What's Happening At ICS & IT Security Conferences
Release Date: 05/09/2018
State Of NERC CIP, European Update and OT Security Community
Unsolicited Response Podcast
Patrick Miller has OT cybersecurity experience as an asset owner, PacificCorp. As a regulator and one of the first NERC CIP auditors with WECC. As a community organizer creating and leading EnergySec and the BeerISAC. And as an entrepreneur creating and leading a number of consulting practices. He is currently the Founder of Ampyx Cyber. In this episode Patrick and Dale discuss: Why Patrick changed the company name and selected Talinn as the location for the new European office. The major differences in approaches to OT cybersecurity and risk management between Europe and the US....
info_outline
Book Interview: Introduction To SBOM And VEX
Unsolicited Response Podcast
info_outline
S4x24 Closing Panel
Unsolicited Response Podcast
info_outline
Q1: ICS Security In Review
Unsolicited Response Podcast
Emma Stewart joins Dale to discuss the 3 big OT & ICS security stories from the first quarter. They end by giving their win, fail and prediction for Q1.
info_outline
S4x24 Preview
Unsolicited Response Podcast
info_outline
Predictions Analyzed
Unsolicited Response Podcast
In this solosode episode Dale reviews the status of his three predictions from the Q1, 2 and 3 quarter in review episodes and answers a listener question.
info_outline
Q4 ICS Security Quarter In Review
Unsolicited Response Podcast
info_outline
CISA Attack Surface Scanning Service
Unsolicited Response Podcast
Dale is joined by Steve Pozza, CISA Section Chief of Operational Resilience, and Tom Millar, CISA Branch Chief of Resilience, to discuss some of CISA's security services for asset owners. They discuss: The Internet accessible attack surface enumeration and vulnerability scanning surface. Asset owners can buy products or services to do this. Why is the government doing this? What CISA is doing with this attack surface data? How is CISA measuring the success of this service offering? Other broadly available services and tools, the cybersecurity performance goals (CPG assessment) ~500 done in...
info_outline
Engineering-Grade OT Security with Andrew Ginter
Unsolicited Response Podcast
Andrew Ginter published his third book this year: . Dale interviews Andrew on the book including: Who was the target reader that Andrew wrote the book for? Do (should) professional engineers lose their licenses for poor and dangerous cybersecurity design and deployments? The use of the term engineering grade, and how he defines it. Unhackable protection and safety controls as a major part of engineering grade. Unidirectional (one-way) network devices as the only security control listed as engineering grade. Is one-way from the enterprise network to the OT network engineering grade? Given the...
info_outline
Asset Inventory, Lawyers, and AI
Unsolicited Response Podcast
This week is a Dale Peterson solosode. Updates and Announcements Dale provides updates about S4x24 ticket sales and announces the Women In ICS Security program and sponsor package. Main Topics Asset Inventory in Cybersecurity: Dale challenges the common security mantra "You can't protect what you don't know," using examples from both physical and cyber domains. He notes many of the comments on this week's article missed the main point, and he gives hints on the next two asset inventory articles. Legal and Regulatory Issues in Cybersecurity: Dale emphasizes the importance of domain expertise...
info_outlineIn the last two months Bryan Owen attended the SANS ICS Security Summit, DHS ICSJWG, RSA, OSIsoft's PI World, and LOGIIC (Oil/Gas/Gov consortium). Since most listeners like me aren't able to attend these events I thought we could find out what's happening from Bryan.
- Why Bryan attends events. (4:12)
- Is it worthwhile for an ICS security professional to attend RSA? (7:40)
- Mike Assante from the ICS world winning the most prestigious RSA award. (14:00)
- Any difference in ICSJWG given the recent DHS reorganization? (15:25)
- Does it look like DHS will increase it's ICS security consulting and is this a good idea? (18:36)
- Are two ICSJWG events a year too much? Or should there be more? (20:45)
- Government training of ICS resources and what does success look like? (23:00)
- What was the theme of PI World? (31:35)
- Information on the new secure PI System Connector for passing information between PI components (slow RIP 5450). (33:50)
- Will we see a shift away or replacement for the Purdue Model? (36:05)
- Is Oil/Gas in the LOGIIC group rethinking control/safety integration recommendations after TRITON? (49:00)
Links and Info:
The native 3 zone architecture approach is called a PI Connector. Instead of a basic client server approach, PI Connectors come with a purpose built relay as a proxy for deployment in the DMZ. Some of the major US control centers collaborated on the design and year of field trials. PI System Connector is now generally available. All PI Connectors such as Modbus, OPC-UA, etc will include the connector relay. The relay architecture also provides the endpoint for data ingress from our open source project called FogLAMP or any device pushing OSIsoft Message Format (OMF).
PI World links:
Fog Computing On The Plant Floor - Ivan Zoratti
Introduction to FogLAMP - Ivan Zoratti
OSIsoft Extreme PI System Hardening – Harry Paul
This episode was sponsored by CyberX. Founded by military cyber experts with nation-state expertise defending critical infrastructure, CyberX has developed an end-to-end platform for continuous ICS threat monitoring and risk mitigation.
Check out the CyberX Global ICS and IIoT Risk Report and my podcast from last year on the report with Phil Neray.