ICS Security: Friday News and Notes

2022 - Week 42

Circa 2015 I stopped putting most ICS vulns in the Friday News & Notes because there were so many and most had minimal impact on ICS-related cyber risk. Next week I’m initiating a max of 3 of USG related items in this weekly newsletter. 
 

S4x23 Tickets 251 - 500

Links

• My article this week: Rolling Up OT & IT Security Metrics.
• Politico covers US Rep. Richie Torres' tough (scathing?) letter to CISA.
• Humans have “a finite pool of worry”.
• FERC lessons learned from CIP Reliability Audits.
• S4x23 Women In ICS Security Update.
• Cyberscoop article on industry meetings related to IoT Cybersecurity Labeling.
• TSA issues new cybersecurity directive for rail owner / operators.
• Another ICS security pioneer, Dennis Holstein, died earlier this month. He was a huge contributor to the IEC 62443 standards. Professionally what I remember most about Dennis was he was a most fervent advocate for quantifiable security levels in the stds, and then after 2 - 3 years said they weren't possible. This is a compliment. Most would have stubbornly stuck to their point of view. He took in the data, wasn't afraid to change his mind, and went for the achievable.

Unclassified Ads

NEW - Friday News & Notes Unclassified Ads. Here's how to reach the early adopters in OT & ICS Security
 

Secure Your Software and Device Supply Chain. Finite State helps you automate and scale security and supply chain assessments. See how the industry’s most accurate SBOMs enable software transparency and actionable risk reduction within your critical OT environments.
 

Cyber-Attack Recovery in only 30 Seconds! Salvador Technologies provides solutions for operational continuity for ICS & OT systems, that minimize downtime and enable an ideal RTO for critical assets. For HMI, SCADA, BMS, and other critical computer systems based on Windows.

Forwarded This Email and Want To Get It Every Friday?