Too Many Changes, Too Much Noise

Most industrial companies with whom I speak are aware of the amount of control system changes that occur on a daily basis, but lack the proper automation to monitor and manage those changes. This means that significant changes can go uninvestigated, which means unplanned outage, safety, and other risk increases.  Major regulations and standards, including NERC-CIP, IEC 62443, NEI 08-09, and NIST 800-53, to name a few,... Read more

Why Would You Use an IT Solution to Solve an OT Problem?

While automation technology has been around for decades, protecting control system assets from a set of very modern day threats is relatively new. In the face of growing risk, companies are challenged by continuously evolving best practices and standards. With this new territory, comes confusion (multiple standards, changing regulatory laws, hyped news stories) and often frustration (deciphering vendor claims and... Read more

The Risk of Not Knowing

“The big problems are where people don’t realize they have one in the first place.”  – Edward Deming Deming’s observation seems obvious enough. When you apply this to ICS cybersecurity, what are the “big problems” that companies don’t realize? In the power, petrochemical, and oil & gas industries, the stakes are high. These big problems – especially ... Read more

When a Cybersecurity Stranger Calls

Ever since I was a kid, certain movies have stuck with me, surfacing unexpectedly. Some because they are irreverently funny; I still quote Caddyshack when on a golf course. Others because they explore some element of humanity; think The Deer Hunter and Apocalypse Now. And others simply scare the ever loving you-know-what out of me; The Exorcist was definitely one of those. The movie ... Read more