, 6 tweets, 1 min read Read on Twitter
It’s almost a trope now - there is a ubiquitous thing that happens in Dragos corporate chat every time there’s a major power outage or industrial accident anywhere:

“X just exploded. Prepare to handle inbound cyberwarfare questions!”

Always happy to help, but let’s chat: (1/x)
We are typically already looking into it or starting to look into it in tandem, but so many of our analysts often get pulled into fighting FUD and mistaken speculation from high profile pundits that we also have to prepare and plan for that too.
Most industrial failures (even bizarre ones) are statistically simply due to accidents or equipment malfunctions. It’s interesting that cyberattack is so many people’s first fear these days. Especially when organizations still have trouble budgeting for security.
Commodity, advanced, and insider digital attacks absolutely can and do happen in OT and do cause damage to industrial systems - and that definitely needs to be planned for and deterred. But the shift in public perception to the first assumption being attack is really astounding!
Anyway, unless it’s an organization they’re actively doing security monitoring on (and then they’re probably under NDA), there are very few who can reliably confirm a cyberattack as a root cause in the first hours after something bad happens. That’s so early in triage and IR.
In an industrial incident, step one is life and safety - containing and mitigating the problem. Saving lives and equipment. Restoring critical services.

That’s why planning for *consequences* is so important in OT security, rather than doing cybersecurity in a vacuum. (End)
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Lesley Carhart
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!