Podcast: Maritime Cybersecurity

Podcast: Maritime Cybersecurity

In a recent article a researcher proclaimed it’s “not hard for a hacker to capsize a ship at sea”. This was quickly followed by the Viking Sky cruise ship having its engines shut off due to a sensor reading. Episode 2019-5: Maritime Cybersecurity Not...
Book Review: Secure Operations Technology

Book Review: Secure Operations Technology

Summary: Andrew Ginter makes a plainspoken case for his view of what Secure Operations Technology (SEC-OT) means. The key point that diverges from the mainstream of ICS security thought is: Forbid firewalls as connection from ICS to IT networks – permit only...
Podcast: RSA Conference / ICS Village Report

Podcast: RSA Conference / ICS Village Report

  I went back to the RSA Conference for the first time in over a decade. Here is my 25-minute report on the event for those considering attending or participating in the future. http://traffic.libsyn.com/unsolicitedresponse/RSA_2019-4.mp3   Includes: the...
An Interview with Robert Graham

An Interview with Robert Graham

I interviewed Robert Graham on the S4x19 Main Stage. Robert has an illustrious career in cyber security products including the creator of BlackIce and the first network IPS. We brought him to the S4 Stage for his contrarian views....
Organization and Expectations for ICS Detection

Organization and Expectations for ICS Detection

The cases being made in ICS owner / operator companies for the “best” organizational structure for ICS detection, and response, are heartfelt, well considered and often at great variance with one another. The case for Operational Technology (OT) SOC vs....
ICS Security Patching: Never, Next, Now

ICS Security Patching: Never, Next, Now

This week we published the S4x19 video on three proposed revisions to the Common Vulnerability Scoring System (CVSS) for ICS vulnerabilities. It’s worth a watch and hopefully it will be one more trigger for ICS-CERT to earn the “ICS” in their title...
Is The Purdue Model Dead?

Is The Purdue Model Dead?

This episode of the Unsolicited Response Podcast features a discussion on the S4x19 Main Stage with Brad Hegrat, Joel Langill and Dale Peterson. The question: Is the Purdue Model Dead? http://traffic.libsyn.com/unsolicitedresponse/2019-2-Final-2-Purdue.mp3   The...
Post Game Analysis: S4 ICS Detection Challenge

Post Game Analysis: S4 ICS Detection Challenge

How do you pick between 20+ ICS Detection and Asset Inventory solutions who are all claiming to be the best? The ICS Detection Challenge was designed to provide asset owner / potential customers with an unbiased technical comparison. S4x19 ICS Detection Challenge As...