Idk what he is talking about but I feel safer knowing he is on the job! lol at “VUUUUUUULLLNNS!” 2:42

He really knows his stuff 😮

English!!! Do you speak it?

What's wrong with camera?!

Thanks

Very informative

incredible

You are amazing.

Isn't this just leaking info to russians? now they can counter that.

Thanks.

Clearly, he has not heard of ISA-62443-4-2 and the Achilles Test Platform.

One of the presentations so far!

Enjoyed learning about SW Supply Chain Security.

Great presentation....

Nice speech!

Audio is way too low.

Indeed.

Did Coffee help Bill Clinton from his Lewinsky addiction in an Oval important?

Thanks

Disappointing to see Rob Lee essentially adopt Hamas talking points. Terrorist groups will utilize civilian infrastructure in order to store weapons and hostages, and will sometimes even use those sites to launch their attacks. It's utterly ridiculous to say that civilian sites which have been militarized are not valid targets in war. If we followed his advice on never hacking civilian infrastructure, we'd just be putting ourselves at a disadvantage. You don't think the military/NSA should at the very least be prepositioning themselves within adversaries' critical infrastructure in the event of a war? Ok great, but that high road has real costs. I'd rather see those costs put on the aggressors instead of our population if and when we get attacked.

Love that Rob can take a topic like ICS and make it completely entertaining. He is one hell of a dynamic public speaker and as always it's a zero bullshit / just focus on the basics approach. Well done sir!

I could probably listen to Rob talk about almost anything! Entertaining and so much interesting details. Thanks for sharing this interview.

Insightful. I hope more organizations start taking an honest risk-based look at their security strategies.

This man who act like he was just there with no fault it’s now been charged by SEC for “false and misleading statements and omissions…”. Good job Mr “I teach you how to be exemplary”…

I like how the decompiled code still uses windows type names: BOOL DWORD etc

Truly a meaningful and educating session created by Dale Peterson and Andrew Ginter. It explains the "big secret" as related to how many OT directed attacks occured.

@Justin Why we consider the impact as CIA? We must do that according to SRA (Safety-reliability-Availability

Great presentation

Thank you.

Excellent presentation.

audio is very poor

This was an interesting talk. We never think about rail for some reason. Thanks Miki!

They know EXACTLY how to cut off the foreskin of male children!

What a great presentation and story! Also, Megan needs more caffeine... 😁

Great Video ,educative indeed

I enjoyed Colin’s talk in Miami live. 👍🏼

What a concept. Now, what language do we need to speak in order to explain this to the executives and business people calling the shots?

Wonderful success story - thank you for sharing!

Truly Impressive Patrick Miller and Dale Peterson

You two are the best. Great when you can be in the same convo.

very well explained. Appreciate the effort put into the speech.

Actually the original creator and 'coiner' of the phrase "Zero Trust" was Stephen Paul Marsh, in his doctoral thesis in 1994. You can google this to see its true. But odd, no credit that ive seen has been given to Stephen.

Thanks to Dale Peterson and the whole #S4x24 staff and community for their support for an extremely important principle, something that we should all keep an eye out for and know when to identify and when to push back or challenge.

Perhaps another way of looking at this issue is the normalization of complexity. Most engineers have the KISS (Keep It Simple, Stupid) principle hammered in to them from their very first internship job. But many software and network design firms seem to live by the principle of "putting things on top of other things" (yes, I am referring to that Monty Python sketch). When making the transition from basic pneumatic and electromechanical controls to software, and DCS/SCADA, we slid toward very significant complexity. A case study on how bad this can get can be found in a 2013 case of Bookout v. Toyota, where the Engine Controls could cause unintended acceleration. We haven't learned much since then. We're still putting things on top of other things. Maybe it is time to discuss limits.

Think of a control system at a small water utility no differently than an autopilot in a small plane. Autopilots do help. They enable flying to be much more precise and they improve economy. But you can fly them by hand. Civil Aircraft are supposed to be designed for dynamic stability (this is actual regulation). Failure of the automation is not an OMG I'm gonna fall out of the sky event. And neither is the automation at most small water utilities. Will it be less efficient? Yes. Will the quality of the water vary more? Yes. But the systems were originally designed to function without automation of any sort. As long as the attack against automation is recognized and maintained, (and there are protocols to discover and deal with automation failures), it will be a non-event.

Cybersecurity is illusion. 🤭