Gary Cohen

In this episode of Bridging the Gap, we discuss the strengths and weaknesses of AI and how it’s being used in automation and cybersecurity.

Our top 5 articles of October covered everything from avoiding scams to cyber-informed engineering to building stronger cyber habits.

Madison Horn discusses the move to proactive cybersecurity, the value of the shared responsibility model and the rise of quantum computing.

In the second episode of Bridging the Gap, we covered AI implementation in industrial automation and cybersecurity spaces.

Steve Stone talked about how accessible cheap data storage and analytics have become and why breaches are inevitable.

Dino Busalachi talks about purpose-built resources for OT and the new SEC ruling forcing companies to disclose cyberattacks. 

Debbie Gordon talks about why security is everyone’s job, how AI won’t replace humans and why “Office Space” is a cybersecurity movie.

Rockwell Automation and Dragos look at how executives and boards are addressing the state of manufacturing cybersecurity.

Thomas Pace discusses why supply chain attacks are soaring, how CISA is taking positive cyber steps and how Sandra Bullock can save us.

AI has become integral to everything from supply chain optimization to cybersecurity, but that doesn’t mean its adoption has been seamless.

Eric Byres talks about the improvement in regulatory frameworks and why OT/ICS systems are a juicy target for attackers.

Dr. Jesus Molina talks about threats to critical infrastructure, cyber-informed engineering and how AI is more beneficial to attackers.

Victor Atkins on why you should be patching known vulnerabilities in critical industries and how cybersecurity collaboration is on the rise.

Moty Kanias talks about why it’s essential to move toward cyber prevention and how AI is going to impact everything.

Lesley Carhart discusses how to make hackers lives more difficult and why it’s essential to prepare for a cyber incident before it happens.

Mike Nelson, of CyberCX, talks about how to avoid cyber scams and why cybersecurity risk is really a business risk.

When it comes to the modern cybersecurity landscape, no one is secure, no matter how large or small a company is. Even if a company puts tremendous resources into securing its systems, hackers will likely […]

Lesley Carhart, of Dragos, discusses the dangers of supply chain compromise and how to get started with incident response.

The top 5 articles from August 2023 covered how to build an effective cyber strategy and the government impact on OT cyber risk.

Lesley Carhart talks about working in incident response, a power plant that turned on by itself and the maturity journey of OT cybersecurity.

Lesley Carhart, of Dragos, talks about how they got into cybersecurity and why concerns about ChatGPT might be overblown.

Debbie Gordon, of Cloud Range, on what companies can learn from tabletop exercises and why cyber training is so essential.

Debbie Gordon, of Cloud Range, discusses why attack simulation is important, whether you’re a Fortune 500 company or a mom-and-pop shop.

The top 5 articles from July 2023 covered the riskiest OT devices, how AI will impact cybersecurity and challenges facing IT/OT convergence.

Debbie Gordon, of Cloud Range, discusses the dangers of human vulnerabilities and why cyber practitioners need to have more than just skills.

The top 5 articles from June 2023 covered zero-trust architecture, protecting MES and driving Industry 4.0 through IT/OT convergence.

Thomas Pace discusses the prevalence of ransomware, the danger of supply chain attacks and how SBOMs can help secure systems.

Many vulnerabilities have never been found to impact ICS/OT. That’s why it’s important to take a risk-based approach to cybersecurity.

In 2022, Canada’s SickKids hospital was hit by LockBit ransomware, which impacted its internal systems, phone lines and website.

Thomas Pace of Netrise discusses his background, what the government does well versus private industry and vulnerability management.

In 2012, the OilRig cyber espionage group began targeting the oil and gas industry and other critical infrastructure in the Middle East.

Eric Byres talked to the ICS Pulse Podcast about the value of SBOMs, why OT is getting weaponized and reasons for optimism.

Eric Byres of aDolus discusses the themes at S4, managing vulnerabilities and the difference between cyber criminals and nation-state actors.

