ICS Security Patching: Never, Next, Now
This week we published the S4x19 video on three proposed revisions to the Common Vulnerability Scoring System (CVSS) for ICS vulnerabilities. It’s worth a watch and hopefully it will be one more trigger for ICS-CERT to earn the “ICS” in their title...
20 Years of Digital Bond
In October 2018, Digital Bond turned 20. I thought before moving on to 2019 and starting our 21st year I’d reminisce a bit and thank the many employees over the past 20 years (see the list at the end of the article). Roger Collins and I started Digital Bond with $75K...
It’s Not OT v. IT
It’s How Do We Best Build OT Teams & Programs My last post, Best Raw Material for an Operations Technology (OT) Team, received many comments on LinkedIn. A lot of the discussion devolved into the old IT v. OT discussion, partially due to my flippantly...
Best Raw Material for an OT Security Team
One of the topics we tackled in a panel at the Asia ICS Cyber Security Conference last week in Singapore was how best to grow the Operations Technology (OT) Security workforce. Early in his conference introduction Dan Ehrenreich showed a diagram similar to above with...
ICS / IIoT Market Segmentation Needed So We Can Communicate Effectively
There have been many events and data points that show even people knowledgeable in ICS and security are having difficulty communicating together because we have different views and experiences on what an ICS is. The latest example is Kaspersky’s Threat Landscape...
ICS Product Categories and Composition
Thinking Out Loud … The ICS Detection market is new and highly competitive as covered in an early article. A question as interesting as who will be the winners in this market, is what the composition and capabilities of the winning solutions will be? The diagram...
Two Real Questions on the Weissian Crusade for Securing Process Sensors, Actuators and Drives
I like to call ICS security legend Joe Weiss the Paul Revere of the community. In the five years after the Sept 11th attacks, he was the most effective advocate and loudly carried the message that we have a huge risk that was not being addressed. He didn’t stop...
The Future of the ICS Cyber Security Detection Market
The ICS Cyber Security Detection market has 20+ vendors chasing this niche with most focused on passive network monitoring to create an asset inventory and identify cyber incidents. I’ve written on this developing market, interviewed participants on stage and in...
Let’s Kill (Or Correct) The Term “Cyber Hygiene” In ICS
Hygiene was obviously selected by Andy and many others because it is easy to understand from its common usage, and who can possibly be against hygiene. Wash your hands before eating. Brush your teeth. Take a bath or shower. Change into clean clothes. Oh yes, we need cyber hygiene.
The easiest way to see the misuse and flaws in this term is that periodic wellness exams and vaccinations are not hygiene. Not everything a person does, and little a person has done for them, to maintain health is considered hygiene.
If we must keep the term cyber hygiene, then cyber hygiene should only include: