A colleague recently expressed some dismay over the lack of progress in ICS cybersecurity in the past 20 years. He has a point, but I had to respond. Below is a copy of my response and hope it will be taken as something “for the good of the Order”. “Yeah I hear ya, but the […]
Tag: Cybersecurity policy for critical infrastrcuture
Impressions of the U.S. National Cybersecurity Strategy of 2023
Was busy at a resilience workshop in Germany last week when the buzz started to peak about the release of the latest version of the U.S. National Cybersecurity Strategy. As someone who headed task forces to prepare the first Military Defence Strategy (2000) and first National Defense System Cybersecurity Strategy (2009) of Lithuania and served […]
School of Industrial Cybersecurity: time to review the curriculum
It is hard sometimes for me to watch the discussions on critical infrastructure protection taking place these days. Especially when it comes to cybersecurity practices and policies. The conferences, announcements of new national cybersecurity strategies, pronouncements of industry opinion leaders on the media, government publications on best practices, guides, books and last of all vendor […]
Policy makers these days give peculiar names to what they are protecting.
“Abbott: Strange as it may seem, they give ball players nowadays very peculiar names”Costello: Funny Names?Abbott: On the St. Louis team we have “Who’s on first, What’s on second, I Don’t Know’s on thirdCostello: That’s what I want to find out. I want you to tell me the names of the fellows on the St. […]
We are not learning valuable lessons for protecting critical infrastructure.
“Being aware of what is happening in cyberspace and communicating it to policy makers is not an easy task” On February 5th an engineer working for a small water utility in Florida noticed the mouse pointer moving on his SCADA control screen (where have we seen this before?). He watched in surprise as unauthorized changes […]
Could you also have an engineer’s Security Operations Center (SOC) rather than an IT/OT SOC?
I recently watched a webinar on industrial control system security and asked a question during the Q and A. My question was „Could you also have an engineer’s SOC rather than an IT/OT SOC?“. My motive for asking this question was based on my understanding that the tradition enterprise SOC is IT oriented (office LAN/WAN, […]
ICS cybersecurity at the crossroads: heading toward cyber peace or towards a “duty to hack”?
The year is ending and there have been several unsettling events in cyberspace this past year to reflect upon. They all seemed to have come together for me this past week as I completed my speaking engagements in Vilnius and in Garmische-Partenkirchen. The first conference was in Vilnius with the title “Baltic Energy Summit 2017 […]