Book Interview: Introduction To SBOM And VEX
Unsolicited Response Podcast
info_outline
S4x24 Closing Panel
Unsolicited Response Podcast
info_outline
Q1: ICS Security In Review
Unsolicited Response Podcast
Emma Stewart joins Dale to discuss the 3 big OT & ICS security stories from the first quarter. They end by giving their win, fail and prediction for Q1.
info_outline
S4x24 Preview
Unsolicited Response Podcast
info_outline
Predictions Analyzed
Unsolicited Response Podcast
In this solosode episode Dale reviews the status of his three predictions from the Q1, 2 and 3 quarter in review episodes and answers a listener question.
info_outline
Q4 ICS Security Quarter In Review
Unsolicited Response Podcast
info_outline
CISA Attack Surface Scanning Service
Unsolicited Response Podcast
Dale is joined by Steve Pozza, CISA Section Chief of Operational Resilience, and Tom Millar, CISA Branch Chief of Resilience, to discuss some of CISA's security services for asset owners. They discuss: The Internet accessible attack surface enumeration and vulnerability scanning surface. Asset owners can buy products or services to do this. Why is the government doing this? What CISA is doing with this attack surface data? How is CISA measuring the success of this service offering? Other broadly available services and tools, the cybersecurity performance goals (CPG assessment) ~500 done in...
info_outline
Engineering-Grade OT Security with Andrew Ginter
Unsolicited Response Podcast
Andrew Ginter published his third book this year: . Dale interviews Andrew on the book including: Who was the target reader that Andrew wrote the book for? Do (should) professional engineers lose their licenses for poor and dangerous cybersecurity design and deployments? The use of the term engineering grade, and how he defines it. Unhackable protection and safety controls as a major part of engineering grade. Unidirectional (one-way) network devices as the only security control listed as engineering grade. Is one-way from the enterprise network to the OT network engineering grade? Given the...
info_outline
Asset Inventory, Lawyers, and AI
Unsolicited Response Podcast
This week is a Dale Peterson solosode. Updates and Announcements Dale provides updates about S4x24 ticket sales and announces the Women In ICS Security program and sponsor package. Main Topics Asset Inventory in Cybersecurity: Dale challenges the common security mantra "You can't protect what you don't know," using examples from both physical and cyber domains. He notes many of the comments on this week's article missed the main point, and he gives hints on the next two asset inventory articles. Legal and Regulatory Issues in Cybersecurity: Dale emphasizes the importance of domain expertise...
info_outline
Is The Purdue Model Dead (E)
Unsolicited Response Podcast
info_outlineI've been wanting to add a month in review episode to the Unsolicited Response podcast ever since I became a fan of the Pivot podcast. Have a looser conversation on the stories of the month and then predictions, wins and fails with someone in the ICS security industry. Patrick Miller was kind enough to join me in this first attempt.
- I begin with a brief discussion of the George Floyd murder and not enough. While not ICS security, it is impossible to review the month of May without discussing this.
- 7:15 Patrick Miller joins me and we discuss the Executive Order
- 23:30 The story originally written by Joe Weiss and picked up by the press on a Chinese company selling a manipulated transformer with WAPA and Sandia entering the story later and a lot of speculation.
- 34:00 Patricks thoughts about COVID's impact on the ICS security industry and remote work in general.
- 39:15 MITRE ICS ATT&CK Evaluations
- 44:50 Wins, Fails and Predictions