So I don't envy the NIST team as they embark on a rewrite of Special Publication 800-82, Guide to Operational Technology (OT) Security. Because it's not a rulemaking (the guidance isn't mandatory) the comments NIST asked for from stakeholders, experts and others aren't published.
🧵2/3
@deptofwar.bsky.social senior-most cyber official, Katie Sutton, gave new details at last week's #CyberWorkforceSummit about the "force generation" and personnel reforms being enacted under CyberCom 2.0, including skills based hiring & incentive pay.
www.govinfosecurity.com/pentagon-giv...
ICYMI, my story looks at the implications of the AI-assissted cyber intrusion into the network of a municipal water utility in Monterrey, Mexico. With analysis from Dragos Inc's Jay Deen and commentary from @marcussachs.bsky.social. Their conclusions might surprise you.
www.ot.today/water-system...
ICYMI last week, here is my story on the new guidance from CISA adapting #ZeroTrust from IT to operational technology/industrial control systems (OT/ICS)
To be blunt, the reaction from most of the experts I spoke to was pretty "meh," and several thought there were gaps
www.ot.today/cybersecurit...
Three major OT security vendors, Dragos, Armis and
@claroty.bsky.social, shared the comments they sent to NIST & explained what they wanted from the rewrite. Details in my latest story for OT Today
www.ot.today/nist-urged-t...
h/t @w2communications.bsky.social @teamlewisglobal.bsky.social
🧵3/3