The Future of the ICS Cyber Security Detection Market

The ICS Cyber Security Detection market has 20+ vendors chasing this niche with most focused on passive network monitoring to create an asset inventory and identify cyber incidents. I’ve written on this developing market, interviewed participants on stage and in...

Podcast: CCE with Andy Bochman of INL

Andy Bochman with INL joins me to discuss their Consequence-Driven, Cyber-Informed Engineering methodology (CCE). It is appealing because it places emphasis on the often neglected consequence part of the risk equation....
Michael Assante on the Podcast

Michael Assante on the Podcast

Michael Assante is my guest for this episode. He has a storied career and recently won the RSA Conference Award for Excellence in Information Security. Mike was the VP/CSO of NERC, active at INL in the Aurora demonstration, led the development and implementation of the SANS ICS Security Training program, and even began working as CSO for an electric utility. We talk about driving change, what regulation would work, the lessons learned and failures of Aurora and much more.

Let’s Kill (Or Correct) The Term “Cyber Hygiene” In ICS 

Hygiene was obviously selected by Andy and many others because it is easy to understand from its common usage, and who can possibly be against hygiene. Wash your hands before eating. Brush your teeth. Take a bath or shower. Change into clean clothes. Oh yes, we need cyber hygiene.

The easiest way to see the misuse and flaws in this term is that periodic wellness exams and vaccinations are not hygiene. Not everything a person does, and little a person has done for them, to maintain health is considered hygiene.

If we must keep the term cyber hygiene, then cyber hygiene should only include:

What’s Happening At ICS & IT Security Conferences

In the last two months Bryan Owen attended the SANS ICS Security Summit, DHS ICSJWG, RSA, OSIsoft’s PI World, and LOGIIC (Oil/Gas/Gov consortium). Since most listeners like me aren’t able to attend these events I thought we could find out what’s...

The Big Remaining Stuxnet Question

As we get ready to hear if President Trump will pull the US out of the Iran Nuclear Deal, it’s worth revisiting the big remaining question and underreported story on Stuxnet: Why Did The US Government Not Care If Or Want Iran To Discover Stuxnet? Full credit for...

Press Coverage of ICS Security

This was a fun panel discussion on the S4x18 Main Stage with Kelly Jackson Higgins of Dark Reading and Jim Finkle of Reuters. We covered a lot of grounds in a frank discussion including: Who is your reader?...


Nassim Taleb discusses the concept of Iatrogenics in his book Antifragile. It is commonly applied to medicine, but Taleb applies it to the financial market and proposes it could be applied to other areas. We had a panel at S4x18 that dug into the issue of how to determine when security controls are doing more harm than good.

I was joined on stage by Jake Brodsky and Joel Langill. Jake is famously conservative when it comes to applying security controls, and Joel is a big proponent of some security controls that Jake would pass on. And all three of us are highly opinionated, so it made for an interesting discussion.

S4x18 Debate: Enterprise SOC or OT SOC?

S4x18 Debate: Enterprise SOC or OT SOC?

This was a great debate from S4x18. Many owner / operators have an Enterprise Secure Operations Center (SOC), and they are considering how best to handle OT incident detection and response. There are two main approaches: 1. Add OT data and incident response capabilities to an Enterprise SOC or 2. Set up and run a SOC dedicated to the OT environment.



Dale Peterson interviews the ICS Detection Challenge Winner – Claroty and the runners up – Nozomi and Security Matters. They discuss where the competitors did well, how the products are likely to improve in the future, and what the future direction of the ICS product detection category is likely to be.