shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

258
active users

#icssecurity

0 posts0 participants0 posts today
Seth Grover<p><a href="https://github.com/idaholab/Malcolm/releases/tag/v25.04.1" rel="nofollow noopener noreferrer" target="_blank">Malcolm v25.04.1</a> contains new features and improvements, component version updates, bug fixes, and other great stuff.</p><p>For these notes, I'm lumping v25.04.0 and v25.04.1 together, as v25.04.1 was released only two days after v25.04.0 in order to update Arkime to <a href="https://github.com/arkime/arkime/blob/6eaf2ee53a808cece94cec887cf8f058e0441a5c/CHANGELOG#L39-L42" rel="nofollow noopener noreferrer" target="_blank">v5.6.4</a> which mitigates newly-discovered remote code execution (RCE) vulnerabilities.</p><p><a href="https://github.com/idaholab/Malcolm/compare/v25.03.1...v25.04.1" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/idaholab/Malcolm/co</span><span class="invisible">mpare/v25.03.1...v25.04.1</span></a></p><ul><li><p>✨ Features and enhancements</p><ul><li>add option to use external NetBox instance (<a href="https://github.com/cisagov/Malcolm/issues/597" rel="nofollow noopener noreferrer" target="_blank">cisagov/Malcolm#597</a>)</li><li>add <code>-q</code>/<code>--quiet</code> option for <code>start</code>/<code>restart</code> (<a href="https://github.com/cisagov/Malcolm/issues/656" rel="nofollow noopener noreferrer" target="_blank">cisagov/Malcolm#656</a>)</li><li>handle non-HTTPS arkime case (<a href="https://github.com/cisagov/Malcolm/issues/629" rel="nofollow noopener noreferrer" target="_blank">cisagov/Malcolm#629</a>)</li><li><p>lots of improvements to <code>control.py</code> and <code>install.py</code> for Kubernetes deployment</p><ul><li>improved <code>start</code>/<code>stop</code>/<code>wipe</code> control script behavior</li><li>allow providing resource requests in manifests via YML file and command-line argument</li></ul><pre><code>...<br>Kubernetes:<br> -n, --namespace &lt;string&gt;<br> Kubernetes namespace<br> --skip-persistent-volume-checks [SKIPPERVOLCHECKS]<br> Skip checks for PersistentVolumes/PersistentVolumeClaims in manifests (only for "start" operation with Kubernetes)<br> --no-capture-pods [NOCAPTUREPODSSTART]<br> Do not deploy pods for traffic live capture/analysis (only for "start" operation with Kubernetes)<br> --no-capabilities [NOCAPABILITIES]<br> Do not specify modifications to container capabilities (only for "start" operation with Kubernetes)<br> --inject-resources [INJECTRESOURCES]<br> Inject container resources from kubernetes-container-resources.yml (only for "start" operation with Kubernetes)<br> --image-source &lt;string&gt;<br> Source for container images (e.g., "ghcr.io/idaholab/malcolm"; only for "start" operation with Kubernetes)<br> --image-tag &lt;string&gt; Tag for container images (e.g., "25.04.0"; only for "start" operation with Kubernetes)<br> --delete-namespace [DELETENAMESPACE]<br> Delete Kubernetes namespace (only for "wipe" operation with Kubernetes)<br>...<br></code></pre></li><li><p>improvements to Malcolm's vanilla Kubernetes manifests</p><ul><li>lowered the amount of storage for the persistent volumes in the AWS EFS example</li><li>replaced <code>name</code> label with <code>app</code> label for deployments in accordance with best practices</li></ul></li><li><p>improve links on landing page for NetBox and auth to accurately reflect what Malcolm is using</p></li><li><p>added more smarts to the NGINX startup script to dynamically set up upstreams that may or may not exist based on enabled or disabled Malcolm features</p></li><li><p>fixed a minor issue in the script setting up Zeek intelligence updates where it would remove its own lockfile</p></li></ul></li><li><p>✅ Component version updates</p><ul><li>Alpine Linux <a href="https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.21.0" rel="nofollow noopener noreferrer" target="_blank">v3.21</a></li><li>Arkime <a href="https://github.com/arkime/arkime/blob/6eaf2ee53a808cece94cec887cf8f058e0441a5c/CHANGELOG#L39-L42" rel="nofollow noopener noreferrer" target="_blank">v5.6.4</a> to <a href="https://github.com/arkime/arkime/pull/3188" rel="nofollow noopener noreferrer" target="_blank">resolve</a> RCE vulnerabilities, as described below in the <a href="https://infosec.exchange/tags/announcements" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>announcements</span></a> channel on the <a href="https://arkime.slack.com/" rel="nofollow noopener noreferrer" target="_blank">Arkime slack</a>: * possible to bypass forced expressions for some API calls * direct access to OpenSearch/Elasticsearch could be used to create