Eric Byres Profile
Eric Byres

@ICS_Secure

Followers
3K
Following
169
Media
42
Statuses
993

Inventor of the Tofino Security, leading expert in the field of ICS and SCADA security and ISA Fellow

Canada
Joined July 2009
Don't wanna be here? Send us removal request.
@ICS_Secure
Eric Byres
1 year
Check out this post on responding quickly to open-source supply chain attacks, in this case, the #XZ hack. This backdoor was deliberately injected into the widely used secure shell service daemon #sshd by unknown attackers (IMHO a nation-state: see also .
Tweet card summary image
wired.com
The thwarted XZ Utils supply chain attack was years in the making. Now, clues suggest nation-state hackers were behind the persona that inserted the malicious code.
@aDolus_Inc
aDolus Inc.
1 year
We have a new blog post describing our response to the #vulnerability in the #XZ Utils library. We reassured our customers that they were at no risk from this threat (and spared them the costly task of wading through false positives to find it). #liblz.
0
0
2
@ICS_Secure
Eric Byres
1 year
RT @aDolus_Inc: Read @ICS_Secure's latest blog on Evolving Threats and Regulations in Software Supply Chain Security. Attacks are on the ri….
0
3
0
@ICS_Secure
Eric Byres
2 years
RT @allanfriedman: @aDolus_Inc @ICS_Secure I was in Brussels last week talking about this exact issue with Commission staff and ENISA exper….
0
1
0
@ICS_Secure
Eric Byres
2 years
Most SBOM initiatives have been coming out of the US, thanks to EO14028. Now, the EU is adding teeth to requirements for SBOMs with its Cyber Resilience Act. Check out my summary of the impact on the IoT/OT markets; let me know if you agree that it could have a massive impact.
@aDolus_Inc
aDolus Inc.
2 years
The EU Cyber Resilience Act took a big step toward enactment this week. Read our blog to get @ICS_Secure's commentary on the implications this legislation has for software supply chain security. #SBOM #vulnerabilitymanagement.
1
0
1
@ICS_Secure
Eric Byres
2 years
RT @aDolus_Inc: The EU Cyber Resilience Act took a big step toward enactment this week. Read our blog to get @ICS_Secure's commentary on th….
Tweet card summary image
blog.adolus.com
The EU Cyber Resilience Act (CRA) is one step from official adoption. Supply chain security, SBOMs and vulnerability management are priorities.
0
2
0
@ICS_Secure
Eric Byres
2 years
If you’ll be at the @SecurityWeek ICS Cybersecurity Conference in Atlanta, track me down. I'm happy to explain how the industry made huge strides using SBOMs to secure software supply chains. #ICSCC23.
@aDolus_Inc
aDolus Inc.
2 years
Planning to be at the @SecurityWeek ICS Cybersecurity Conference in Atlanta this week? Don't miss hearing Eric Byres @ICS_Secure speak on Making a Molehill Out of a Mountain of #SBOMs. Learn how to convert SBOM data into actionable threat and risk intelligence. #ICSCC23
Tweet media one
0
2
2
@ICS_Secure
Eric Byres
2 years
The 2023 #MDDR report shines a sharp light on the state of OT firmware updates. You can read more about the actual statistics and my thoughts on the reasons in my blog.
@aDolus_Inc
aDolus Inc.
2 years
The 2023 Microsoft Digital Defense Report (#MDDR) features aDolus OT #vulnerabilities analysis. Together we uncovered alarming statistics about unpatched, highly vulnerable PLCs on OT networks. Read our blog: The Wretched State of OT Firmware Patching.
0
0
1
@ICS_Secure
Eric Byres
2 years
Effective hunting for #vulnerabilities in #OT requires navigating the namespace problem (i.e., most product and vendor names have multiple aliases), plus the ability to process text-based data such as massive PDFs from vendors. Our blog explains how we did it for the #MDDR.
