nicdex @nicdex

0 posts0 participants0 posts today

**Kerry Tomlinson** @KerryTNews@mastodon.social · Feb 14

Kerry Tomlinson @KerryTNews@mastodon.social

It's rap time! This year's #S4x25 OT security conf rap riffed on organizer Dale Peterson's keynote re: be an "OT security artist."

References to his talk, Grammy's Song of the Year "Not Like Us" by
Kendrick Lamar w/line "I see dead people" & a Picasso-attributed quote re: wield the rules like a pro, then break them like an artist.

Read the rap straight up in bold & yellow highlight and/or read the reference notes below each line.

OT Security Artist

Long cyber checklists are such a hassle
(Dale’s keynote talked about the frustration of completing complex & overwhelming security tasks)
And you got a losing record like season one Ted Lasso
(Show about a losing-but-lovable soccer coach)
50-page deliverables that get stuffed in a drawer for a year, so you come back and nothing's changed and everyone's frustrated? Nah, so
(Almost word-for-word reference to Dale’s keynote mentions of security reports that aren’t followed)
You gotta break the rules just like Picasso
(The keynote quoted Picasso: “Learn the rules like a pro so you can break them like an artist,” encouraging you to think outside the box to solve security problems)

I see red people. Red team, that is.
(Grammy-winning song of the year starts with the line “I see dead people.” Red team=ethical hackers who help test defenses)

Pablo's a cubist, you do Kube-ernetes
(Cubism=Picasso art form, Kubernetes=type of software)
Kerberoasting tickets & Edvard Munching your spaghettis
(Kerberoasting tickets=type of cyberattack, Edvard Munch=famous artist)
Ultimate firewalls, pleasantly-odored ICS IDS rules, hunting Bessie, time to be throwing our confettis
(References various conference talks, including one titled, “Your IDS Rules for ICS Stink…”)
No Frosty Goop in your control loop while you're sipping on your YETIS
(Frosty Goop=industrial systems malware, YETIS=kind of water bottles)

There's still life in this sector.
(Still life=art style)

Part 2

Attackers paint, too, they're con artists
(I think you have this one on your own  )
Not Eureka --- Guernica and a Heart of Darkness
(Eureka=exclamation, Guernica=Picasso masterpiece depicting war, Heart of Darkness = famous novel)
The horror, the horror shows us where their heart is
(“The horror, the horror”=famous quote from Heart of Darkness)
Van Gogh and show them that, hey, you're the smartest
(Van Gogh=famous artist)

They not like us, they not like us.
(Line from Song of the Year, "Not Like Us")

You got TMI on your HMI and you got a sick sensor
(TMI=too much info, HMI=human machine interface (industrial machine computer screen), sensor=used in industrial control systems)
Use your sixth sense or give your six cents or
(Sixth Sense=movie with quote, “I see dead people,” give your two cents=offer your opinion)
Make guideline volumes less immenser
(In Dale’s talk, he explained that writing out long security reports contributes to immense volumes of guidelines)
Become a brave priority dispenser
(Dale encouraged security people to be brave & use insight to help prioritize security issues rather than just tell everyone to do everything all at once).

You wanna pop calc, but it's time to pop paint.
(Popping calc=hacking a device or software so you can bring up the calculator function & illustrate your skills, pop paint=doing the same with the Paint program, but this time it also refers to becoming an OT security artist)

#OTSecurity #OTCybersecurity #ICS

**Europe Says** @europesays@pubeurope.com · Jan 23

Jan 23

Europe Says @europesays@pubeurope.com

https://www.europesays.com/1790285/ Forescout reports growth in US federal business, with 38% rise in DoD sector and NIAP certification for OT solution #america #business #CriticalInfrastructure #Cybersecurity #Forescout #OT #OTCyber #OTCybersecurity #ThreatLandscape #UnitedStates #UnitedStatesOfAmerica #US #USA

**Dragos, Inc.** @dragosinc@infosec.exchange · Oct 25, 2024

Oct 25, 2024

Dragos, Inc. @dragosinc@infosec.exchange

Dragos’s Robert M. Lee has been selected to present at SXSW 2025! This March, he’ll present a session: “Geopolitical Cyber Threats to Our Water, Electricity & Fuel,” along with other tech and cybersecurity thought leaders from around the globe. Stay tuned for more details including session date and time!

Learn more about his presentation and the event: https://hubs.la/Q02VLSTv0

SXSW 2025 ScheduleGeopolitical Cyber Threats to our Water, Electricity & FuelSXSW 2025 Schedule | As geopolitical tensions rise, we’re beginning to see our local water, electricity, and fuel targeted by cyberthreats that in past years were limited to countries at war. Case in point: in the past year cyberattacks linked to conflicts in Europe and the Middle East impacted community water in Texas, Kansas, and Pennsylvania. Attacks can come from sophisticated state actors and now we’ve seen the first successful “hacktivist” attack on US critical infrastructure. These attacks can disrupt popu...

