Two OT Security Debates

Two OT Security Debates

We’ve had some great debates on the S4 stage. One of my favorites was a debate I had with Eric Byres entitled Is Eric Byres a SCADA Apologist or a SCADA Realist?. The key to a good debate is to find an issue where a 10% – 25% minority of the audience has a...
Water Treatment Honeynet Incident Analysis

Water Treatment Honeynet Incident Analysis

Forescout’s Verdere Labs reported that a honeynet posing as a water treatment system was compromised by TwoNet, a Russian-aligned group. According to the blog entry TwoNet caused: Defacement: Login page changed to HACKED BY BARLATI, F*** Process Disruption:...
OT Is The Venice Of Security Infrastructure

OT Is The Venice Of Security Infrastructure

I get tired of writing that 90%+ of the OT protocols used to communicate with PLC’s and other Level 1 devices (and Level 0 … hello Joe) are insecure by design. They lack cryptographic authentication of the source or contents, intentionally. They were...
What Is The True Level Of OT Cyber Incidents?

What Is The True Level Of OT Cyber Incidents?

This article attempts to frame the question after my back and forth with Robert M. Lee last Friday. Question: How many cyber attacks are resulting in non-trivial consequence events in OT / Operations? Stipulation 1: Ransomware and other causes of outages on IT cyber...
Disconnected: Manufacturing and OT Security

Disconnected: Manufacturing and OT Security

Last week I attended Inductive Automation’s Ignition Community Conference (ICC). Primarily to get smarter on what’s going on in bleeding edge manufacturing, but also to verify and understand why there is a disconnection between manufacturing automation /...
My OT Security Vendor Was Aquired … What Should I Do?

My OT Security Vendor Was Aquired … What Should I Do?

Here is an anonymized question I received after the Mitsubishi Electronics acquisition of Nozomi Networks. I have a project ongoing right now to select an asset inventory/detection product. This news hit right before our proof of concept phase, and obviously I...
We Won, We Lost (Part 2)

We Won, We Lost (Part 2)

Check out Part 1 here. We Won: An OT Security Community There is a thriving OT security community in 2025. This is a huge win. We started S4 in 2007 because there was no place where one of our researchers could present the first publicly disclosed OT vulnerabilities...
We Won, We Lost (Part 1)

We Won, We Lost (Part 1)

It’s been 24 years since the 9/11 attacks, and the beginning of serious OT security concerns. It’s been 15 years since Stuxnet was discovered. The results are an odd dichotomy. We Won – The Impact Of OT Cyber Incidents Has Been Minimal Experts have...
USG Reset … What About Private Industry?

USG Reset … What About Private Industry?

I had a number of public comments and private “yes, and” conversations after last week’s US Government (USG) Reset article similar to: just as government needs to show results, so does industry. Outside of entrenched, IT specific security providers,...
US Government Reset On OT Security Is An Opportunity

US Government Reset On OT Security Is An Opportunity

CISA and other US government departments have accomplished little in OT cyber security and risk management over the past two decades. There has been an increase in funding and activity, not results. While the loss of talent and capability this year in the USG is...