{"id":479,"date":"2021-10-14T13:15:52","date_gmt":"2021-10-14T10:15:52","guid":{"rendered":"https:\/\/zerontek.com\/zt\/?p=479"},"modified":"2021-10-31T08:41:18","modified_gmt":"2021-10-31T05:41:18","slug":"reduce-your-ot-risk","status":"publish","type":"post","link":"https:\/\/zerontek.com\/zt\/2021\/10\/14\/reduce-your-ot-risk\/","title":{"rendered":"Reduce your OT risk"},"content":{"rendered":"\n<p>Cyber security business is all about risk . The real value of this business is to reduce risk. Thats its philosophy in a nutshell. That is the goal  of the many products we see in the market today, even if they claim that their products make your organization secure which is not true. . There is no way to eliminate the entire risk, it&#8217;s just not possible. If you understand this philosophy , then you will know that cyber security is a process not a product. This philosophy applies to OT security accurately. <\/p>\n\n\n\n<p>During my Phd research, I developed a framework to measure the risk of OT devices. I got this idea in 2012 when I was browsing <a rel=\"noreferrer noopener\" href=\"https:\/\/www.shodan.io\/\" target=\"_blank\">Shodan<\/a> and looking at the <a rel=\"noreferrer noopener\" href=\"https:\/\/www.shodan.io\/explore\/category\/industrial-control-systems\" target=\"_blank\">ICS category<\/a>. I was astonished to see many online ICS devices where many of them had open ports, weak configurations, exposed administrative web interfaces and other vulnerabilities. This sparked my imagination and wondered &#8220;How risky are these devices?&#8221; . This inspired me to to think of an approach to measure their risk and to question whether <a rel=\"noreferrer noopener\" href=\"https:\/\/www.first.org\/cvss\/\" target=\"_blank\">CVSS<\/a> works or not for  online OT devices. My goal was to help organizations diagnose their OT infrastructure and thus be able to prioritize risk , defenses and mitigations. In future articles, I will go more in depth about my risk framework. Stay tuned !<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cyber security business is all about risk . The real value of this business is to reduce risk. Thats its philosophy in a nutshell. That is the goal of the many products we see in the market today, even if they claim that their products make your organization secure which is not true. . There [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,3,76,48,31,23],"tags":[7,13,6,75,12,47],"class_list":["post-479","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-ics-security","category-icsrank","category-ot-security","category-risk-assessment","category-shodan","tag-cyber-security","tag-ics","tag-ics-security","tag-icsrank","tag-ot","tag-ot-security"],"_links":{"self":[{"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/posts\/479","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/comments?post=479"}],"version-history":[{"count":4,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/posts\/479\/revisions"}],"predecessor-version":[{"id":485,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/posts\/479\/revisions\/485"}],"wp:attachment":[{"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/media?parent=479"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/categories?post=479"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/tags?post=479"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}