All Articles

What is MITRE ATT&CK?

The MITRE ATT&CK framework is a publicly available knowledge base of observed adversary behaviors categorized into specific tactics and techniques across an adversary’s attack lifecycle. MITRE ATT&CK provides a taxonomy or vocabulary when discussing cybersecurity […]

Six steps to effective patch management

Patch management in an operational technology (OT)/industrial control system (ICS) setting is full of challenges. From proprietary hardware and software to a lack of staff, inadequate or non-existent testing equipment, and regulatory reporting and system […]

Adapting XDR for OT cybersecurity

Chief information security officers (CISOs) and directors of cybersecurity at industrial organizations continue to be frustrated at the challenge of applying core information technology (IT) security principles to operational technology (OT) environments. This runs the […]

Five principles for guiding OT cybersecurity governance

OT cybersecurity governance: Who has authority? Who is accountable? These are perhaps the two most important questions in reducing cyber risk to operations. There are “big G” governance questions such as: Who should set the […]

Reducing risk and responding to industrial environment threats

Industrial cybersecurity leaders – including the C-suite, CISOs, security teams, and operational leaders – are realizing the potential financial, operational and safety impact of cyber events. Attempting to get their hands around securing this challenging […]

Five steps for OT endpoint security success

Operational technology (OT) has become a heightened target for cybersecurity attacks. The need to address OT cyber risks has never been greater. New threats are emerging every day – both targeted as well as untargeted […]

The future of OT cybersecurity’s regulatory era

On July 20, 2021, the Cybersecurity and Infrastructure Security Agency (CISA) and the Transportation Security Administration (TSA) sent a directive to the owner/operators of critical pipelines in the United States clarifying and further defining the initial […]

Five things IT can learn from OT about cybersecurity

It’s no secret that industrial organizations are at the forefront of cybersecurity attacks. A recent report by IBM X-force revealed the manufacturing industry jumped from the eighth most targeted industry to the second most targeted […]

Four key steps to help your organization achieve IT/OT convergence

In many industrial organizations, information technology (IT) and operational technology (OT) teams are from different planets. They have separate objectives, priorities, skills, metrics and even language. IT/OT convergence, or better said “connected industries,” requires these […]

Managing the costs of OT cyber insurance

Cybersecurity insurance is an increasingly important weapon in the risk management arsenal of today’s enterprises. Unknown just a decade ago, these popular policies now offer organizations a crucial hedge against risks that defy routine assessment, […]

TSA Pipeline cybersecurity directive announced

On May 27, the United States Department of Homeland Security (DHS) announced its initial regulatory response to the Colonial Pipeline ransomware attack. As the Security Directive highlighted, this is only the first step in what is likely […]

Companies need to reassess their cyber physical security risk

Due to innovative business models behind ransomware-as-a-service, fundamental increase in reliance on vulnerable information technology (IT) systems by physical process controls and the evolving cyber insurance market means that every industrial organization needs to reassess […]

The importance of ICS security

Industrial control system (ICS) security is growing in importance as cyber-attacks increasingly focus on physical processes for either ransom or to cause harm to critical production systems. Attacks such as the Oldsmar water treatment plant, […]

Benefits of OT system management for cybersecurity plans

One of the clearest “coming attractions” for operational technology (OT) is the application of traditional information technology (IT) systems or security management (ITSM) into the industrial controls environment. For nearly 20 years, IT teams have […]

What OSHA can teach us about cybersecurity

What does OSHA teach us about industrial cybersecurity? Clearly, high cybersecurity risk could increase risk of industrial accidents, but OSHA’s model can help in other ways. Prior to 1970, worker safety in industrial settings was […]

How COVID-19 is affecting manufacturing cybersecurity

Forward-looking organizations realize they need the same level of aggressiveness to protect assets as they have done for COVID-19 risk reduction. A three-pronged strategy on securing essential infrastructure is highlighted.

John Livingston
John Livingston
John Livingston, CEO, Verve Industrial.