Industrial Cybersecurity Pulse’s top 5 articles from January 2023 covered the Microsoft DCOM hardening patch, the threat of insider attacks and a new index that can help protect critical infrastructure. Here is our best content from the past month.
By LuRae Lumpkin, Velta Technology
March 14, 2023, is a date that organizations utilizing operational technology (OT) should have circled on their calendars. After that date, it will no longer be possible to disable a critical Microsoft DCOM hardening patch, which could trigger equipment shutdowns and lead to revenue disruptions, unless there are backups available prior to the patch enablement. The update involves the Distributed Component Object Model (DCOM) — a software component embedded in industrial control systems (ICS) from companies like Rockwell Automation, Honeywell, Siemens and GE.
By Jacob Chapman and Danielle Jablanski, ISAGCA
At its roots, OT and Internet of Things (IoT) cybersecurity is an accidental by-product of Industry 4.0. The fourth industrial revolution, characterized by the real-time optimization benefits that connected systems provide to a business, has driven information technology (IT)/OT convergence and exposed vulnerable OT and IoT systems. As technologies that help businesses realize the benefits of connectivity mature, so does the increase in risk. In other words, the more important digital factories become, the more important OT and IoT cybersecurity becomes; the two are married.
By Dale Peterson, Digital Bond
The first OT security products segment to have a company, actually multiple companies, valued over $1 billion is OT detection. The next OT security products segment that is seeing multiple early-stage investments and has the same look of fast market cap growth in the next 1 to 3 years is the software/firmware analysis space. The main feature driving this segment’s growth is the software bill of materials (SBOM) and vulnerability management component. What do these two product segments have in common? They both can be deployed and used without making any changes to the ICS or the physical system being monitored and controlled.
By Gary Cohen, CFE Media
Companies spend countless dollars and man hours trying to keep outside attackers from breaching their systems, but what about attacks that come from the inside? Insider attacks are on the rise, and they can be even more dangerous because insiders typically know where an organization’s sensitive data lives and often have elevated levels of access, regardless of whether they have malicious intentions or not. Accidentally or deliberately, insiders can help expose confidential customer information, intellectual property, money and more.
By Jim Cook, Velta Technology
Making important business decisions about OT security requires measurable data points. Having a clear understanding of a plant’s OT digital footprint, safety and cyber preparedness is crucial, but until recently a metric for this did not exist. There is a need for an OT security analytics tool, and Velta Technology recently helped create the Connected Devices Vulnerability (CDV) Index, which is a method for understanding an industrial facility’s cyber preparedness and security vulnerability.