What can the power industry learn from the evolution of NERC CIP in OT cybersecurity for improved reliability and security?
Analysis of the ICS advisory supports the development of appropriate strategies for their environments based on real-world risks.
As the risk of cyber attacks on operational technology (OT) systems grows, so does the cost of OT cyber insurance.
Learn how to prevent ransomware in OT/ICS industrial environments with 5 key steps to reduce the risk of an attack.
CISA and other organizations have released multiple notices about the importance of prioritizing vulnerabilities based on their risk.
Critical infrastructure cybersecurity insights Critical infrastructure is very important to society and maintaining the basic needs of human life in modern times. Because of this, there is a need for critical infrastructure cybersecurity to protect […]
Endpoint security is the process of identifying, detecting, protecting and responding to cybersecurity threats at the device level.
Enterprises have realized the importance of attack surface management to identify, prioritize and minimize threat vectors in an environment.
A recent cybersecurity advisory alert details the Top 15 Common OT Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited. There have been multiple other […]
The MITRE ATT&CK framework is a publicly available knowledge base of observed adversary behaviors categorized into specific tactics and techniques across an adversary’s attack lifecycle. MITRE ATT&CK provides a taxonomy or vocabulary when discussing cybersecurity […]
Patch management in an operational technology (OT)/industrial control system (ICS) setting is full of challenges. From proprietary hardware and software to a lack of staff, inadequate or non-existent testing equipment, and regulatory reporting and system […]
Chief information security officers (CISOs) and directors of cybersecurity at industrial organizations continue to be frustrated at the challenge of applying core information technology (IT) security principles to operational technology (OT) environments. This runs the […]
OT cybersecurity governance: Who has authority? Who is accountable? These are perhaps the two most important questions in reducing cyber risk to operations. There are “big G” governance questions such as: Who should set the […]
In a rapidly changing world, we are grateful technology allows industrial organizations to operate their security and operational technology (OT) systems management quite effectively from a remote environment. Although it was not designed for a […]
CISA released two alerts on threats to critical infrastructure operations. The first was an alert about a series of attacks on water and wastewater systems over the past year, primarily relating to ransomware but also […]
Industrial cybersecurity leaders – including the C-suite, CISOs, security teams, and operational leaders – are realizing the potential financial, operational and safety impact of cyber events. Attempting to get their hands around securing this challenging […]
Operational technology (OT) has become a heightened target for cybersecurity attacks. The need to address OT cyber risks has never been greater. New threats are emerging every day – both targeted as well as untargeted […]
On July 20, 2021, the Cybersecurity and Infrastructure Security Agency (CISA) and the Transportation Security Administration (TSA) sent a directive to the owner/operators of critical pipelines in the United States clarifying and further defining the initial […]
As we think about Industrial Internet of Things (IIoT) attacks, we break them down into three broad categories. The first is what we refer to as collateral damage. The best example of this is the […]
It’s no secret that industrial organizations are at the forefront of cybersecurity attacks. A recent report by IBM X-force revealed the manufacturing industry jumped from the eighth most targeted industry to the second most targeted […]
In many industrial organizations, information technology (IT) and operational technology (OT) teams are from different planets. They have separate objectives, priorities, skills, metrics and even language. IT/OT convergence, or better said “connected industries,” requires these […]
Cybersecurity insurance is an increasingly important weapon in the risk management arsenal of today’s enterprises. Unknown just a decade ago, these popular policies now offer organizations a crucial hedge against risks that defy routine assessment, […]
On May 27, the United States Department of Homeland Security (DHS) announced its initial regulatory response to the Colonial Pipeline ransomware attack. As the Security Directive highlighted, this is only the first step in what is likely […]
Due to innovative business models behind ransomware-as-a-service, fundamental increase in reliance on vulnerable information technology (IT) systems by physical process controls and the evolving cyber insurance market means that every industrial organization needs to reassess […]
The manufacturing industry is under increasing threat of cyber-related risks and attacks. In this past year, we saw a big shift in focused cybersecurity attacks on manufacturing companies. They jumped up from the eighth-largest target […]
Industrial control system (ICS) security is growing in importance as cyber-attacks increasingly focus on physical processes for either ransom or to cause harm to critical production systems. Attacks such as the Oldsmar water treatment plant, […]
One of the clearest “coming attractions” for operational technology (OT) is the application of traditional information technology (IT) systems or security management (ITSM) into the industrial controls environment. For nearly 20 years, IT teams have […]
What does OSHA teach us about industrial cybersecurity? Clearly, high cybersecurity risk could increase risk of industrial accidents, but OSHA’s model can help in other ways. Prior to 1970, worker safety in industrial settings was […]
Forward-looking organizations realize they need the same level of aggressiveness to protect assets as they have done for COVID-19 risk reduction. A three-pronged strategy on securing essential infrastructure is highlighted.
