth? Not as a person. As an OT security professional. What’s your value? How much more is your value than a...