Cybersecurity policy for critical infrastrcuture

State of ICS Cybersecurity and Critical Infrastructure: Half empty, Half full, or Stay Focused on the Quest?

General Topic 21-March-2023 Vytautas Butrimas

A colleague recently expressed some dismay over the lack of progress in ICS cybersecurity in the past 20 years. He has a point, but I had to respond. Below is a copy of my response and hope it will be taken as something “for the good of the Order”. “Yeah I hear ya, but the […]

Impressions of the U.S. National Cybersecurity Strategy of 2023

General Topic 15-March-2023 Vytautas Butrimas

Was busy at a resilience workshop in Germany last week when the buzz started to peak about the release of the latest version of the U.S. National Cybersecurity Strategy[1]. As someone who headed task forces to prepare the first Military Defence Strategy (2000) and first National Defense System Cybersecurity Strategy (2009) of Lithuania and served […]

School of Industrial Cybersecurity: time to review the curriculum

Critical Infrastructure 9-December-2022 Vytautas Butrimas

It is hard sometimes for me to watch the discussions on critical infrastructure protection taking place these days. Especially when it comes to cybersecurity practices and policies. The conferences, announcements of new national cybersecurity strategies, pronouncements of industry opinion leaders on the media, government publications on best practices, guides, books and last of all vendor […]

Policy makers these days give peculiar names to what they are protecting.

General Topic 16-May-2021 Vytautas Butrimas

“Abbott: Strange as it may seem, they give ball players nowadays very peculiar names”Costello: Funny Names?Abbott: On the St. Louis team we have “Who’s on first, What’s on second, I Don’t Know’s on thirdCostello: That’s what I want to find out. I want you to tell me the names of the fellows on the St. […]

We are not learning valuable lessons for protecting critical infrastructure.

General Topic 23-February-2021 Vytautas Butrimas

“Being aware of what is happening in cyberspace and communicating it to policy makers is not an easy task” On February 5th an engineer working for a small water utility in Florida noticed the mouse pointer moving on his SCADA control screen (where have we seen this before?). He watched in surprise as unauthorized changes […]

Could you also have an engineer’s Security Operations Center (SOC) rather than an IT/OT SOC?

General Topic 22-July-2020 Vytautas Butrimas

I recently watched a webinar on industrial control system security[1] and asked a question during the Q and A. My question was „Could you also have an engineer’s SOC rather than an IT/OT SOC?“. My motive for asking this question was based on my understanding that the tradition enterprise SOC is IT oriented (office LAN/WAN, […]

ICS cybersecurity at the crossroads: heading toward cyber peace or towards a “duty to hack”?

Critical Infrastructure, Policy 11-December-2017 Vytautas Butrimas

The year is ending and there have been several unsettling events in cyberspace this past year to reflect upon. They all seemed to have come together for me this past week as I completed my speaking engagements in Vilnius and in Garmische-Partenkirchen. The first conference was in Vilnius with the title “Baltic Energy Summit 2017 […]