The top 5 from April 2023 covered the Biden administration’s National Cyber Strategy, cyber simulation training and the risks of connectivity.

From the first day of the 2023 RSA Conference, it was clear that the cybersecurity risks of ChatGPT would be a popular topic.

On the first day of the RSA Conference, Rockwell Automation attempted to help IT professionals secure OT systems.

The ICS Pulse Podcast talked to Ben Miller of Dragos about the Year in Review report and other cybersecurity trends in the industry.

The first recorded phishing cyberattack took place in the mid-1990s and was carried out by a group of hackers who targeted America Online (AOL) users.

Dragos released its annual Year in Review report about the state of industrial cybersecurity. The ICSP Podcast talked to Ben Miller about it.

Moty Kanias of Nanolock talks about how increasing connectivity has streamlined many work processes but also opened up new vulnerabilities.

The top 5 ICSP articles from March 2023 covered critical infrastructure, the Biden National Cyber Strategy and IT/OT convergence.

SOOS announced the launch of its public SBOM database, where anyone can download an SPDX or CycloneDX SBOM for over 54 million packages.

The AW North Carolina cyberattack was an excellent example of why just-in-time manufacturing and ransomware can be a toxic mix.

Ritesh Agrawal of Airgap Networks talks about protecting critical infrastructure and the value of zero trust in complex OT networks.

In 2014, Korea Hydro and Nuclear Power in South Korea suffered a cybersecurity incident that was blamed on their neighbors to the north.

The new National Cybersecurity Strategy focuses on regulation and would shift the responsibility for cyber resilience to tech giants.

A Dole cyberattack caused the food giant to temporarily shut down production plants in North America and halt shipments to grocery stores.

The RSA SecurID attack was a wake-up call about the vulnerability of two-factor authentication and the importance of the supply chain.

The first PC, MS-DOS virus, the Brain virus, jumped its way from computer to computer – via floppy disk, no less – back in 1986.

At a Dragos event, CEO Robert M. Lee discussed the evolution of critical infrastructure cybersecurity, breaking it down into four key eras.

How do you get your organization cybersecurity prepared? Tabletop exercises are a great way to help build your incident response plan.

Asset visibility is the foundation of most cybersecurity activities, but many companies struggle to understand their own infrastructure.

Insider attacks are on the rise, and they can be even more dangerous because they know where an organization’s sensitive data lives.

The top 10 Throwback Attack articles of 2022 range from a Florida teenager hacking into NASA to a mistaken attack on a tiny New York dam.

Operation Aurora was a cyberattack on dozens of high-tech, security and defense companies that helped solidify the new era of cyber threat.

In 2016, waves of Operation Ghoul cyberattacks struck industrial, engineering and manufacturing organizations in more than 30 countries.

Gary Kneeland of Claroty discussed “Industrial Networks and the Extended Internet of Things (XIoT)” at Rockwell’s Automation Fair.

How can you guard against supply chain attacks, what are the lessons to be learned and who should be in charge of supply chain security?

Jordan Lutz of Rockwell Automation speaks about recognizing the need for cyber resilience, IT/OT convergence and where to get started.

In 2007, Red October, a high-level cyber espionage campaign, targeted embassies, research facilities, nuclear, aerospace, and oil and gas.

The supply chain is vulnerable both upstream and downstream. Here’s how can companies can better defend against supply chain attacks.

With supply chain attacks, you can have excellent cybersecurity, but if you’re working with vendors that don’t, you’re still at risk.

Supply chain attacks insights Traditional cyberattacks are a one-to-one relationship between adversary and target. With the supply chain, it becomes a force multiplier because a single attack can be the access point to multiple targets. […]

Back in 2015, a cyberattack hit LOT Polish Airways, grounding aircraft and stranding thousands of passengers at Poland’s busiest airport.