session documents that hang viewer or have viewer execute code * since Arkime 5.1.0 any arkimeUser user could create OpenSearch/Elasticsearch documents in any index that viewer had access to</li><li>Keycloak <a href="https://www.keycloak.org/docs/latest/release_notes/index.html#keycloak-26-2-0" rel="nofollow noopener noreferrer" target="_blank">v26.2</a></li><li>NetBox <a href="https://github.com/netbox-community/netbox/releases/tag/v4.2.8" rel="nofollow noopener noreferrer" target="_blank">v4.2.8</a></li><li>netbox-initializers <a href="https://github.com/tobiasge/netbox-initializers/releases/tag/v4.2.0" rel="nofollow noopener noreferrer" target="_blank">v4.2.0</a></li><li>netbox-topology <a href="https://github.com/netbox-community/netbox-topology-views/releases/tag/v4.2.1" rel="nofollow noopener noreferrer" target="_blank">v4.2.1</a></li><li>Fluent Bit to <a href="https://github.com/fluent/fluent-bit/releases/tag/v4.0.1" rel="nofollow noopener noreferrer" target="_blank">v4.0.1</a></li></ul></li><li><p>🐛 Bug fixes</p><ul><li>API tokens created in NetBox still require authentication through NGINX reverse proxy (<a href="https://github.com/cisagov/Malcolm/issues/383" rel="nofollow noopener noreferrer" target="_blank">cisagov/Malcolm#383</a>)</li><li>adjust Logstash health check so K8s liveness probe doesn't kill it (<a href="https://github.com/cisagov/Malcolm/issues/630" rel="nofollow noopener noreferrer" target="_blank">cisagov/Malcolm#630</a>)</li><li>be more resilient in <code>zeekctl</code> status checks in <code>zeekdeploy.sh</code> (<a href="https://github.com/cisagov/Malcolm/issues/652" rel="nofollow noopener noreferrer" target="_blank">cisagov/Malcolm#652</a>)</li><li>in deployments with multiple zeek-live containers, each container's restarting causes the others to restart zeek (<a href="https://github.com/cisagov/Malcolm/issues/651" rel="nofollow noopener noreferrer" target="_blank">cisagov/Malcolm#651</a>)</li></ul></li><li><p>🧹 Code and project maintenance</p><ul><li><a href="https://malcolm.fyi/docs/custom-rules.html#Logstash" rel="nofollow noopener noreferrer" target="_blank">document</a> customizing Malcolm with an additional output pipeline (<a href="https://github.com/cisagov/Malcolm/issues/643" rel="nofollow noopener noreferrer" target="_blank">cisagov/Malcolm#643</a>)</li><li>overhaul <a href="https://malcolm.fyi/docs/aws.html#AWS" rel="nofollow noopener noreferrer" target="_blank">"deploying Malcolm on AWS"</a> documentation (<a href="https://github.com/cisagov/Malcolm/issues/655" rel="nofollow noopener noreferrer" target="_blank">cisagov/Malcolm#655</a>)</li></ul></li></ul><p><a href="https://malcolm.fyi/" rel="nofollow noopener noreferrer" target="_blank">Malcolm</a> is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻‍♀️.</p><p>Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, <a href="https://malcolm.fyi/docs/quickstart.html#DockerVPodman" rel="nofollow noopener noreferrer" target="_blank">Podman</a> 🦭, and <a href="https://malcolm.fyi/docs/kubernetes.html#Kubernetes" rel="nofollow noopener noreferrer" target="_blank">Kubernetes</a> ⎈. Check out the <a href="https://malcolm.fyi/docs/quickstart.html" rel="nofollow noopener noreferrer" target="_blank">Quick Start</a> guide for examples on how to get up and running.</p><p>Alternatively, dedicated official <a href="https://malcolm.fyi/docs/malcolm-hedgehog-e2e-iso-install.html#InstallationExample" rel="nofollow noopener noreferrer" target="_blank">ISO installer images</a> 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's <a href="https://github.com/idaholab/Malcolm/releases" rel="nofollow noopener noreferrer" target="_blank">releases page</a> on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (<a href="https://github.com/idaholab/Malcolm/blob/main/scripts/release_cleaver.sh" rel="nofollow noopener noreferrer" target="_blank"><code>release_cleaver.sh</code></a>) and PowerShell 🪟 (<a href="https://github.com/idaholab/Malcolm/blob/main/scripts/release_cleaver.ps1" rel="nofollow noopener noreferrer" target="_blank"><code>release_cleaver.ps1</code></a>). See <a href="https://malcolm.fyi/docs/download.html#DownloadISOs" rel="nofollow noopener noreferrer" target="_blank"><strong>Downloading Malcolm - Installer ISOs</strong></a> for instructions.</p><p>As always, join us on the <a href="https://github.com/cisagov/Malcolm/discussions" rel="nofollow noopener noreferrer" target="_blank">Malcolm discussions board</a> 💬 to engage with the community, or pop some corn 🍿 and <a href="https://www.youtube.com/@malcolmnetworktrafficanalysis/playlists" rel="nofollow noopener noreferrer" target="_blank">watch a video</a> 📼.