ICS on Cutaway Security

Architecting Safety Using Cybersecurity Requirements and Assessments

Sat, 18 May 2024 00:00:00 +0000

Originally posted at Claroty NexusConnect on May 9, 2024

The Cybersecurity Safety Challenge
#

I started thinking about the safety issues for security assessments when I was asked to attend a conference for amusement rides and parks. Safety has always been paramount in this industry and their teams are working hard to understand and improve how cybersecurity fits into the phases of a ride’s lifecycle.

Bashing Education and Certifications Reduces Safety of Industrial and Automation Control Environments

Fri, 08 Sep 2023 00:00:00 +0000

Recently, I have noticed people emphasizing the name of certifications and personally attacking the people who obtain them. This is unfortunate as it is shining light on the wrong subject. The value of a certification is not in the name. The value of the certification is that it is an indication that an individual has received a level of instruction and demonstrated the ability to retain, reference, and recall that information. It is this foundation of knowledge that the individual can be held accountable for using during decision making.

Managing Cyber Risk in Industrial, Automated Environments

Sun, 12 Mar 2023 00:00:00 +0000

Originally posted on the Claroty Nexus Community as “Managing Cyber Risk in Industrial, Automated Environments” on February 23, 2023.

Environments with industrial or automation control systems are built to ensure process availability and resilience. Availability is defined as “the quality of being able to be used or obtained” and resilience as “the capacity to recover quickly from difficulties; toughness.” These days, these definitions do not necessarily take into consideration the rampant connectivity happening today within automation environments.

WWHF2019: Architecting Secure ICS Environments

Fri, 25 Oct 2019 00:00:00 +0000

Update: Architecting Secure ICS Environments Slide Deck

On October 24, 2019 I delivered a talk at the Wild West Hackin’ Fest in Deadwood, South Dakota. This conference is primarily attended by information security professionals and businesses with information security teams interested in a hands-on experience. I felt it was an excellent opportunity to provide information about the challenges they will face when implementing and testing security in environments that contain Industrial Control System (ICS) technologies.