By understanding people, processes, technologies, roles and procedures from an IT and OT perspective, you can create better digital safety.

Given the interconnectedness of global manufacturing, companies are only as strong as the weakest link in their supply chain.

Many countries are passing IoT security legislation to create standards. What have governments done so far, and how much can this truly help? Haydn Povey talks IoT security legislation.

With billions of connected devices, there’s need for a strong global baseline for IoT security in consumer products.

Black Hat 25: A team from IBM set out to create a more effective, open, community-sourced threat hunting framework.

At Black Hat, Kyle Tobener discusses harm reduction, reviews the research and proposes a framework for applying it to cybersecurity risks.

Chris Krebs looks back at the first 25 years of Black Hat and attempts to gauge where the industry is going in the next 25.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently established a public catalog of vulnerabilities known to be exploited in the wild and issued a binding operational directive ordering federal agencies to patch those systems. But what impact will this really have? And what does it mean for non-government organizations?

How can you address cybersecurity threats on the edge and develop the best edge security strategy for your organization

Since the COVID-19 pandemic hit, the way people work has changed, opening a new world of vulnerabilities. High-profile attacks on companies like Colonial Pipeline, SolarWinds and Kaseya have put cybersecurity on everyone’s radar. But in […]

When the city of Oldsmar, Florida, held a press conference in February 2021 to disclose what they called “an unlawful intrusion into the city’s water treatment system,” it raised alarm bells not only in the […]

Every insidious and pervasive menace plaguing society has to begin somewhere. As more and more devices are connected to networks and information is shunted to the cloud, industrial cyberattacks continue to rise. Sophos’ recent State […]

While much of cybersecurity focuses on protecting information technology (IT) systems, data and intellectual property, digital transformation has changed the game. As more systems are connected to the internet through the Industrial Internet of Things […]

Richard Robinson discusses how to protect legacy OT assets and the role machine learning and artificial intelligence can play

As Russia’s assault on Ukraine worsened last week, fears about global cybersecurity — especially the cyber safety of critical infrastructure — continued to escalate. Russia has been aggressive with cyberattacks in the past, including taking […]

Sometimes the gap between the unveiling of a life-altering new technology and the corruption of that technology is exceedingly small. Take, for example, wireless technology, a potent attack vector in modern times. It’s also something […]

Technology, AI and other cybersecurity measures can help protect businesses, but it’s nearly impossible to block every threat out there. One safety net stepping into the void to help protect companies financially is cybersecurity insurance.

Almost one year ago, on Feb. 8, 2021, public officials from the city of Oldsmar, Florida, held a press conference to disclose what they called “an unlawful intrusion into the city’s water treatment system.” An […]

If 2021 was the year of ransomware, 2022 may become the year of software supply chain attacks. The prevalence of supply chain attacks has skyrocketed, with several high-profile strikes such as SolarWinds and Kaseya making headlines. […]

Disruptions to the food, beverage and agriculture sectors can cause more than just spikes in prices and production delays. They can also be a threat to public safety, precipitating the sale of tainted food, financial […]

The holidays may be a time for celebration, but families aren’t the only ones who see these festive occasions as the most wonderful time of the year. Hackers know that due to low staffing levels […]

Many experts say companies should spend between 10 and 15% of their annual information technology (IT) budget on cyber defense, but the reality is few companies are spending even that much. While most organizations understand […]

Digital transformation might be great for business, but when it comes to protecting legacy OT systems, it can cause major problems

In the throes of a military action, everything is heightened. In February 1998, the U.S. and President Bill Clinton were preparing to bomb Iraq, as the country’s then-President Sadaam Hussein refused to comply with United […]

Matt Leipnik, lead industrial cybersecurity specialist for Nexus Controls, discusses why it’s important to create a culture of cybersecurity

Critical infrastructure is increasingly under attack with major hits on oil pipelines, water treatment facilities and the food and beverage sector all occurring within the last year. Regardless of where the attackers enter from — […]

