OT Security Blog Articles
Insights on Resilience, Vulnerability Management, and More
Quote of the day — On system understanding (or the lack thereof)
“No one realized that the pumps that delivered fuel to the emergency generators were electric.” Angel Feliciano Representative of Verizon, explaining why Verizon’s backup power failed during the
The Trouble with Threat Thinking
The world seems to be fixated on the cyber threat. There are exceedingly elaborate methods used to capture, characterize, and share the signatures of emerging threats in real-time. In an effort to
Quote of the day — on the non-technical reasons for cyber insecurity
“The underlying reason that cybersecurity is so poorly done is not that there is a crying need for more research and development, or that it is impossible to secure these systems. It is that we fail
Quote of the day — On cyber security market success, or the lack thereof
“Market success of technologies and products is usually driven by what they enable, not by what they restrict or prevent. Restrictive solutions, such as those in environmental protection, safety, or
Five Reasons You Don’t Need Better Cyber Security
Admittedly, these are based on anecdotal evidence, but I suspect they are very close to the major reasons used to deflect concerns about increasing the security posture of cyber-physical systems.
“Surviving on a Diet of Poisoned Fruit”
Poisoned fruit is an apt metaphor used by the Honorable Richard Danzig in the title of his latest report for all things cyber that today we can’t live without, yet bring ever increasing risks. The
Quote of the day — on pen testing
“The basic premise of penetration testing is that you’ve got something that you don’t understand and you’re trying to achieve an understanding of it by having some outsider — who also doesn’t
Aurora Revisited — by its original project lead
When I accepted the position as Director of the Control Systems Security Program (CSSP) in 2006, I had no idea about what was coming. One of the challenges I did envision was finding a way to educate
RIPE progress report: From framework to executable program
Less than a year ago (last September, to be exact) we published a whitepaper on the RIPE Framework, explaining the rationale for and building blocks of a process-oriented approach to ICS security and