Water is one of the most relied-upon of all vital services—and yet one of the most poorly cyber-defended critical sectors, way behind power or telecom. That combination makes it a great target for hackers. My story for OT.Today features input from the incomparable Josh Corman.
ICYMI last week, here is my story on the new guidance from the Cybersecurity and Infrastructure Security Agency (CISA) about how to start adapting #ZeroTrust principles from IT to operational technology/industrial control systems (OT/ICS)
To be blunt, the reaction from most of the experts I spoke to was pretty "meh," about the document. Most found something to like there, but no one seemed really excited.
Why? As Dale Peterson put it, "The document is not bad or wrong, it's just not that helpful. It's overly broad, … It's high level, and this information is well known."
Tatyana Bolton of the Operational Technology Cybersecurity Coalition asked who was going pay to bring Zero Trust cybersecurity to the thousands of U.S. critical infrastructure providers below the cyber poverty line.
And both Claroty's Field CTO Sean Tufts and Nozomi Networks' Cybersecurity Director Chris Groves charged that the document dodged or fudged some big questions. Details in the story...
Not a single pure-play/specialist OT cyber firm or (worse) OT equipment manufacturer have been invited to join Anthropic's Project Glasswing, granting access to their latest LLM, Mythos which is reportedly scarily good at finding vulns and writing patches (or exploits).