Lack of security at Level 0/1: problem of awareness or unwillingness to change priorities?

To be honest I was planning to write about unintentional cyber incidents in critical infrastructure and the need to pull away some of our attention from the sexy topic of cyber-attacks and cyber kill-chains.  I changed my mind when I read Dale Peterson’s informative article on “Awareness Of Purdue Level 0 and 1 (In)Security” and […]

What would Sun Tzu and Louis Pasteur say about today’s industrial cybersecurity?

Have been following the discussions on industrial cybersecurity, convergence, network vs device security, and IT vs OT vs ICS[2]. Some of the points of view differ greatly on what needs to be done.  This lack of consensus indicates that something may be wrong with our assumptions and our approach.   A disturbing lack progress being […]

Zero Trust and ICS

The goal of Zero Trust is getting data securely across network, storage, and computing infrastructure you may not trust. The message is usually between two software entities that are trusted with human beings behind them. But that’s not what happens in an Industrial Control System, such as a DCS or a PLC based plant system. […]

In seeking to protect industrial control systems are we clear about what is being threatened and from what threats?

Reading the recently published Industrial Control Systems Emergency Response Team (ICS-CERT) Advanced Analytical Laboratory (AAL) White Paper on Malware Trends left me somewhat unimpressed and disappointed. Whenever I read a document about cybersecurity, especially one written by an institution dealing with the security of industrial control systems, I am keen to see how the authors […]