</p><p><a href="https://infosec.exchange/tags/Malcolm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malcolm</span></a> <a href="https://infosec.exchange/tags/HedgehogLinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HedgehogLinux</span></a> <a href="https://infosec.exchange/tags/Zeek" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Zeek</span></a> <a href="https://infosec.exchange/tags/Arkime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Arkime</span></a> <a href="https://infosec.exchange/tags/NetBox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetBox</span></a> <a href="https://infosec.exchange/tags/OpenSearch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSearch</span></a> <a href="https://infosec.exchange/tags/Elasticsearch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Elasticsearch</span></a> <a href="https://infosec.exchange/tags/Suricata" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Suricata</span></a> <a href="https://infosec.exchange/tags/PCAP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PCAP</span></a> <a href="https://infosec.exchange/tags/NetworkTrafficAnalysis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetworkTrafficAnalysis</span></a> <a href="https://infosec.exchange/tags/networksecuritymonitoring" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>networksecuritymonitoring</span></a> <a href="https://infosec.exchange/tags/OT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OT</span></a> <a href="https://infosec.exchange/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://infosec.exchange/tags/icssecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>icssecurity</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/Cyber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cyber</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/INL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>INL</span></a> <a href="https://infosec.exchange/tags/DHS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DHS</span></a> <a href="https://infosec.exchange/tags/CISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CISA</span></a> <a href="https://infosec.exchange/tags/CISAgov" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CISAgov</span></a></p>
Kerry Tomlinson<p>It's rap time! This year's <a href="https://mastodon.social/tags/S4x25" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>S4x25</span></a> OT security conf rap riffed on organizer Dale Peterson's keynote re: be an "OT security artist."</p><p>References to his talk, Grammy's Song of the Year "Not Like Us" by<br>Kendrick Lamar w/line "I see dead people" &amp; a Picasso-attributed quote re: wield the rules like a pro, then break them like an artist. </p><p>Read the rap straight up in bold &amp; yellow highlight and/or read the reference notes below each line.</p><p><a href="https://mastodon.social/tags/OTSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTSecurity</span></a> <a href="https://mastodon.social/tags/OTCybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTCybersecurity</span></a> <a href="https://mastodon.social/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://mastodon.social/tags/ICSSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICSSecurity</span></a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
ICS Advisory Project<p>Good Morning, Afternoon, or Evening, Everyone. CISA ICS Advisories Master File for 1/16/25 &amp; the following year's CSVs are updated:</p><p>CISA_ICS_ADV_2025_01_16.csv<br>CISA_ICS_ADV_2024_1_16_25.csv</p><p>Available @ ICS Advisory Project GitHub: <a href="https://github.com/icsadvprj" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/icsadvprj</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a><br><a href="https://infosec.exchange/tags/vulnerabilitymanagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerabilitymanagement</span></a> <br><a href="https://infosec.exchange/tags/icssecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>icssecurity</span></a></p>
Lesley Carhart :unverified:<p>My latest, on the more unusual IR cases we see in the industrial space. <a href="https://www.dragos.com/blog/the-shifting-landscape-of-ot-incident-response/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">dragos.com/blog/the-shifting-l</span><span class="invisible">andscape-of-ot-incident-response/</span></a> <a href="https://infosec.exchange/tags/ICSSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICSSecurity</span></a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