For Cybersecurity Awareness Month, ICS Pulse put together groups of leading industry experts for a series of extensive roundtable conversations about the issues impacting cybersecurity today. In our third session, Jim Crowley, CEO at Industrial […]

For Cybersecurity Awareness Month, ICS Pulse put together groups of leading industry experts for a series of extensive roundtable conversations about the issues impacting cybersecurity today. In our second session, Bryan Bennett, vice president and […]

For Cybersecurity Awareness Month, ICS Pulse put together groups of leading industry experts for a series of extensive roundtable conversations about the issues impacting cybersecurity today. In our first session, Ron Brash, VP of technical […]

Threat actors are always on the lookout for pain points — manufacturing systems that can’t afford to go offline, critical infrastructure that can cause disruptions to everyday life or risks to human safety and, unfortunately, […]

How do you get buy-in for cybersecurity? And once you have that buy-in, how do you scale? Matt Leipnik of Nexus Controls offers some answers

With the rise ransomware and increasingly frequent attacks on national critical Infrastructure, the U.S. government has tried to step in with a few measures to shore up cybersecurity. These have included things like the Executive […]

Ransomware has been making headlines for the last few years for the impact it’s having on businesses and government entities. The increasing prevalence of these attacks has been a wake-up call to industries around the […]

The overwhelming majority of recent cyberattacks — at least the highly publicized ones — have been primarily about one thing: money. Colonial Pipeline, SolarWinds, JBS Foods, Kia Motors, Kaseya, the Washington D.C. Police Department and […]

The SolarWinds attack impacted more than 100 companies and federal agencies, according to U.S. government estimates. The ransomware strike on software provider Kaseya reportedly affected more than 1,500 companies — 60 or so direct customers […]

How can companies defend against ransomware? Hayley Turner of Darktrace recommends leveraging AI to protect industrial environments

The world of industrial control systems has been changing rapidly in recent years with digital convergence and the industrial internet of things placing almost everything on networks. While this can be good for productivity, it […]

In early August, the industry’s largest hybrid event – Black Hat USA 2021 – took place online and at the Mandalay Bay Convention Center in Las Vegas. The event, which highlighted the latest security trends […]

To protect systems, people need to think like hackers, and that means knowing where the weak links in the supply chain are. SBOMs can help

The internet was still primitive in 1988. The entire network consisted of about 60,000 people, and was mostly limited to universities, research facilities and government offices. The World Wide Web, as we know it, was […]

Energy systems historically have been consistent, safe and reliable, but that doesn’t mean they’re not a target of cyber threat. More and more attackers are now explicitly targeting the kinds of industrial control systems (ICSs) […]

Edge computing is one of the fastest growing areas in the industrial sector as organizations pursue Industry 4.0 opportunities to gain insight from assets at the edge. Over the next few years, IDC projects edge […]

Ransomware attacks can have a huge impact on OT systems and critical national infrastructure, says Hayley Turner of Darktrace

When most people think of cyber threat, they think of information technology systems (IT). But in today’s increasingly interconnected environment, if you’re only protecting IT, you’re not protected at all. This expanded threat landscape and […]

Eric Byres, CTO of aDolus Technology, talks about supply chain attacks, where hackers target the weaker links in a supply chain network

There is seldom anything good that comes from ransomware attacks, but at least San Francisco mass transit users got a few free rides during a busy Thanksgiving weekend. In November 2016, threat actors went after […]

Companies and governments alike are now facing a cybersecurity threat the likes of which the world has never seen. It’s bigger, faster and more sophisticated, which has the potential to overwhelm the humans tasked with […]

Industrial control systems are changing rapidly, but it might be time for a new type of ICS, says Albert Rooyakkers of Bedrock Automation

In the last few years, ransomware has been running rampant, hitting private companies, government entities and everyone in between in a series of increasing bold strikes. Critical infrastructure has found itself squarely in the crosshairs […]

