Threat modeling: what is it, how does it work and why is it so important?

You might have heard of threat modeling as a structured activity for identifying and managing application threats. And that’s exactly what it is. Threat modeling – also called Architectural Risk Analysis – is an essential step in the development of your application. Without it, your protection is a shot in the dark. Multiple security issues,…

Why data integrity is crucial for safety in industrial environments

It is well known that the most important factor within the process industry is the availability of the systems and environment. The plant must be running at all times. That’s why most security improvement efforts are made in that area.  However, the integrity of the information and data within the industrial control systems environment can’t…

How do you build a (modest) ICS testing & training lab?

Part of training people into becoming ICS security specialists is providing them the opportunity to test or train certain things in a ‘safe’ environment. Which means you’ll need a (modest) ICS testing & training lab. There are some great labs out there (Idaho National Labs for example), that offer every test set-up you can think of.…

How do you become an ICS Security Specialist

During one of my recent lectures on ICS Security one of the students asked me where he had to start to become an ICS Security Specialist. Since I couldn’t give a clear answer right away, I put some thought into the subject and tried to gain more insights on the most important requirements and potential…