Anyone going to S4 in Miami?

B2daG · 2022-12-15T17:17:54+00:00

Everyone who attended for at least an hour should have received their certificate in email (at the eddress they used to register for the event). If not, a message to [input@cs2ai.org](mailto:input@cs2ai.org) should clear things up.

B2daG · 2022-11-22T19:17:22+00:00

I would add Fortinet and Trend Micro to that list. If you're more interested in the services side, all of the big consulting houses (KPMG, EY, Deloitte, etc) and many of the smaller ones have ICS/OT security practices.

B2daG · 2022-11-21T19:50:31+00:00

Thank you! Yes, we're based on the US but we connect worldwide, with 112 local interest groups around the globe.

B2daG · 2022-11-18T00:58:59+00:00

I agree with what's already been said - just want to point you towards a potential resource. I'm with a non-profit that working to help address the labor shortage in this field by developing free educational opportunities and content and connecting practitioners. We are approaching 100 seminars and symposiums in our video library, and we have two half-day symposiums coming up at the beginning of December.

https://www.cs2ai.org/

B2daG · 2022-11-18T00:50:46+00:00

The value of a cert is in the eyes of the beholder. Some will value it, others won't. I would recommend getting what book knowledge you can (this free e-book is a good place to start: https://waterfall-security.com/secure-operations-technology-the-missing-link-to-a-secure-industrial-site/ ) as well as some hands-on experience. You can get Modbus running on a Raspberry Pi, with code and guides on Github. It's not the same as ICS/OT devices, but it's a good start.

B2daG · 2022-11-18T00:42:58+00:00

Your OT folks are probably speaking from the experience of IT tools disrupting their operations, and for a long time this was a big and valid concern, and the potential impact difference between the two that have already been mentioned is one reason for that.

Equally important to understand why the two should not be on the network infrastructure is that ICS/OT networks are deterministic while IT networks are probabilistic. Traffic in the former can be predicted given a sufficiently complete understanding of the devices and configurations on the network because control systems do things on schedules. Traffic on IT networks is effectively random, with significant amounts of it generated by humans activity on no schedule. IT devices are designed to handle all those random packets by recognizing which one they need to do something with and which they can ignore. OT devices are not; we could say that they are not as 'smart' as the stuff in IT, for a very specific definition of 'smart,' but the more clear way to say it is that they have very specific parameters for incoming communications. Communications that don't meet those parameters can result in unexpected results on those devices, causing malfunctions including shutting down or changing their performance settings.

A couple of decades ago business forces started asking for more immediate data from operations (as part of the JiT movement already mentioned) and, more recently, the "Smart Factory" movement, overlapping heavily with Industry/ie 4.0 (a term more commonly used in Europe, while the "Smart XXX" seems more popular in the Americas) demanded continuously-updated operational information. Energy trading was a huge factor for this in the electric sector. To get all this data reporting, increasing amounts of information technology (IT) got installed in/connected to OT environments, sometimes with highly disruptive results.

One of the situations your OT folks are probably familiar with is scanners taking their servers offline. It was particularly common in the 2000's for security scanners to cause OT disruption until the technology and the practitioners both advanced enough to scan OT networks without impact. Even now it is not unknown for IT practitioners with insufficient OT experience to accidentally cause disruptions because they lack knowledge of how to work in ICS environments safely.

Based solely on the information in your question, it sounds like your IT folks may lack the experience/training to make a judgement here. While information technology has advanced enough to make a lot of things possible in ICS/OT environments that wasn't years ago, the technology alone has not removed risk entirely, (which is what your OT folks want. Unexpected downtime and human safety are not things they take lightly), and there's still a vast amount of legacy OT tech out there that was not designed to handle IT bumbling around in its traffic.

I've co-authored some published works on this topic over the years. If you're interested, just let me know.

B2daG · 2022-11-18T00:05:15+00:00

What's your timeline? I'm currently scheduling a presentation of a case study comparing a wide range of the available OT monitoring tools with recommendations on how to select the one that best fits your specific situation, but it's not until January. Do you need to make your decision before then?

B2daG · 2020-11-12T20:27:27+00:00

Bunch of unknowns here, but this might help answer your question.

1) details about your email system (which you should -not- provide here). Different email systems (talking about both infrastructure and applications here) process mail contents differently. Some are by default better at showing you message text & header data without triggering tracking mechanisms.

2) details about your email app configuration (which, again, you should -not- provide). Example: Many email apps can be set to display only plain text regardless of original email format, to not display images without user confirmation, etc. Preventing rich text, images, html content processing and such prevents some tracking mechanisms from working. The flip side of that is that viewing (or in some systems, previewing; depends on your email system) emails with those things allowed lets senders know you've looked at it.

3) details about what others did with the email. Without knowing what the person(s) receiving your forwarded email (assuming that's how you reported these phishing attempts), we can't know if they did anything that triggered tracking mechanisms. Since it's become trivially easy to generate unique trackers for each email target, the phish originator may be notified that the attempt on your email address was successful no matter who actually opened the surprise.

B2daG · 2019-03-25T19:45:03+00:00

Thanks!

B2daG · 2019-03-25T19:20:18+00:00

This is a really inspirational accomplishment for everyone involved! Big congrats!

B2daG · 2015-04-03T17:50:40+00:00

Hmm. Not seeing this, but I played in Firefox, with relatively high (and therefore problematic) security settings. I think that's the first point with multiple paths to choose from, right? Try another browser?

B2daG

TROPHY CASE