Secure ICS OT
@secure-ics-ot.bsky.social
ICS/OT posts from a GICSP. ISA member working on ISA 62443 Certs. Canadian.
My posts are my own and are not a reflection of my place of work or employer.
X: @Secure_ICS_OT
Mastodon: https://infosec.exchange/@Secure_ICS_OT
#ICS #OT #GICSP #IEC62443
My posts are my own and are not a reflection of my place of work or employer.
X: @Secure_ICS_OT
Mastodon: https://infosec.exchange/@Secure_ICS_OT
#ICS #OT #GICSP #IEC62443
A computer in IT is not the same in ICS/OT.
In IT a computer is a general purpose machine with business applications.
In ICS/OT workstations are task based machines with specific software that is licensed for either engineering work, operations work or even operating specific test equipment.
In IT a computer is a general purpose machine with business applications.
In ICS/OT workstations are task based machines with specific software that is licensed for either engineering work, operations work or even operating specific test equipment.
November 15, 2025 at 12:32 AM
A computer in IT is not the same in ICS/OT.
In IT a computer is a general purpose machine with business applications.
In ICS/OT workstations are task based machines with specific software that is licensed for either engineering work, operations work or even operating specific test equipment.
In IT a computer is a general purpose machine with business applications.
In ICS/OT workstations are task based machines with specific software that is licensed for either engineering work, operations work or even operating specific test equipment.
I have been emailing firewall alarms to my work email for 8 years.
IT and Security are completely oblivious to plain text smtp flowing through their system with the information they are asking me for.
Just saying.
IT and Security are completely oblivious to plain text smtp flowing through their system with the information they are asking me for.
Just saying.
November 14, 2025 at 11:56 PM
I have been emailing firewall alarms to my work email for 8 years.
IT and Security are completely oblivious to plain text smtp flowing through their system with the information they are asking me for.
Just saying.
IT and Security are completely oblivious to plain text smtp flowing through their system with the information they are asking me for.
Just saying.
A network switch in IT is not the same as a network switch in ICS/OT.
In ICS/OT you need to understand what the switch is doing and if it is part of the process.
Rebooting it or changing settings could cause a process to shutdown, loss of control, create a safety issue or put equipment at risk.
In ICS/OT you need to understand what the switch is doing and if it is part of the process.
Rebooting it or changing settings could cause a process to shutdown, loss of control, create a safety issue or put equipment at risk.
November 14, 2025 at 11:50 PM
A network switch in IT is not the same as a network switch in ICS/OT.
In ICS/OT you need to understand what the switch is doing and if it is part of the process.
Rebooting it or changing settings could cause a process to shutdown, loss of control, create a safety issue or put equipment at risk.
In ICS/OT you need to understand what the switch is doing and if it is part of the process.
Rebooting it or changing settings could cause a process to shutdown, loss of control, create a safety issue or put equipment at risk.
Work currently:
November 14, 2025 at 11:38 PM
Work currently:
If IT buys Nessus do I own Nessus?
November 14, 2025 at 10:39 PM
If IT buys Nessus do I own Nessus?
Maybe don't use Teams for job interviews.
Just saying.
Just saying.
November 14, 2025 at 1:11 PM
Maybe don't use Teams for job interviews.
Just saying.
Just saying.
When troubleshooting you need to recognize false issues that are not part of the problem or you can go down the wrong path.
November 14, 2025 at 1:01 PM
When troubleshooting you need to recognize false issues that are not part of the problem or you can go down the wrong path.
Maybe work on your soft skills.
November 14, 2025 at 4:06 AM
Maybe work on your soft skills.
When you successfully navigate all the technical troubleshooting that filled your day:
a man in a red shirt stands in front of boats
ALT: a man in a red shirt stands in front of boats
media.tenor.com
November 14, 2025 at 12:34 AM
When you successfully navigate all the technical troubleshooting that filled your day:
It is a fucking nightmare when you're constantly lied too by people that say they are trying to help you.
November 13, 2025 at 5:30 PM
It is a fucking nightmare when you're constantly lied too by people that say they are trying to help you.
Everyone seems to forget that all the free ICS/OT yearly threat reports are really marketing material.
It's great information and I appreciate the insight, but it's marketing material designed to drive sales.
It's great information and I appreciate the insight, but it's marketing material designed to drive sales.
November 13, 2025 at 1:25 PM
Everyone seems to forget that all the free ICS/OT yearly threat reports are really marketing material.
It's great information and I appreciate the insight, but it's marketing material designed to drive sales.
It's great information and I appreciate the insight, but it's marketing material designed to drive sales.
I need to arrange a cage match for my various project managers so they can determine who is priority.
November 13, 2025 at 3:32 AM
I need to arrange a cage match for my various project managers so they can determine who is priority.
It doesn't inspire confidence.
If you freak out when the ICS/OT shows you the ICS/OT.
If you freak out when the ICS/OT shows you the ICS/OT.
November 13, 2025 at 2:53 AM
It doesn't inspire confidence.
If you freak out when the ICS/OT shows you the ICS/OT.
If you freak out when the ICS/OT shows you the ICS/OT.
The IOT and IIOT devices and subsequent cloud services are turning your network perimeter into Swiss cheese.
November 12, 2025 at 8:04 PM
The IOT and IIOT devices and subsequent cloud services are turning your network perimeter into Swiss cheese.
Twitter has fucked up there login.
November 12, 2025 at 6:41 PM
Twitter has fucked up there login.
I have gone through several cyber security audits over the years by various firms.
None have been by firms that understand ICS/OT and none have flagged the glaring architectural error I currently have.
I suggest getting an audit done by a firm that understands ICS/OT.
None have been by firms that understand ICS/OT and none have flagged the glaring architectural error I currently have.
I suggest getting an audit done by a firm that understands ICS/OT.
November 11, 2025 at 6:03 PM
I have gone through several cyber security audits over the years by various firms.
None have been by firms that understand ICS/OT and none have flagged the glaring architectural error I currently have.
I suggest getting an audit done by a firm that understands ICS/OT.
None have been by firms that understand ICS/OT and none have flagged the glaring architectural error I currently have.
I suggest getting an audit done by a firm that understands ICS/OT.
Have you identified your organization's actual crown jewels and your organization's crown jewels that have a cyber impact?
They might not be the same.
They might not be the same.
November 11, 2025 at 1:57 PM
Have you identified your organization's actual crown jewels and your organization's crown jewels that have a cyber impact?
They might not be the same.
They might not be the same.
The number of people concerned about the Louvre security camera's comically weak password, which wasn't involved in the incident.
Instead of the actual vulnerability which was threat actors bypassing the museum's security with a simple smash and grab.
Speaks volumes.
Instead of the actual vulnerability which was threat actors bypassing the museum's security with a simple smash and grab.
Speaks volumes.
November 11, 2025 at 1:15 PM
The number of people concerned about the Louvre security camera's comically weak password, which wasn't involved in the incident.
Instead of the actual vulnerability which was threat actors bypassing the museum's security with a simple smash and grab.
Speaks volumes.
Instead of the actual vulnerability which was threat actors bypassing the museum's security with a simple smash and grab.
Speaks volumes.
Tom Lawrence (LinkedIn):
November 11, 2025 at 2:42 AM
Tom Lawrence (LinkedIn):
A host on the Corporate side has just put itself in the naughty bucket.
November 11, 2025 at 1:52 AM
A host on the Corporate side has just put itself in the naughty bucket.