[Zettel Feedback] Monitoring physical variables in ICS for early attack detection
Monitoring physical variables in ICS for early attack detection
tags: #informationsecurity #ics #incidentmanagement #detection
While monitoring network and software data can be used to discover anomalies and detect early signs of attacks, expanding to monitor the status of physical variables, such as temperature and sounds can indicate unusual activity. Early detection of an attack in the ICS environment could minimize the potential impact of an attack as it could be used to pivot [[20210908145033 Simplified Attack Vector OT IT]] into other parts of the network (like the enterprise network) [[20220120110715 Incident Response in ICS - Detection]].
links:
Howdy, Stranger!
Comments
Mind to explain what is your convention for link contexts? I don't understand if you're treating them as superscripts or they're the text inside
[[]]
.To clarify, superscripts are the numbers or letters placed high above the text. They appear at the end of a phrase or sentence. For example, side effects include:
Imagine that [^a] is a footnote, where a is any number. I don't know how to make superscripts in Markdown.
@Drante, you've got an illuminating zettel here that appears to fit into your overall ZK. Well-formed and atomic, focusing on a single idea. The title reveals the atomic idea you've captured.
I have a couple of knit-picky suggestions.
1. I'd include the UUID for this note under the title. When you view this note in your ZK app, it is easy to see the date of creation for this zettel. When this note is viewed out of your ZK's context, the creation date and its age are not visible to the reader.
2. The 'links:' could be left off and added when "links" are added.
3. The last sentence could be written in two sentences for a bit more clarity, hopefully clearing up any subject-verb confusion.
Becoming
I hope this provides the critique you were looking for.
Will Simpson
My zettelkasten is for my ideas, not the ideas of others. I don’t want to waste my time tinkering with my ZK; I’d rather dive into the work itself. My peak cognition is behind me. One day soon, I will read my last book, write my last note, eat my last meal, and kiss my sweetie for the last time.
kestrelcreek.com
The brevity makes feedback simple
I wonder if the title could be more actionable, depending on you ruse case, but my English language intuition might just not be enough to give proper feedback there. It's currently this:
Is this note intended as a description of a connection between monitoring and early detection, or do you intend to use this as advice? If the latter, one could consider an imperative phrasing which I find instructive for (programming) practice:
But, again, that depends on how this note is intended to be used.
Author at Zettelkasten.de • https://christiantietze.de/
Much appreciated feedback both on my note and my method.
@ctietze Thank you so much for your feedback! In cybersecurity attack detection is the term used for detecting attacks!
@Will thank you very much for your feedback! I'll appreciate your knit-picky suggestions and I agree UUID could be very useful in the note itself.
@Annabella Yes, the links are used as superscripts. When I write something I have a "connection" in mind and that is just how I reference or Link to my connection. Also, I believe it can be useful to redirect myself if I think "oh yeah, what was the attack vector for IT/OT. Thank you for the question.
Glad to see that you got the feedback you needed. It goes to show how useful the "Zettel Feedback" category is.
Also, my links work like superscripts too! High five!