#icscybersecurity #otcybersecurity #industrialcybersecurity

**Dragos, Inc.** @dragosinc@infosec.exchange · Oct 18, 2024

Oct 18, 2024

Dragos, Inc. @dragosinc@infosec.exchange

Dragos's Technical Director of Incident Response Lesley Carhart shares the latest trends in OT incident response cases that showcase a growing sophistication and awareness in OT cybersecurity. Be sure to catch these valuable insights in their recent blog post: https://www.dragos.com/blog/the-shifting-landscape-of-ot-incident-response

#icscybersecurity #otcybersecurity #industrialcybersecurity #incidentresponse @hacks4pancakes

Dragos | Industrial (ICS/OT) Cyber Security · Oct 17, 2024The Shifting Landscape of OT Incident Response | DragosDragos's Lesley Carhart covers recent trends in OT incident response cases that highlight an increase in OT cybersecurity maturity and awareness.

**Lesley Carhart** @hacks4pancakes@infosec.exchange · Oct 7, 2024

Oct 7, 2024

Lesley Carhart @hacks4pancakes@infosec.exchange

I know some of you have been waiting patiently: @dragosinc has a Principal Industrial Consultant role open in the US (fully remote with onsite travel). This is a great way for a person who has done vertical or government-specific OT cybersecurity to move into more varied OT consulting and join our team. https://careers.dragos.com/jobs/2118?lang=en-us #otcybersecurity #ICSCybersecurity #industrial_cybersecurity #cybersecurityjobs

Principal ICS/OT Cybersecurity Consultant in United States | DragosPrincipal ICS/OT Cybersecurity Consultant in United States | DragosDragos is hiring a Principal ICS/OT Cybersecurity Consultant in United States. Review all of the job details and apply today!

**Lesley Carhart** @hacks4pancakes@infosec.exchange · Aug 28, 2024 *

Aug 28, 2024 *

Lesley Carhart @hacks4pancakes@infosec.exchange

I’m not our year in review report, but I’ve definitely noted a fascinating uptick in some specific types of Incident Response in our (all) industrial customers:

1) Structured investigations of already occurred industrial accidents to eliminate or identify computer root cause as part of process.
2) Forensic analyses and clean up of long-term infections and lack of perimeter control of those environments.
3) Follow on investigation of intrusions into IT to eliminate or identify potential overflow to or from OT.

It’s really great to see now’s companies taking these on procedurally and with an understanding of how different IR is in these spaces. #OTcybersecurity #ICSCybersecurity

**Pyrzout** @jos1264@social.skynetcloud.site · Aug 20, 2024

Aug 20, 2024

Pyrzout @jos1264@social.skynetcloud.site

Singapore Reveals Updated OT Masterplan 2024 to Strengthen Cybersecurity https://thecyberexpress.com/singapore-reveals-ot-masterplan-2024/ #OTCybersecurityCentreofExcellence #TheCyberExpressNews #CybersecurityNews #OTMasterplan2024 #OTcybersecurity #TheCyberExpress #FirewallDaily #OTCEP

The Cyber Express · Aug 20, 2024Singapore Reveals OT Masterplan 2024 for Enhanced SecurityBy Ashish Khaitan

**Patrick Coyle** @Pjcoyle@qoto.org · Mar 10, 2024

Mar 10, 2024

Patrick Coyle @Pjcoyle@qoto.org

GAO Reports – Week of 3-2-24 – CISA and OT Cybersecurity – https://tinyurl.com/ytvcw7r9 #CISA #otCybersecurity

chemical-facility-security-news.blogspot.comGAO Reports – Week of 3-2-24 – CISA and OT CybersecurityThis week the Government Accountability Office (GAO) published a report on “Cybersecurity: Improvements Needed in Addressing Risks to Operat...

**Robbie** @Robert_litts@fosstodon.org · Jan 29, 2024

Jan 29, 2024

Robbie @Robert_litts@fosstodon.org

Originally planned as a 1U OPNsense build from last August...currently using as a Proxmox server for my OT cyber security lab with a full simulated enterprise OT/ICS environment (Virtual OPNsense, Enterprise Active Directory w/simulated users, OpenPLC, Scada-LTS, Factory.io)

-Intel H61 Mini-ITX, i5 3470T
-8x2 GB DDR3
-Noctua NF-A4x20 Fans
-HP NC364T Quad NIC
-2X 128GB SSD
-Rackchoice 1U Case
-DEVMO PCI-E 4X Riser Cable
#opnsense #proxmox #homelab #cybersecurity #OTcybersecurity #icssecurity

**Claroty** @Claroty@infosec.exchange · Jan 25, 2024

Jan 25, 2024

Claroty @Claroty@infosec.exchange

In this case study, find out how one Eastern European energy & petrochemical company partnered with @Claroty to significantly enhance their resilience and security across various OT environments. https://claroty.com/resources/case-studies/securing-critical-oil-and-gas-infrastructure

#assetmanagement #vulnerabilitymanagement #otcybersecurity

**ICS Advisory Project** @AdvisoryICS@infosec.exchange · Jan 2, 2024

Jan 2, 2024

ICS Advisory Project @AdvisoryICS@infosec.exchange

Happy New Year! Here are the ICS Advisory Project 2023 Annual Summary Slides for CISA ICS Advisories and this week's Other CERT & Vendor vulnerability advisories weekly summary for 25 – 29 December 2023. Attached are 2023's Annual summary slides.