D_70WN 🌈 🏳️‍⚧️<p>I was just asked if I know anyone, from whom you can learn something about ICS-Security and OT-Security. Personally and spontaneously, I can only think of two people <span class="h-card" translate="no"><a href="https://infosec.exchange/@hacks4pancakes" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>hacks4pancakes</span></a></span> and <a href="https://www.linkedin.com/in/mikeholcomb/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">linkedin.com/in/mikeholcomb/</span><span class="invisible"></span></a></p><p>I am therefore sharing this recommendation publicly with everyone.</p><p><a href="https://chaos.social/tags/icssecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>icssecurity</span></a> <a href="https://chaos.social/tags/otsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>otsecurity</span></a> <a href="https://chaos.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://chaos.social/tags/learning" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>learning</span></a></p>
cje<p>“An attacker would be able to take control of the ICS/SCADA endpoint, effectively gaining physical access" <a href="https://infosec.exchange/tags/icssecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>icssecurity</span></a> <a href="https://infosec.exchange/tags/otsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>otsecurity</span></a> <a href="https://infosec.exchange/tags/scada" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>scada</span></a> <a href="https://m.cje.io/3RqMBBG" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">m.cje.io/3RqMBBG</span><span class="invisible"></span></a></p>
Andy Dressel<p>Our water utilities must improve their cybersecurity but many lack the resources to do so.</p><p>From the article- Of the 150,000 water utilities across the country, 95% don’t have a cybersecurity professional on staff, said Brandon Wales, executive director at CISA.<br><a href="https://mas.to/tags/icssecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>icssecurity</span></a><br><a href="https://mas.to/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p><p><a href="https://www.cybersecuritydive.com/news/epa-enforcement-water-utilities-cyber/716719/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cybersecuritydive.com/news/epa</span><span class="invisible">-enforcement-water-utilities-cyber/716719/</span></a></p>
ICS Advisory Project<p>As promised, at the end of January, the ICS Advisory Project, with support from Industrial Data Works LLC, will release its annual ICS Vulnerabilities Research Report for CISA ICS Advisories and Other Vendor and CERT advisories reported in ICS[AP] Weekly Summaries.</p><p>Key Findings to be discussed:<br>🔷 Total Number of CISA ICS Advisories for 2023 compared to 2022<br>🔷 Total number of reported CVEs in CISA ICS Advisories for 2023 compared to 2022<br>🔶 CVEs reported in ICS[AP] Weekly Summaries for 2023 that did not correlate to CVE identified in CISA ICS Advisories<br>☣ CVEs reported in 2023 CISA ICS Advisories with no patch or remediation at the time of reporting<br>🔄 Total number of CVEs correlated from new Vendor and CERT Security Advisories to CISA ICS Advisories released previously for other Vendors<br>🔎 Identification of the leading top CVE Numbering Authority for ICS Vulnerabilities in 2023<br>🏭 Top Critical Infrastructure Sectors Impacted by ICS Vulnerabilities<br>and many more details.</p><p>✅ Sign up to receive your copy of ICS[AP] and Industrial Data Works 2023 ICS Vulnerabilities Research Report:</p><p><a href="https://docs.google.com/forms/d/e/1FAIpQLSfC490BHoCR4gHekZcMLBgbHMhUQZr7ZVYZG1OkaWdKGwH73g/viewform" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">docs.google.com/forms/d/e/1FAI</span><span class="invisible">pQLSfC490BHoCR4gHekZcMLBgbHMhUQZr7ZVYZG1OkaWdKGwH73g/viewform</span></a></p><p><a href="https://infosec.exchange/tags/CISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CISA</span></a> <a href="https://infosec.exchange/tags/ics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ics</span></a> <a href="https://infosec.exchange/tags/ot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ot</span></a> <a href="https://infosec.exchange/tags/icssecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>icssecurity</span></a> <a href="https://infosec.exchange/tags/vulnerabilitymanagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerabilitymanagement</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
Joe Słowik<p><a href="https://infosec.exchange/tags/ICSsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICSsecurity</span></a> <a href="https://infosec.exchange/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://infosec.exchange/tags/OT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OT</span></a> <a href="https://infosec.exchange/tags/shitposting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>shitposting</span></a></p>
