Book Interview: Introduction To SBOM And VEX
Unsolicited Response Podcast
info_outline
S4x24 Closing Panel
Unsolicited Response Podcast
info_outline
Q1: ICS Security In Review
Unsolicited Response Podcast
Emma Stewart joins Dale to discuss the 3 big OT & ICS security stories from the first quarter. They end by giving their win, fail and prediction for Q1.
info_outline
S4x24 Preview
Unsolicited Response Podcast
info_outline
Predictions Analyzed
Unsolicited Response Podcast
In this solosode episode Dale reviews the status of his three predictions from the Q1, 2 and 3 quarter in review episodes and answers a listener question.
info_outline
Q4 ICS Security Quarter In Review
Unsolicited Response Podcast
info_outline
CISA Attack Surface Scanning Service
Unsolicited Response Podcast
Dale is joined by Steve Pozza, CISA Section Chief of Operational Resilience, and Tom Millar, CISA Branch Chief of Resilience, to discuss some of CISA's security services for asset owners. They discuss: The Internet accessible attack surface enumeration and vulnerability scanning surface. Asset owners can buy products or services to do this. Why is the government doing this? What CISA is doing with this attack surface data? How is CISA measuring the success of this service offering? Other broadly available services and tools, the cybersecurity performance goals (CPG assessment) ~500 done in...
info_outline
Engineering-Grade OT Security with Andrew Ginter
Unsolicited Response Podcast
Andrew Ginter published his third book this year: . Dale interviews Andrew on the book including: Who was the target reader that Andrew wrote the book for? Do (should) professional engineers lose their licenses for poor and dangerous cybersecurity design and deployments? The use of the term engineering grade, and how he defines it. Unhackable protection and safety controls as a major part of engineering grade. Unidirectional (one-way) network devices as the only security control listed as engineering grade. Is one-way from the enterprise network to the OT network engineering grade? Given the...
info_outline
Asset Inventory, Lawyers, and AI
Unsolicited Response Podcast
This week is a Dale Peterson solosode. Updates and Announcements Dale provides updates about S4x24 ticket sales and announces the Women In ICS Security program and sponsor package. Main Topics Asset Inventory in Cybersecurity: Dale challenges the common security mantra "You can't protect what you don't know," using examples from both physical and cyber domains. He notes many of the comments on this week's article missed the main point, and he gives hints on the next two asset inventory articles. Legal and Regulatory Issues in Cybersecurity: Dale emphasizes the importance of domain expertise...
info_outline
Is The Purdue Model Dead (E)
Unsolicited Response Podcast
info_outlineThe ICS Detection Market has achieved almost all of the funding and attention the last two years, including my analysis. Last month Bayshore Networks announced and got some attention with their new SCADAFuse “inline protection tool for industrial networks”. It sounded a lot like the Tofino of 5+ years ago, so I decided to get the creator of the industrial firewall / gateway market, Eric Byres, on the podcast to help me analyze this market in 2019 and where it will go in the future.
At 33:50 of the podcast we shift topics and discuss aDolus’s FACT score for software and firmware. They say it is like a FICO credit score that measures the authenticity and security of the software / firmware, see their 3-minute video.
Links
- Bayshore Networks SCADAFuse Page
- aDolus 3-Minute Video on the FACT Trust Score for Software and Firmware
- S4x20 Call For Presentations
- OnRamp Online Registration
This episode was sponsored by CyberX. Founded by military cyber experts with nation-state expertise defending critical infrastructure, CyberX has developed an end-to-end platform for continuous ICS threat monitoring and risk mitigation.
This episode was sponsored by aeSolutions. aeSolutions is an engineering and consulting company specializing in process safety and industrial cybersecurity. aeSolutions has pioneered the CyberPHA methodology which is a proven method to assess industrial control system (ICS) cybersecurity risk leveraging well established process safety techniques.