When people think of Rye Brook, New York, an idyllic hamlet in Westchester Country sometimes known as Tree City USA, they don’t generally picture international intrigue. That’s best left to its more cosmopolitan neighbor, Manhattan, […]

The CVSS was designed for IT responders, and many in OT question its effectiveness in measuring ICS vulnerabilities, says Ron Brash of Verve

As hackers become savvier, it’s important to supplement human and technological cyber defenses with AI, says David Masson of Darktrace

A poorly worded email or a message sent in anger can be costly to the average person’s professional career. That’s nothing compared to a single email that cost Austria-based airplane component manufacturer FACC close to […]

Who is responsible for the security of technology and networks? That’s probably information technology (IT). But who is responsible for all the web-enabled, and therefore vulnerable, devices on the plant floor? Unfortunately, that’s still a […]

Ransomware attacks have been surging, with hackers striking major pieces of critical infrastructure. But large companies are far from alone

Ransomware attacks are a growing threat to critical infrastructure and private industry worldwide. While every business sector has felt the sting of ransomware, few have been harder hit of late than health care. In April […]

With ransomware attacks on critical national infrastructure on the rise, the U.S. government has stepped up its cybersecurity response. So far, this has included a cybersecurity executive order from the White House and the creation […]

A spate of recent cyberattacks on national critical infrastructure has brought production to a halt in the oil and gas industry, risked dangerous contamination of a water system in Florida, and hindered several local and […]

Most cybersecurity frameworks say visibility is essential. Manufacturers need to know exactly which assets are in their environment

The age of IT/OT convergence is a good thing overall, but it has also introduced a new world of threat and accentuated the fragility of OT

As national critical infrastructure and private industry alike have increasingly been targeted by hackers in recent years, it has become clear that nothing is safe from savvy and motivated threat actors. As a result, the […]

As the pace of cyberattacks on both the public and private sectors has continued to increase, it’s become clear that improved cybersecurity is in the national interest. Since the Biden administration assumed power in January […]

While millions of Americans were celebrating the long Fourth of July holiday weekend, the notorious REvil cybercriminal gang was busy proving cyber threat never rests. Businesses around the globe are still reeling from what may […]

Given the proliferation of technology in industrial control systems, it’s high time for OT teams to own their cybersecurity practice

Ryan Heidorn, co-founder and managing partner at Steel Root, walks DoD vendors through what they need to know about the CMMC

Improved technology, ease of access and the global pandemic have introduced an entirely new threat landscape for OT networks

Ransomware attacks on the health care industry skyrocketed in the last year as bad actors looked to profit from the chaos brought on by the COVID-19 global pandemic. But health care and ransomware have a […]

Ransomware may be grabbing the headlines of late, but cyberattacks can hurt companies and communities in places far worse than their wallets. In 2015, details emerged from a cyberattack that caused “massive damage” to a […]

The need for a national cybersecurity standard has become clear. Jim Crowley of Industrial Defender breaks down the cyber executive order

The wave of ransomware attacks on high-profile industrial manufacturers continues apace, as the world’s largest meat processor, JBS, was forced to shut down several plants in the United States earlier this week. JBS USA released […]

On May 12, President Joe Biden signed an executive order to improve the nation’s cybersecurity and protect government networks

Trade disputes are not uncommon in a competitive marketplace, whether they’re between companies or economic superpowers. But in 2014, the U.S. Department of Justice (DOJ) charged five Chinese military hackers with taking their trade war […]

The recent shift toward edge computing has allowed for more efficient processing, but it’s also opened up new cybersecurity threats

To pay or not to pay: It’s an essential and fraught question in regards to ransomware attacks. When multinational aluminum manufacturer Norsk Hydro was hit with a cyberattack in 2019, they chose not to pay […]

President Joe Biden signed a cybersecurity executive order on May 12 to help strengthen the federal government’s cyber defenses and increase cooperation between the public and private sectors. The Executive Order on Improving the Nation’s […]

