1 Dec 2025 | A Year In OT Security
ICS in OT have achieved very high availability due to redundancy. This high availability decreases the frequency that backups are needed for recovery, and this often leads to less rigor in the backup process. This week’s task is to verify you can answer yes to the...
24 Nov 2025 | A Year In OT Security
Your company has had a cyber incident that impacts OT and Operations. You may need to communicate with your customers, investors, media, regulators, government agencies and others. While the details of the cyber incident will affect what is said, your company should...
17 Nov 2025 | A Year In OT Security
Regardless of your OT incident response plan status, non-existent to mature and tested, this week’s task is to identify the OT incident response team members. If you had an OT cyber incident, who would you involve in the response? List them and their roles / area of...
10 Nov 2025 | A Year In OT Security
Does your detection work? Will it identify aspects of a cyber attack as designed? Will it present the events / alerts / information to the appropriate role? Does that role understand their Call Outs? This week you will test each detection source and each Call Out...
3 Nov 2025 | A Year In OT Security
Call outs are common in Operations. If this happens, contact this person, take this action, watch this reading, order this maintenance, … Your task this week is to create OT detection call outs, the beginning of response. These call outs are actions assigned to roles....
27 Oct 2025 | A Year In OT Security
In Week 42 you decided what detection sources you will monitor and analyze. Now you need to make it happen. Develop and start implementing a plan to monitor and analyze each OT detection information source above the line in Week 42. The task this week is to, at...
20 Oct 2025 | A Year In OT Security
Security logs are essential in incident response and after incident investigations. Do you know: What OT security related logs you have? where they are? where they’re archived? who is responsible for the log? would the log still be available after a cyber incident? ...
13 Oct 2025 | A Year In OT Security
This week’s task is simple. Draw a line on the prioritized list of OT detection information sources you created last week. Everything above the line you are committed to monitoring, analyzing, and acting on alerts. Everything below the line is a future detection...
6 Oct 2025 | A Year In OT Security
Before you go out and spend a lot of resources to purchase, deploy, and run a sophisticated OT cyber detection system, ask yourself if you are taking advantage of existing, higher fidelity detection sources. This week’s task is to use interview and brainstorming...
29 Sep 2025 | A Year In OT Security
Access control is one area where ICS have had robust security controls for decades. These access controls can be customized down to the point or tag level, although this is rarely required. Remember our goal is to enforce least privilege. A user should only be able to...
