Kurt Niehaus’ Post

Here's a great video from our Executive Chair touching on how to liberate data from data islands and turn it into usable information.

Dale Peterson recently put up a snippet of his conversation with Dragos’ Robert M. Lee. If you don’t know these two, they are both OT Cybersecurity heavyweights and I suggest following them. For some background, Dragos, Inc. has long been known for their threat intelligence. In the OT space, it’s top-tier. Dale has a great question: “why does it matter, if regardless of threat you should do the same thing and follow the SANS recommendations?” Robert’s answer surprised me: it’s to help those not close to OT cybersecurity recognize why we should be doing all these (sometimes expensive) Cybersecurity controls. If you have an OT system and you’re struggling with what to do next, please reach out. We at | GrayMatter | can lend a hand guiding you through what a typical Cybersecurity maturity model looks like so that you’re able to make sure you get the basics right and implement those controls that makes sense for your risk tolerance and industrial profile. 

Great Points Mike Holcomb! There are three aspects of | GrayMatter |'s approach that help with this. First, most business leaders don't like hearing about what seems like a simple overhead expenditure increase. Instead, we look at the investment in terms of potential risk mitigation. That is, after an assessment, we provide a report and a report summary - a summary which highlights the expenditure vs. mitigation. Second, our assessments are not conducted in a vacuum. All stakeholders are invited to participate, including both IT and OT. This allows the team to speak in a more unified voice instead of sounding adversarial to the higher-ups. Third, we look at cybersecurity as an enabler. Whether it is decreased downtime through secure remote support, or improving data utilization, cybersecurity supports other improvements that have an ROI.

Sameer Kausar 🦆 It's a great picture to delineate the roles. Another point is that AEs tend to support different kinds of SE, with each SE type covering a different tech/product/service. So having the AEs surrounded by different SEs helps the SE see that the reason the AE doesn't go as deep technically is because they need to have broader topical knowledge and not because of some personal flaw.

We've got an opening for a Senior Cyber Engineer. If you meet the qualifications, please apply! If you're already connected to me, shoot me a DM and we can talk about it and I'll make sure your resume is "in the right pile."

Great slide deck! “The impending technical labor shortage” isn’t impending – it’s here. One thing I see very few employers understand is this: if the total compensation is better elsewhere, it’s not a lateral move to the employee. An example is moving from engineering into finance. If the money is better in finance, finance is a “step up.” A place I’d disagree is about poaching talent. It will always be possible, and I think it’s actually a necessity. Until a company starts losing people through poaching, the compensation needle won’t move enough to entice more people to join.  And having young, smart people join the manufacturing workforce is what we need right now.  That said, the people you want to poach are those with a track record of upskilling those around them.  That makes them a force multiplier helping you get more out of your existing workforce investment. The slide I think might be missing is one on outsourcing. Up-skilling takes both strategic investment and time. When you need to be nimble, getting help from outside the organization can help jump start your efforts. One of the great things about | GrayMatter | is that we both strive to upscale internally, acquire experienced talent externally (thank you John Gehan!), and hire raw potential. This three- pronged approach allows us to provide technical expertise to companies who find themselves without the right technical staff with regards to automation and OT services. 

Reposting for reach.

I’ve seen several references to jump servers recently in literature with little explanation. So what is a jump server? Simply put, it is a (secure) computer that allows access from one network to another. Its typical application in ICS is to allow remote users – users not physically near the control system – to have access to a control system. A proper network design will make it the single conduit to the control system, allowing all access to be managed and administered at a single point. This architecture therefore reduces the attack surface of the control system. Additionally, it is a common – though not universal – practice to only allow such remote access if there is a credentialed local operator present to permit access to the system. Typically, authorized access is removed after an idle period and must be reauthorized to continue.  Removing direct access to the internet is a key component to even the simplest OT cybersecurity program. Properly implementing a jump server can allow OEMs and other support personnel remote access while also retaining oversight by site personnel. Per above, by extending these controls beyond simple administrative controls (like removing a cable when complete), cybersecurity posture can be substantially improved. This control over remote access not only addresses some security concerns while retaining remote access for maintenance and support, it also serves as a safety check on any remote access by site personnel. This means that if remote personnel inadvertently create an adverse condition, there is a local presence able to assist in promptly identifying and mitigating the error before it becomes a dangerous event. Since a jump server needs to function in coordination with properly configured firewalls and an actively maintained role-based access control policy, it may be necessary to leverage outside assistance to ensure adherence to best practices. Please contact | GrayMatter | to learn more. 

Because I'm a sucker for a LotR reference, and this a very good video, I suggest watching! Covers everything from initial steps to training on deployed system - a system that provides multiple recommendations based on current importance to keep your water plant compliant, even through changing regulations.

As the world pauses to commemorate D-Day this, the 6th of June, we find ourselves reflecting on the fading echoes of a pivotal moment in history. The Normandy landings in 1944 were not merely a turning point in World War II but a testament to the extraordinary valor and sacrifice of countless individuals. As time marches on, the number of surviving veterans diminishes, making our remembrance of their deeds even more poignant. Operation Overlord was a monumental feat of coordination, strategy, and sheer bravery. The storming of Utah, Omaha, Gold, Juno, and Sword beaches required unflinching resolve in the face of almost insurmountable odds. Those who lived through that harrowing day have long borne the memories of comrades fallen, the chaos of battle, and the fragile line between life and death. In our remembrance, we find a call to action: to uphold the values for which they fought and to cherish the peace secured by their sacrifice. As the number of those who can recount that day dwindles, our duty to remember and honor their legacy grows ever more profound. Let us ensure that the bravery of June 6, 1944, is etched forever in the annals of history and in our collective memory.