@aDolus_Inc
aDolus Inc.
2 years
The Microsoft Digital Defense Report (#MDDR 2023) dropped today and we provided key research and analysis for the section on OT #vulnerabilities. Read how we used machine learning to analyze manufacturer and industry disclosures to identify CVEs in PLCs.
0
1
2
@ICS_Secure
Eric Byres
2 years
RT @aDolus_Inc: The Microsoft Digital Defense Report (#MDDR 2023) dropped today and we provided key research and analysis for the section o….
Tweet card summary image
blog.adolus.com
aDolus collaborated with Microsoft on vulnerability analysis and contributed to their Microsoft Digital Defense Report 2023 (MDDR 2023).
0
4
0
@ICS_Secure
Eric Byres
2 years
#OTCEP 2023 is starting. Minister Josephine Teo is presenting a great summary of the risk and opportunities for OT systems.
Tweet media one
0
2
6
@ICS_Secure
Eric Byres
2 years
RT @ICS_SCADA: Passionate about ICS incident response panel ⁦@SCADAhacker⁩ ⁦@RobertMLee⁩ ⁦@CSAsingapore#otcep | …person on right is makin….
0
3
0
@ICS_Secure
Eric Byres
2 years
A very amusing story of how #ChatGPT led one of the @aDolus_Inc team down a giant rabbit hole of #misinformation. Highly recommended reading for anyone thinking of using #GenerativeAI.
@aDolus_Inc
aDolus Inc.
2 years
We've got a new blog post: How To Be Confidently Wrong - An experiment testing how well ChatGPT summarized the National #Cybersecurity Strategy document. Let's just say it took some editorial liberties.
0
1
2
@ICS_Secure
Eric Byres
2 years
I'm delighted to have Kevin join us as CEO at aDolus. I've known Kevin for years - he is an insightful leader who really understands the security industry. With his proven track record of solving customer challenges and growing revenue, I look forward to a fruitful collaboration.
@aDolus_Inc
aDolus Inc.
2 years
We have some exciting news! Kevin Senator @kevinS83029404 has joined aDolus as CEO. You can read our press release for more info on Kevin's background. Kevin takes over from Rod Campbell @CampbellRod who is becoming aDolus' chairman of the BOD.
1
2
2
@ICS_Secure
Eric Byres
2 years
I've been active in the #foodandbeverage industry since my BCIT lab days when Kraft Foods was a major research sponsor. It is great to see a major player in the space take #softwaresupplychainsecurity so seriously. See you at #S4x23 - I'll be in the #SBOM pavilion!.
@aDolus_Inc
aDolus Inc.
2 years
We're excited to provide #SBOMs and software supply chain visibility to our new partner in the food and beverage #manufacturing industry.
0
1
1
@ICS_Secure
Eric Byres
3 years
Thomas Pace of @NetRiseInc presenting a great talk in the challenges of looking up OT vulnerabilities in public vulnerability databases at #icscc22. Definitely worth listening to!
0
2
5
@ICS_Secure
Eric Byres
3 years
Next slide from @Derek_Harp - Seems like companies are feeling the pain and are working on their supply chain programs.
Tweet media one
0
0
0
@ICS_Secure
Eric Byres
3 years
#icscc22 @Derek_Harp, CEO of (CS)2AI talking on OT Security survey results. Companies responding report Compromised Vendor Updates accounted for nearly 1/4 of all OT security incidents, up from zero in 2020! The software supply chain is a growing risk issue for OT. @aDolus_Inc
Tweet media one
1
4
5
@ICS_Secure
Eric Byres
3 years
RT @allanfriedman: Very exciting to see @Microsoft open source their internal SBOM generation tool. Would love to hear what you think of it….
0
86
0
@ICS_Secure
Eric Byres
3 years
Tweet media one
0
0
1
@ICS_Secure
Eric Byres
3 years
#OTCEP - @ztudor - love your concept that #Pipedream "isn't just an attack framework, it is an education framework".
1
1
2