Unsolicited Response Podcast

Oct 6, 2020

The ICS Security Month in Review episodes cover two to three big stories from the month plus a win, a fail and a prediction.

This month's stories include:

• S4x21's cancellation and S4x22 dates
• (7:01) Ransomware in ICS
• (12:30) SCIDMark and other ICS cyber incident databases
• (16:50) Is the Airgap myth still believed by...

Sep 30, 2020

Detecting Triton Type Attacks

In this episode I talk with Otis Alexander of MITRE about ATT&CK for ICS Evaluations. We begin with a discussion on ATT&CK and the ICS version of ATT&CK. If you are familiar with this, skip to 17:09 where we begin our discussion on the upcoming evaluations.

MITRE has created a Triton type...

Sep 16, 2020

Most of the OT Detection and Asset Management solutions have developed 'integrations' with SIEMs, with Splunk and QRadar being the most common. I put integrations in quotes because they did little more than push alerts and events to the SIEMs with little context. This all changed with Splunk announcing their OT...

Sep 2, 2020

We hear it all the time. OT is different than IT, and IT doesn't understand OT. People argue about IT/OT convergence. In all these discussions I believe two things are true.

1. OT doesn't really understand IT, and the similar, but not identical, requirements that mission critical IT has with OT.
2. OT can actually learn a...

Aug 18, 2020

The US Department of Homeland Security CISA put out a new One CISA strategy document and an Alert in July. So I thought it would be a good time to talk with CISA Director Chris Krebs.

We cover a lot of ground in the 45 minute interview including:

• a typical day in the life of the CISA directory</li><li>the Strategy's...