jdchristopher<p>So, an <a href="https://infosec.exchange/tags/introduction" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>introduction</span></a>, eh?</p><p>I'm a recovering <a href="https://infosec.exchange/tags/engineer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>engineer</span></a>, former CTO, security researcher, and ex-regulator for <a href="https://infosec.exchange/tags/ICSsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICSsecurity</span></a>. I'm now the Director of Cyber Risk at Dragos and I teach (and write) for <a href="https://infosec.exchange/tags/SANS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SANS</span></a>.</p><p>I've had a lucky career-- I've testified before the US Congress and several federal agencies (as well as a few other countries abroad) and have helped hundreds of industrial organizations improve their <a href="https://infosec.exchange/tags/OT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OT</span></a> security. I've helped write a handful of international standards and I have some strong opinions on what "good" looks like for ICS/OT.</p><p>I'll usually write/present on:<br><a href="https://infosec.exchange/tags/cyberrisk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cyberrisk</span></a> <a href="https://infosec.exchange/tags/metrics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>metrics</span></a> <a href="https://infosec.exchange/tags/technical" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>technical</span></a> <a href="https://infosec.exchange/tags/standards" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>standards</span></a> <a href="https://infosec.exchange/tags/engineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>engineering</span></a> <a href="https://infosec.exchange/tags/safety" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>safety</span></a> <a href="https://infosec.exchange/tags/auditing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>auditing</span></a> <a href="https://infosec.exchange/tags/industrial" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>industrial</span></a> <a href="https://infosec.exchange/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://infosec.exchange/tags/IIoT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IIoT</span></a> <a href="https://infosec.exchange/tags/governance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>governance</span></a> <br>...and whatever strikes my fancy. My focus over the past 5-10 years has been more board-level, but I spent a large part of my career in a hard hat trying to fix (and break) industrial systems.</p><p>That said, if anyone asks me "what do you do for a living?" I usually avoid talking about myself and instead deviate to more important things... like living a healthy, happy life and helping others where I can.</p><p>Oh, and memes. I shitpost memes about how absurd our small community can be some times.</p><p>Oof. 9,718 characters left. Uhh. Check out my bio here if you want more info: <a href="https://www.sans.org/profiles/jason-d-christopher/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">sans.org/profiles/jason-d-chri</span><span class="invisible">stopher/</span></a></p>
Khalid Ansari<p>After months of dedicated work by a group of asset owners, product manufacturers and certification bodies, ISASecure® has published the IIoT certification (ICSA) scheme documents. This certification scheme is based on the ISA/IEC-62443 standards with additional requirements to cover connectivity with cloud and untrusted networks.</p><p>ICSA addresses product security characteristics and capabilities as well as supplier development practices for IIoT devices and IIoT gateways. Check out the documents, specifically the ICSA-311 and ISDLA-312 for the technical and secure development lifecylce requirements respectively (you'll need a free account to download documents): </p><p><a href="https://infosec.exchange/tags/IIoT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IIoT</span></a> #62443 <a href="https://infosec.exchange/tags/icssecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>icssecurity</span></a> <a href="https://infosec.exchange/tags/OT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OT</span></a> </p><p><a href="https://isasecure.org/en-US/Certification/IEC-62443-ICSA-Certification" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">isasecure.org/en-US/Certificat</span><span class="invisible">ion/IEC-62443-ICSA-Certification</span></a></p>