loader from loading.io

Cyber Hygiene?

Unsolicited Response Podcast

Release Date: 05/15/2018

S4x12 Great Debate: Anti-Virus & Security Patching Should Be Abandoned In ICS show art S4x12 Great Debate: Anti-Virus & Security Patching Should Be Abandoned In ICS

Unsolicited Response Podcast

This is from back when S4 was in a case study room that sat 60 and everyone could see and talk to everyone. Michael Toecker took the pro, Billy Rios the con. They had five minutes each and then you'll hear from many of the attendees who are the pioneers in ICSsec. And in some quarters this debate still rages on.

info_outline
ICS Security Maturity Levels (What To Do In What Order) show art ICS Security Maturity Levels (What To Do In What Order)

Unsolicited Response Podcast

This is from a two-part article originally published on Nov 9th and Nov 16th. It addresses the first six levels.  Many, if not most, asset owners bypass at least four of the first six levels.

info_outline
Fortinet Keynote: Operational Resilience show art Fortinet Keynote: Operational Resilience

Unsolicited Response Podcast

A recording of Dale Peterson's 30-minute Keynote at the Fortinet OT Symposium - Manufacturing Day.

info_outline
October ICS Security Month In Review show art October ICS Security Month In Review

Unsolicited Response Podcast

Clay Carter, VP and Head of Product Security at Xylem, joins Dale Peterson to discuss the top 3 stories of the month and give their win, fail and prediction. The stories: what did CISA's Water & Wastewater Alert mean to those sectors and a broader discussion on what would be helpful to those sectors. Drago's raising $200M at a post money valuation of $1.7B. Shodan Trends and how it could be used by asset owners and potentially .gov.

info_outline
Weekly Article: Hidden Value In Creating Cybersecurity Audit Programs show art Weekly Article: Hidden Value In Creating Cybersecurity Audit Programs

Unsolicited Response Podcast

This article was originally published on the Tripwire Guest Author page. It highlights an early fail of mine and what I learned.

info_outline
SOAR In ICS show art SOAR In ICS

Unsolicited Response Podcast

Peter Lund of Industrial Defender joins Dale to discuss SOAR in ICS. Examples of early big wins for SOAR in ICS Can you mix and match your SIEM and SOAR from different vendors? Partial v Full Automation ... will there always be a person in the loop? - Does SOAR need to be customized for OT to be of real use in OT? They finish the conversation with a bit on Industrial Defender's recently announced OT Machine Learning Language.

info_outline
Who Manages The Edge? show art Who Manages The Edge?

Unsolicited Response Podcast

My weekly article looks at the work and risk related to cyber maintenance of the ICS edge devices (when they get the needed DPI)

info_outline
The Future of ICS Security with Susan Peterson Sturm show art The Future of ICS Security with Susan Peterson Sturm

Unsolicited Response Podcast

Susan Peterson Sturm and Dale Peterson talked about the future at Cognite's Ignite event. They discussed: what changes can we expect when architectures base on the Purdue mode are dying trust and restricted capabilities between service providers and assets owners how data ops coming online now can help secure OT and leverage IT / OT convergence cultural convergence - the promise of process variable anomaly detection

info_outline
Try Different Roles & Companies In Your First Two Decades show art Try Different Roles & Companies In Your First Two Decades

Unsolicited Response Podcast

Dale's weekly article published on 19 October 2021. Subscribe to

info_outline
Calculating OT Cyber Risk With Ilan Barda of Radiflow show art Calculating OT Cyber Risk With Ilan Barda of Radiflow

Unsolicited Response Podcast

This episode dives deep into the risk score methodology of Radiflow's Ciara product. It attempts to use interview, asset inventory, and simulation to identify a risk score for a zone or site. It also then uses simulation to determine what security controls would most improve the risk score / reduce risk.

info_outline
 
More Episodes

The buzzwords "cyber hygiene" is being said and written by many of the guru's in the ICS security community. It's hard to argue that basic hygiene is bad, but what is and isn't cyber hygiene?

I recorded a 3-person pod with Marty Edwards of the Automation Federation and Michael Toecker of Context Industrial Security. They were selected because they used the term, and all three of us had different views on what cyber hygiene means and the usefulness of the term. For example is applying security patches cyber hygiene? Is there a difference between cyber hygiene and cyber maintenance.

Amazingly, for three experienced and opinionated people, we all ended up changing our viewpoint and reached a basic agreement. Take a listen and see if you agree with where we ended up.

----

This episode was sponsored by CyberX. Founded by military cyber experts with nation-state expertise defending critical infrastructure, CyberX has developed an end-to-end platform for continuous ICS threat monitoring and risk mitigation.

Check out the CyberX Global ICS and IIoT Risk Report and my podcast from last year on the report with Phil Neray.