3 Jun 2025 | 2025
Most years we include a secure coding session on S4’s Stage 2 Technical Deep Dives. This year it was Colin Breck’s: It’s Not As Simple As “Use A Memory Safe Language”. The session drew a small audience, even though it was given a...
27 May 2025 | 2025
It’s been over five years now since the OT Asset Inventory and Detection market sorted itself out. The top tier has changed little. The increased acceptance of cloud-based solutions has helped Armis join original top tier vendors Claroty, Dragos, and Nozomi....
20 May 2025 | 2025
False One of the most common OT Security mantras this decade is “You Can’t Protect What You Don’t Know”. Those who say this are almost always saying you can’t protect your OT environment without a detailed and accurate OT cyber asset inventory. This is...
14 May 2025 | 2025
I’ve had the chance to interview the last three leaders of DHS’s OT security efforts at S4 (only missing out on Seán Paul McGurk). For good or bad, the message has been consistent. Emphasis on information sharing, public / private partnership, new .gov...
6 May 2025 | 2025
A large part of OT Security marketing is based around anecdotes. Some anecdotes are real. This small water utility was hacked and a tank overflowed. This manufacturer had ransomware and had to shut down certain factory operations for three days. This rail system was...
30 Apr 2025 | 2025
Frenos is hot. They won the Datatribe Challenge, and then raised $3.88M in a seed round led by Datatribe. They got Rob Lee on their Advisory Board. And the founders have hired some well known talent in the space such as Tony Turner and Vivek Ponnada. There...
22 Apr 2025 | 2025
Love this comment from Bryan Owen on one of my posts. Discovering ICS vulns is so yesterday, discovering implants is the new, new thing. In observation, there needs to be more emphasis and coverage on discovered implants… otherwise sponsors of defensive programs...
15 Apr 2025 | 2025
OT Security needs metrics. I originally wrote more metrics, but we have almost no metrics. We includes asset owners, governments, vendors, industry groups, … We shouldn’t be funding anything that doesn’t include a hypothesis and a metric that will...
8 Apr 2025 | 2025
You just discovered OT. Maybe you’re in IT and got a tour of your company’s factory or mill. Maybe you went down a rabbit hole on some site or social media and learned about it. You want to share this world, and more often than not it leads to an article...
7 Apr 2025 | 2025
All Sides Accept Some Level Of Compromise Of Critical Infrastructure For Reconnaissance and Pre-Positioning If you want to understand US government cyber strategy, offense and defense, you need to master Cyber Persistence Theory. The US would argue they didn’t...
