https://www.cutawaysecurity.com/tags/ics-security/Recent content in ICS Security on Cutaway SecurityHugo -- gohugo.ioenSat, 18 May 2024 00:00:00 +0000https://www.cutawaysecurity.com/blog/architecting-safety-using-cybersecurity-requirements-and-assessments/Sat, 18 May 2024 00:00:00 +0000https://www.cutawaysecurity.com/blog/architecting-safety-using-cybersecurity-requirements-and-assessments/<p><a href="https://nexusconnect.io/articles/architecting-safety-using-cybersecurity-requirements-and-assessments" target="_blank" rel="noreferrer">Originally posted</a> at Claroty NexusConnect on May 9, 2024</p> <h3 class="relative group">The Cybersecurity Safety Challenge <div id="the-cybersecurity-safety-challenge" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#the-cybersecurity-safety-challenge" aria-label="Anchor">#</a> </span> </h3> <p>I started thinking about the safety issues for security assessments when I was asked to attend a conference for amusement rides and parks. Safety has always been paramount in this industry and their teams are working hard to understand and improve how cybersecurity fits into the phases of a ride&rsquo;s lifecycle.</p>https://www.cutawaysecurity.com/blog/bashing-education-and-certifications-reduces-safety-of-industrial-and-automation-control-environments/Fri, 08 Sep 2023 00:00:00 +0000https://www.cutawaysecurity.com/blog/bashing-education-and-certifications-reduces-safety-of-industrial-and-automation-control-environments/<p>Recently, I have noticed people emphasizing the name of certifications and personally attacking the people who obtain them. This is unfortunate as it is shining light on the wrong subject. The value of a certification is not in the name. The value of the certification is that it is an indication that an individual has received a level of instruction and demonstrated the ability to retain, reference, and recall that information. It is this foundation of knowledge that the individual can be held accountable for using during decision making.</p>https://www.cutawaysecurity.com/blog/managing-cyber-risk-in-industrial-automated-environments/Sun, 12 Mar 2023 00:00:00 +0000https://www.cutawaysecurity.com/blog/managing-cyber-risk-in-industrial-automated-environments/<p>Originally posted on the <a href="https://nexusconnect.io/" target="_blank" rel="noreferrer">Claroty Nexus Community</a> as &ldquo;<a href="https://nexusconnect.io/articles/managing-cyber-risk-in-industrial-automated-environments" target="_blank" rel="noreferrer">Managing Cyber Risk in Industrial, Automated Environments</a>&rdquo;  on February 23, 2023.</p> <p>Environments with industrial or automation control systems are built to ensure process availability and resilience. Availability is defined as &ldquo;the quality of being able to be used or obtained&rdquo; and resilience as &ldquo;the capacity to recover quickly from difficulties; toughness.&rdquo; These days, these definitions do not necessarily take into consideration the rampant connectivity happening today within automation environments.</p>https://www.cutawaysecurity.com/blog/questions-from-sans-pen-test-hackfest-2019/Thu, 21 Nov 2019 00:00:00 +0000https://www.cutawaysecurity.com/blog/questions-from-sans-pen-test-hackfest-2019/<p>This week I had the pleasure of speaking twice at the <a href="https://www.sans.org/event/pen-test-hackfest-2019" target="_blank" rel="noreferrer">SANS Pen Test Hackfest Summit 2019</a>. I had an excellent time and got to meet up with some old friends and make new acquittances. That is one of the most important things about these events. Attending pulls us from behind our virtual cubicles and gets us in front of human beings with common interests. It allows us to participate in conversations and, hopefully, have interactions where the communications include body language, facial expressions, and vocal inflections.</p>