Link to ICS Advisory Project Annual Summary Slides: https://drive.google.com/file/d/1HYDE_rD1dvJb30r7CuoJuXEYSPNs7MxU/view

This past week, CISA did not release any new ICS Advisories. In its place, the ICS[AP] provided a high-level summary of the 380 CISA ICS Advisories released in 2023. Within this summary, you will find a high-level review of the following:

- Total Number of vendors reported in ICS Advisories ranked by country
- Vendors with a high number of critical severity vulnerabilities
- Overview of Vendor & products Affected Global Distribution & Updated CISA Advisories in 2023
- Overview of 2023 CISA ICS Advisories CVE CVSS Vectors by Severity
- Top 10 CWEs identified on MITRE's 2023 CWE Top 25 Most Dangerous Software Weaknesses (MDSW).
- Most reported impacted Critical Infrastructure sectors and by Vendor
- ICS Asset Type metrics
- Total number of CISA ICS Advisories correlated to CISA KEV Catalog
- Mitigation statics based on CISA ICS Advisories recommendations
- Top Independent Vulnerability Researchers and Research Organizations for 2023

ICS[AP] identified 12 new other CERT and vendor products security advisories were released this week for vulnerabilities in the following Vendor products: Moxa (LTE Wireless Gateway & Ethernet remote I/O with 2-port Ethernet switch), Buffalo (Router), Weintek (HMI), and Gallagher (Access Control System). See Weekly Summary of Other Vendor & CERT Advisories for potentially impacted CI sectors.

View the summary details of other CERT & Vendor product advisories identified last week (25 – 29 December 2023) at: https://drive.google.com/file/d/1wBofoXVnP9m9wAKxx2VCSFeS9tTlNMmg/view?usp=sharing

No updates were added to the CISA KEV Catalog this week.

Visit the ICS[AP] CISA KEV Catalog Dashboards: https://www.icsadvisoryproject.com/ics-advisory-dashboards/cisa-kev-for-cisa-ics-advisories

View previous ICS Advisory Project annual and weekly summaries: https://www.icsadvisoryproject.com/ics-advisory-summaries

To view the updated ICS Advisory Project Dashboards, visit: icsadvisoryproject.com

We appreciate everyone's comments & support. Have a great week!

#CISA #ot #ics #otcybersecurity #otsecurity #icscybersecurity
#cybersecurity #cybersecuritythreats #cybersecurityawareness

**jdchristopher** @jdchristopher@infosec.exchange · Mar 16, 2023

Mar 16, 2023

jdchristopher @jdchristopher@infosec.exchange

In my last post, I mentioned some cool things to come in 2023... so let's gooo!

In my research analyst role at SANS, I'm running a survey through March 28 on OT/ICS visibility-- and I want to hear from the community! We're looking for experts to share their perspective on IT and OT visibility, #industrial organizations and their SOCs, as well as detection capabilities across IT and OT networks. We'll share the findings in a public report released later this year so everyone can leverage the insights to help improve their OT visibility program.

Link to survey https://sans.org/u/1pqp

If driving our industry's detection capabilities is not enough incentive for you, don't worry, there's more! All respondents will be entered for a chance to win a $250 Amazon gift card for participating!

#otcybersecurity #otsecurity #ICSCybersecurity

**Ric** @ric@infosec.exchange · Feb 1, 2023

Feb 1, 2023

Ric @ric@infosec.exchange

I'm pleased to announce our new paper has been published! This work discusses a technique, and subsequently presents a proof of concept, for scanning for vulnerabilities within PLC control logic. As I've mentioned through numerous talks and work recently, traditional enterprise focused reconnaissance, enumeration, and vulnerability scanning techniques are inadequate against OT and provide very little information on OT-specific vulnerabilities. This tool goes further than typical network scanning to understand where the control logic itself may have vulnerabilities. Read the paper here:

https://www.sciencedirect.com/science/article/pii/S0167404823000263

We hope this work is just the first step in tooling to improve the state of in-PLC vulnerabilities and PLC programming practices, greatly reducing the exploitability of OT moving forward.

#otcybersecurity #icscybersecurity #icssecurity