S4 is the world's largest and most advanced ICS Security / SCADA Security and Operations Technology Event. The best in world, the influencers, 1,100 at the last event, gather in Miami South Beach every winter to Create The Future of OT and ICS security. S4x24 will be March 4 - 7.
Dale Peterson makes the S4 videos, and a lot of other content, available to foster the development of the ICS community and encourage future S4 sessions.
for anyone that is strapped for time, I have a ChatGPT lay terms summary here - feel free to chime in if it doesn't cover the essence: - The talk questions if cybersecurity is linked to the laws of physics, particularly around uncertainty. - It suggests cybersecurity isn't just about preventing attacks but managing uncertainty, much like concepts in physics. - Early security focused on trust, but has shifted toward assessing risk. - The speaker argues that our tech wasn't designed to protect "meaning," making security harder to achieve. - The key idea is that complexity in systems creates more risk, and simplifying or limiting systems (like using specific chips or safe programming languages) helps security. - The speaker invites further exploration of cybersecurity’s connection to physics, but it's an open question. The presentation is largely theoretical, but there are some actionable ideas for cybersecurity: - Reduce complexity: Design systems with less complexity to lower risks, using tools like memory-safe languages, custom hardware, or "deny by default" settings. - Prioritize constraint: Build systems with limited, essential functions to minimize vulnerabilities and enhance security. - Optimize for meaningful data: Focus on securing meaningful information to reduce unnecessary data and limit the attack surface.
The Ba5tard is Orchestrating a REAL LIFE Billion P1G CHARADE. The Ba5tard Cant FULLY Speak The English Language AND The Ba5tard is Trying To Trick Me, He's a Hardware Hacker.
US first to use atomic bombs against civilians US first (with Israel) to destroy infrastructure with cyberweapon Stuxnet US first to destroy infrastructure re Nord Stream - the worlds biggest environmental terrorist act US then complains stating how other countries may attack undersea communications, gas / oil pipelines etc
But it's true, as Ralph said; These are just design flaws. (as amusing as using loops, when struct/assert, may be preferred, speed, security, whatever…) The funny mistakes, as plentiful as they were, make no mistake, it worked.
Some great points (especially on the VC expectations) but a lot of the "proposed" trends shown here can be correlated to non-OT/ICS market related factors - the greater global economy. You'll see a similar trend in IT. Take a few steps back, wait a couple of years and this will look different.
A lot of useful information. If you want to understand OT security in 2024, an understanding of OT security market forces is a requirement, and Ted presents many important parameters. Worth a watch.
Yikes, a lot of ingenious people with capabilities are using their time and resources where a lot of aspects (mainly context and connectios between applications) could have been designed and documented as part of the initial plant/process/machinery design. All that time and resources used for the actual anomaly hunt would benefit all OT parties much more.
Disappointing to see Rob Lee essentially adopt Hamas talking points. Terrorist groups will utilize civilian infrastructure in order to store weapons and hostages, and will sometimes even use those sites to launch their attacks. It's utterly ridiculous to say that civilian sites which have been militarized are not valid targets in war. If we followed his advice on never hacking civilian infrastructure, we'd just be putting ourselves at a disadvantage. You don't think the military/NSA should at the very least be prepositioning themselves within adversaries' critical infrastructure in the event of a war? Ok great, but that high road has real costs. I'd rather see those costs put on the aggressors instead of our population if and when we get attacked.
Love that Rob can take a topic like ICS and make it completely entertaining. He is one hell of a dynamic public speaker and as always it's a zero bullshit / just focus on the basics approach. Well done sir!