We are pleased to announce the general availability of Andrew Ginter’s new book, Secure Operations Technology (SEC-OT). SEC-OT is a perspective, a methodology and a set of best practices that document what thoroughly-secured industrial sites actually do. What these sites do differs sharply from what most industrial sites do.
We are pleased to announce the general availability of Andrew Ginter’s new book, Secure Operations Technology (SEC-OT). SEC-OT is a perspective, a methodology and a set of best practices that document what thoroughly-secured industrial sites actually do. What these sites do differs sharply from what most industrial sites do.
Most industrial sites practice IT Security (IT-SEC) whose focus is to “protect the information” – the CIA, the AIC, the IAC, or the something of the information. The focus at secure industrial sites though, is protecting the safe, reliable, continuous and correct operation of the physical, industrial process, not protecting information. Indeed, secure sites are focused on precisely the opposite – protecting correct and continuous physical operations from information, more specifically from cyber attacks that may be embedded in information.
The strategy for SEC-OT is physical protection of control-critical networks from information/attack flows, not just IT-SEC-style software protection. To be fair though, all SEC-OT sites also deploy comprehensive, software-based IT-SEC security programs. Early readers of the new book asked why the book is not called “Operations Technology Security” (OT-SEC). The reason Andrew Ginter did not use this title is because a book on OT-SEC would necessarily have been much longer than one on SEC-OT.
Rather than documenting the entire concept of OT-SEC, the new book focuses on the difference between OT-SEC and IT-SEC. SEC-OT is the “missing link” – SEC-OT is what elevates secure industrial sites above the “bulge” in the bell curve of security program strength.
While some readers of the new book called it “controversial”, Mr. Ginter maintains that the book documents what thoroughly-secured sites do: “I do not see this as controversial, I see it as reporting and relaying the facts. The real question is: why is nobody else talking about these practices?”
Cyber attacks continue to become more capable and more sophisticated, and all industrial sites are increasing the strength of their defensive postures to address steadily increasing threats. The entire bell curve of security posture strength is shifting to the right – in the direction of today’s SEC-OT sites. What SEC-OT sites do today is sooner or later the future of all industrial sites.
Waterfall Security Solutions is making free copies of the new book available to qualified practitioners. All industrial security practitioners are strongly recommended to take advantage of the offer and become familiar with the perspective and practices of the world’s most secure industrial sites.
Most industrial sites practice IT Security (IT-SEC) whose focus is to “protect the information” – the CIA, the AIC, the IAC, or the something of the information. The focus at secure industrial sites though, is protecting the safe, reliable, continuous and correct operation of the physical, industrial process, not protecting information. Indeed, secure sites are focused on precisely the opposite – protecting correct and continuous physical operations from information, more specifically from cyber attacks that may be embedded in information.
The strategy for SEC-OT is physical protection of control-critical networks from information/attack flows, not just IT-SEC-style software protection. To be fair though, all SEC-OT sites also deploy comprehensive, software-based IT-SEC security programs. Early readers of the new book asked why I did not call the book “Operations Technology Security” (OT-SEC). I did not use this title because a book on OT-SEC would necessarily have been much longer than one on SEC-OT.
What I document in the new book is not all of OT-SEC, but the difference between OT-SEC and IT-SEC. SEC-OT is the “missing link” – SEC-OT is what elevates secure industrial sites above the “bulge” in the bell curve of security program strength.
Readers of the new book have called it “controversial.” What I do in the book though, is document what thoroughly-secured sites do. I do not see this as controversial, I see it as reporting and relaying the facts. The real question is; why is nobody else talking about these practices?
Cyber attacks continue to become more capable and more sophisticated, and all industrial sites are increasing the strength of their defensive postures to address steadily increasing threats. The entire bell curve of security posture strength is shifting to the right – in the direction of today’s SEC-OT sites. What SEC-OT sites do today is sooner or later the future of all industrial sites.
For a limited time, Waterfall Security Solutions is making free copies of the new book available to qualified practitioners. I encourage all industrial security practitioners to take advantage of the offer and become familiar with the perspective and practices of the world’s most secure industrial sites.
Belarussian “cyber activists” disrupted passenger rail traffic in the country by encrypting ticketing and other IT systems.
The cyber threat environment for rails operators grows steadily worse. Rail system operators urgently need cybersecurity designs and solutions that will repel even the most sophisticated of cyber attackers, today and throughout the foreseeable future. Waterfall’s Unidirectional Security Gateways enable are such solutions.
Cyber attacks are targeting critical infrastructures, but shut downs are unacceptable. Waterfall’s products defeat 100% of online cyber attacks for future-proof industrial cybersecurity.
English
Français
Español
עברית
Deutsch
日本語
한국어
中文
اَلْعَرَبِيَّةُ