I’m not our year in review report, but I’ve definitely noted a fascinating uptick in some specific types of Incident Response in our (all) industrial customers:

1) Structured investigations of already occurred industrial accidents to eliminate or identify computer root cause as part of process.
2) Forensic analyses and clean up of long-term infections and lack of perimeter control of those environments.
3) Follow on investigation of intrusions into IT to eliminate these r identify potential overflow to or from OT.

It’s really great to see now’s companies taking these on procedurally and with an understanding of how different IR is in these spaces.

@hacks4pancakes I think that #1 is probably as important going forward as anything but ransomware IR. I would be really interested in it being documented deeply in th e year-end report. This would certainly help the safety engineering folks.