I had a number of public comments and private “yes, and” conversations after last week’s US Government (USG) Reset article similar to: just as government needs to show results, so does industry. Outside of entrenched, IT specific security providers,...
CISA and other US government departments have accomplished little in OT cyber security and risk management over the past two decades. There has been an increase in funding and activity, not results. While the loss of talent and capability this year in the USG is...
What Will Fall Next? A common refrain for any new proposed technology: It Won’t Work In OT. A short and incomplete list or examples: 90’s: Windows and Ethernet (yes, there was a battle with many experts insisting Windows workstations and servers connected by Ethernet...
We’ve received a few proposed sessions on quantum cryptography in OT in our S4x26 Call For Presentations. This isn’t new. We’ve received these every year this decade. They don’t get selected. Why? S4’s motto is Create The Future. While...
The US House Homeland Security Committee’s subcommittee on Cybersecurity and Infrastructure Protection is holding a hearing today entitled Fully Operational: Stuxnet 15 Years Later and the Evolution of Cyber Threats To Critical Infrastructure. Two of the four...
We can’t answer that question yet, and it’s the time to figure out how we will measure their effectiveness. The EU and its member states are working furiously to figure out how to regulate, implement, and audit the Cyber Resilience Act (CRA) and Network...
Let’s start with the data, then the analysis. Source: Notes on the data: A material cyber incident should be reported in an 8K as an Item 1.05. The SEC also encourages reporting of cyber attacks that are immaterial or pending material determination in an 8K as...
The warnings went out after the US bombing of the Iranian nuclear facilities. Be prepared for an increased likelihood of an Iranian cyber attack. Shields Up! This is reasonable, perhaps even responsible to give this warning. The problem is there is no real guidance on...
The application for S4x26 Proof of Concept (POC) Pavilion begins with a simple question. What problem is your product or service solving? The POC Pavilion will have a highly realistic asset owner OT environment. (You can watch the reveal of Pavilion provider, system,...
In a recent LinkedIn post Andrew Ginter made the case that legal liability is an argument for investing in cybersecurity. That those responsible for managing risk, and cybersecurity in particular, should put in place “reasonable” security controls to...
