Mar 30, 2021
Part 1: Awareness of Purdue Level 0 and 1 (In)Security
Part 2: Properly Prioritizing Level 0 and Level 1 Security
In this third and final article in my Level 0 / Level 1 security series the focus is on the appropriate security controls.
The security concern with sensors is that the sensor data...
Mar 25, 2021
Jason Christopher is the lead author of the new paper: Industrial Cyber Risk Management. Dale Peterson interviews Jason on this episode of the Unsolicited Response show. They discuss
Mar 23, 2021
We have resolved the issue on whether the ICS security community knows that almost all Purdue Reference Model Level 0 and Level 1 devices, and the protocols that communicate with them, lack authentication. They know this. The next question is what to do about it from an OT / ICS risk management perspective. I'll break...
Mar 18, 2021
This is a slightly edited version of the LinkedIn Live and YouTube Live show Dale Peterson recorded on March 17th. Dale begans talking about the Level 0 issue and was joined partway into the conversation by Ron Fabela. They talk about the awareness of insecure by design that exists in almost all Level 0 devices,...
Mar 16, 2021
Solving a problem typically begins with awareness that there is a problem. Back at S4x12 a group of researchers under the Project Basecamp banner demonstrated that most PLC's (Purdue Level 1 devices) were both insecure by design and ridden with exploitable bugs, as well how an attacker could leverage these issues....