When the NIS2 EU Directive came into effect, I wondered what the implications would be for security testing in industrial environments. After all, a large part of the NIS2 directive focuses on supply chain and network security. In this art…
Within NIS2, one of the items to take into account in reaching compliance, is Supply Chain security.First of all of course is to make sure you know your risks through performing risks assessments, a tool to do so can be Cyrias - Cyrias – c…
While listening to one of the talks at the ISC-CPH conference back in 2022, I realized that nobody is talking about the practical side of performing cyber security tests in a FAT/SAT testing approach. It is not only performing the FAT/SAT …
This year it was the 3rd time visiting the ISC-CPH conference for me, one of the better ICS focused security conferences within Europe. This year again as attendee compared to last year being a presenter (Last year's talk was about the pra…
@Vivek Ponnada - Managing Complexity by Engineering OT Security Currently there are a lot of good developments within OT Security, on better and more useful than the other, yet this is up to you to decide what is best fitted for your en…
@Robert Valkama, Fortum & @Mikko Kenttälä, SensorFu - leaks & OT Security - Reap process improvements from Network leaks A good network monitoring will be able to verify if the network segmentation is done properly and still wor…
Hardening is one of the many ways to protect your systems and environment from attack. Be it remote or insider threats that you are protecting against. However, with the increasing connectivity between different IT and industrial environme…
While preparing for a talk on Industrial Security Controls earlier this year for students of an Executive Master in CyberSecurity, I reflected on these controls and their presence within the different OT environments I had the privilege to…
This is a (long overdue) followup post of the talk I gave at the SANS ICS Summit in 2021 - a recording of this talk can be found on youtube: https://www.youtube.com/watch?v=Qpl8eI8Tn0s I suggest you to first look at the recording of the…
Recently I received some questions on what resources I would recommend within the ICS security space to learn more about this. So the question was more specifically about discussion groups, courses, books, certificates and so on... This wa…
Every ICS environment will sooner or later have to deal with updates, upgrades or additions to the control system environment. Nowadays it is important to include security within such projects, although that is still sometimes forgotten (s…
Through the past few months, more and more ways of providing remote access surfaced within organizations as people were forced to work from home because of the Covid-19 pandemic. This was also the case for remote access to organization cri…
The video recording of the https://secudea.be/2019/10/28/security-testing-for-ics-owners-back-to-basics/ presentation that I gave at CS3STHLM last year can be found on Youtube: https://www.youtube.com/watch?v=M8xjylA9rtI Enjoy watching …
Why “Back to basics” regarding security testing? Well... during several previous security assessments that I have performed, I have run into a lot of the issues mentioned within the presentation I have given on this years CS3STHLM confe…
In 2018, I gave a presentation at the CS3STHLM conference together with Frank Lycops on Operator Jail breakouts. Operator Jails are meant to prevent process operators from having access to the underlying operating system (OS), so all ac…
After having established a good and close cooperation between Secudea, Onrix and Asvalis, it was time to expand the portfolio of combined services. This is why the collaboration network has been extended with Corelan Consulting (founded by…
Secudea has formed a collaboration network with Onrix and Asvalis to be able to provide a wider range of services to its customers in both the OT as well as the IT landscape. At the same time, we offer our own services through our pa…
In a few weeks I’ll be giving a talk together with Frank Lycops ( https://asvalis.com) on the hidden dangers of Operator Jail breakouts, how to test these issues, and how to prevent them. The talk will be provided at the CS3sthlm confere…
During my presentation at the CS3sthlm conference (DIY insider threat detection/prevention within ICS environments), I've received some questions on this topic. Within this post I'll elaborate a bit more on these. A majority of the people…
This is a summary of the talk I gave during the CS3sthlm conference in October (link to topic: https://cs3sthlm.se/program/presentations/dieter-sarrazyn/) The goal of the presentation was to help people and organisation in setting up an i…
In Secure remote management for ICS I have written and stated that you can have a secure remote management solution / setup for ICS environments. Having a centralized, time based, source IP controlled, strong authenticated, monitored and …
It is well known that the most important factor within the process industry is the availability of the systems and environment. The plant must be running at all times. That’s why most security improvement efforts are made in that area. How…
When performing security assessments for ICS (industrial control system) customers, it is often noticed that several different remote access paths for suppliers are used for remote management purposes. Most of these are established through…
Part of training people into becoming ICS security specialists is providing them the opportunity to test or train certain things in a ‘safe’ environment. Which means you’ll need a (modest) ICS testing & training lab. There are some gre…
During one of my recent lectures on ICS Security one of the students asked me where he had to start to become an ICS Security Specialist. Since I couldn’t give a clear answer right away, I put some thought into the subject and tried to gai…