Cybersecurity testing for ICS – pitfalls and wins

This is a (long overdue) followup post of the talk I gave at the SANS ICS Summit in 2021 - a recording of this talk can be found on youtube: https://www.youtube.com/watch?v=Qpl8eI8Tn0s I suggest you to first look at the recording of the talk before reading further about some questions I have received during the talk.… Continue reading Cybersecurity testing for ICS – pitfalls and wins

Resources to get into #ICS security

Recently I received some questions on what resources I would recommend within the ICS security space to learn more about this. So the question was more specifically about discussion groups, courses, books, certificates and so on... This was also a twitter thread from a while ago to which I responded with some information I share… Continue reading Resources to get into #ICS security

using IEC62443-2-4 to reach a more secure ICS – Vendor validation

Every ICS environment will sooner or later have to deal with updates, upgrades or additions to the control system environment. Nowadays it is important to include security within such projects, although that is still sometimes forgotten (sad but true). one of the ways to include security is to perform vendor validation and set security requirements… Continue reading using IEC62443-2-4 to reach a more secure ICS – Vendor validation

Remote access for ICS – additional views

Through the past few months, more and more ways of providing remote access surfaced within organizations as people were forced to work from home because of the Covid-19 pandemic. This was also the case for remote access to organization critical environments such as industrial control systems in various sectors. By now and because of the… Continue reading Remote access for ICS – additional views

Security testing for ICS Owners – Back to Basics …

Why “Back to basics” regarding security testing? Well... during several previous security assessments that I have performed, I have run into a lot of the issues mentioned within the presentation I have given on this years CS3STHLM conference in Stockholm. Sometimes I also have the feeling that too much attention is given to technical and… Continue reading Security testing for ICS Owners – Back to Basics …