The Department of Defense is rolling out the CMMC to help standardize cybersecurity processes for defense contractors and vendors

News that a ransomware attack shut down the pipeline that provides the East Coast with nearly half of its fuel sent shockwaves through the energy and cybersecurity communities earlier this week. Though a cyberattack has […]

The vulnerability of U.S. critical national infrastructure was again thrown into sharp relief when a ransomware attack shut down a pipeline that provides the East Coast with nearly half of its diesel, gasoline and jet […]

To protect against cyberattacks, companies need to bridge the gap between IT and OT and enlist the OT side in threat management

The majority of cybersecurity efforts are focused on preventing outside bad actors from hacking into systems or installing destructive malware – and rightfully so. But there is also a sizable risk from disgruntled employees walking […]

Why are ransomware attacks on the rise versus traditional cyberattacks? Axis Communications’ Wayne Dorris offers his thoughts

The Biden administration took an unusual and aggressive step last week when it formally blamed Russia’s Foreign Intelligence Service for the SolarWinds cyberattack and imposed new Russian sanctions. Given the bold nature of the breach, […]

When the Biden administration took over in January 2021, they made it clear the government response to cybersecurity will be a major focus

In 2017, auto manufacturer Renault-Nissan became one of many organizations around the world to fall victim to the WannaCry ransomware. While WannaCry was effectively halted within a few days of its discovery, it was one […]

In 2017, the NotPetya malware was wreaking havoc around the world. Though it likely began as a state-sponsored Russian cyberattack targeting Ukraine, its ramifications quickly spread far and wide, including to multinational corporations like Chicago-based […]

Iran’s Natanz nuclear facility attack underscores the importance of protecting critical OT systems as well as IT systems

The work from home trend is more than just a blip on the radar. What does that mean for industrial manufacturers and cybersecurity

Cyberattacks on industrial manufacturing and government facilities have been on the rise, but securing facilities takes more than just a shrewd and effective information technology (IT) department. There also needs to be buy-in from operational […]

When most people think of hackers, they picture grizzled, bearded adults sitting in darkened rooms spotlit by the glow of multiple monitors. Or perhaps hardened foreign operatives covertly working for government agencies. If the movie […]

When it comes to industrial cybersecurity, there has long been a partition between the information technology (IT) and operational technology (OT) sides. The IT/OT divide isn’t exactly the Sharks versus the Jets, but it is […]

Multinational brewery and beverage manufacturer Molson Coors was recently hit with a damaging cyberattack, but they’re far from the first adult beverage company to find themselves in hackers’ crosshairs. In August 2020, U.S. spirits and […]

Another major company has fallen victim to a cyberattack that has caused significant disruptions to its business operations. In an SEC filing, Chicago-based brewing and beverage company Molson Coors recently acknowledged they experienced a systems […]

Cyberattacks in manufacturing are on the rise. So how should the industry respond to this increasing threat? It takes organization, buy-in and cybersecurity maturity. Awareness of the need for cybersecurity has been growing, as attacks […]

Most people would assume having security cameras at a facility provides peace of mind and offers additional protection. However, when everything from televisions to security cameras are connected to networks, they also can open up […]

Anyone watching the news can see that cybersecurity management is becoming increasingly relevant for industrial companies. Recent analysis performed by insurance carriers indicates that the incidence of cyberattacks faced by manufacturing companies is 30 times […]

If recent cyberattacks like SolarWinds and Oldsmar have demonstrated anything, it’s the vulnerability landscape in operational technology (OT) and manufacturing is changing rapidly – and not necessarily for the better. Risks are higher than ever […]

Between the SolarWinds cyberattack and the smaller, but no less frightening, Oldsmar attack on a water treatment plant near Tampa Bay, Florida., cybersecurity has been front and center in the news. But these two cyberattacks […]