Cybersecurity testing for ICS – pitfalls and wins

This is a (long overdue) followup post of the talk I gave at the SANS ICS Summit in 2021 - a recording of this talk can be found on youtube: https://www.youtube.com/watch?v=Qpl8eI8Tn0s I suggest you to first look at the recording of the talk before reading further about some questions I have received during the talk.… Continue reading Cybersecurity testing for ICS – pitfalls and wins

Resources to get into #ICS security

Recently I received some questions on what resources I would recommend within the ICS security space to learn more about this. So the question was more specifically about discussion groups, courses, books, certificates and so on... This was also a twitter thread from a while ago to which I responded with some information I share… Continue reading Resources to get into #ICS security

Security testing for ICS Owners – Back to Basics …

Why “Back to basics” regarding security testing? Well... during several previous security assessments that I have performed, I have run into a lot of the issues mentioned within the presentation I have given on this years CS3STHLM conference in Stockholm. Sometimes I also have the feeling that too much attention is given to technical and… Continue reading Security testing for ICS Owners – Back to Basics …

Importance of data integrity for safety in industrial environments

It is well known that the most important factor within the process industry is the availability of the systems and environment. The plant must be running at all times. That’s why most security improvement efforts are made in that area. However, the integrity of the information and data within the industrial control systems environment can’t… Continue reading Importance of data integrity for safety in industrial environments