I have seen it. I know you have probably seen it too. It’s that dreaded “Convergence of IT and OT”. It’s the buzz-phrase that just won’t quit. Another buzz-phrase that I keep seeing is Industry 4.0. Most people who toss these terms around are probably not aware of the starkly different philosophies behind them. Convergence […]
Category: General Topic
Animated logo?
I’ve been noodling around with developing an animated intro for SCADASEC. Based on the consensus of 8 individuals, this was the intro that they thought would have the best impact. My thanks to those who’ve agreed to vote on our new animated logo – thank you. Comments made included providing something ‘hard code’, theatrical, and […]
Tale of Two Conferences on protecting critical infrastructure: it was the best of times, it was the worst of times.
Last week I attended two conferences where protection of critical infrastructure were common themes: one focused more on the technical aspects and the other on international security policy. The first was a virtual plenary session of the International Society for Automation (ISA)[1] Committee 99 which is working on updating the standard for Industrial Automation and […]
New SCIDMARK Cases (as of 12-Oct-2020)
[DATABASE UPDATE 12-Oct-2020] There are new SCIDMARK cases that have been added to the database. You may access them via our main web site at: http://scidmark.com. 00012 – BP – Plant Explosion00013 – Texaco Ltd UK – Plant Explosion00015 – Zausner Foods – Milk Spill00016 – Manatee County Utility – Sewage Spill00019 – Wind Turbine […]
SCIDMARK is UP…!!!
After 5 years of research and hard work, Project SCIDMARK†1 is online. Announced back in October 2015 at the ICS Conference in Atlanta, GA, we feel that the current product is ready for use. As we have several thousand cyber-related events and incidents, the initial christening of the product will have only 11. This is […]
A Modern Jabberwock
Twas SCADA and the slimey toovesDid consult and gyre in the RoomAll Flimsy were the ArTeeYewsAnd Field Rats all agloom Beware the Jabber-hack my daughterThe bits that byte, the worms that lurkBeware the heartbleed, and please slaughterThe awful frumious Trisys work She took her Laptop Kali FreeLong time she gazed at WiresharkSo Rested by the […]
Is there a problem with our understanding of the terms IT, OT and ICS when seeking to protect critical infrastructure?
I remember participating in a work group composed of national representatives tasked with coming up with norms for confidence and security building measures (CSBM) for states to follow in cyberspace. This was quite exciting to be a part of at first, but the discussions slowed down when a representative of a cyber-superpower raised the issue of […]
Zero Trust and ICS
The goal of Zero Trust is getting data securely across network, storage, and computing infrastructure you may not trust. The message is usually between two software entities that are trusted with human beings behind them. But that’s not what happens in an Industrial Control System, such as a DCS or a PLC based plant system. […]
Focus on Integrity
There may be a few people who are puzzled by why I referred to PLC Security as “security.” And this brings me to an often forgotten part of the AIC security triad. Yes, there is Availability. There is Confidentiality. You tend to see a lot of discussion about the former among ICS security people. You […]
Could you also have an engineer’s Security Operations Center (SOC) rather than an IT/OT SOC?
I recently watched a webinar on industrial control system security[1] and asked a question during the Q and A. My question was „Could you also have an engineer’s SOC rather than an IT/OT SOC?“. My motive for asking this question was based on my understanding that the tradition enterprise SOC is IT oriented (office LAN/WAN, […]