Search
Close this search box.

Facilities

Courtesy of: CFE Media and Technology

Throwback Attack: Smart buildings, smarter hackers

As society has delved deeper into the fourth — and soon to be fifth — industrial revolution, technology has become more woven into our everyday lives. Once upon a time, smart technology was found only […]

Many wonder where to start when attempting to protect embedded systems in OT cybersecurity? Here are some great places to start.

Three steps to building an ICS/OT roadmap

Gartner estimates that by 2023, 75% of organizations will restructure risk and security governance to address converged information technology (IT), operational technology (OT), Internet of Things (IoT) and physical security needs – an increase from fewer […]

Image courtesy: Brett Sayles

How AI lets Priefert Manufacturing stay productive

Founded in 1964, Priefert Manufacturing is one of the largest farm, ranch and rodeo equipment manufacturers in the world. With a huge range of equipment in locations that span several acres in the U.S., it is […]

Image courtesy: CFE Media and Technology

Colonial Pipeline fined almost $1 million

On May 5, 2022, The U.S. Department of Transportation’s Pipeline and Hazardous Materials Safety Administration (PHMSA) issued a Notice of Probable Violation (NOPV) and Proposed Compliance Order to Colonial Pipeline Company for close to $1 […]

MIT researchers demonstrated that analog-to-digital converters in smart devices are vulnerable to power and electromagnetic side-channel attacks that hackers use to “eavesdrop” on devices and steal secret information. They developed two security strategies that effectively and efficiently block both types of attacks. Courtesy: MIT News

Stronger security systems for smart devices

Researchers are pushing to outpace hackers and develop stronger protections that keep data safe from malicious agents who would steal information by eavesdropping on smart devices. Much of the work done to prevent these “side-channel […]

Researchers discuss cyber-physical threat response

Protecting the power grid through cyber-physical threat response

Current methods of defending critical energy infrastructure from multistage, cyber-physical threats remain largely dependent upon human intervention and compartmentalized monitoring with an emphasis on prevention. But how can electric power utilities quickly and effectively respond […]

A hacker in the background.

Throwback Attack: MiniDuke malware attacks 23 countries

While governments and organizations are attacked daily, some attacks leave little, if any, damage. It really depends on the sophistication level of the threat actor, which varies with each hack. However, there can be a […]

Many wonder where to start when attempting to protect embedded systems in OT cybersecurity? Here are some great places to start.

Locking down team communication can help control information

Communication is vital to managing every part of a business. In each communication within your company and between your company and external entities, you’re exchanging information. Some of that information might be simple pleasantries or […]

SwRI used programmable logic controllers (PLCs) connected to input/output (I/O) modules to a test network. Algorithms scanned the network for cyberattacks through data packets transferred over the Modbus/TCP protocol. Courtesy: Southwest Research Institute (SwRI)

IDS developed for industrial control systems

Southwest Research Institute has developed technology to help government and industry detect cyber threats to industrial networks used in critical infrastructure and manufacturing systems. SwRI funded the research to address emerging cyber threats in the […]

Many wonder where to start when attempting to protect embedded systems in OT cybersecurity? Here are some great places to start.

Automated manufacturing cybersecurity risks

Automation is the use of equipment to automate systems and production processes to reduce work. While factory automation and robotic innovations are thriving in the U.S., the country has fallen behind in utilizing automation for manufacturing. […]

Courtesy: Brett Sayles

Securing energy infrastructure from cyber threats

Energy infrastructure is a large sector. It has evolved in the past 200 years and is still evolving. From mechanical to electronics to sophisticated control system technologies, it has helped improved the usage and efficiency […]

A robot powered by OSARO’s machine learning system picks consumer goods. Courtesy: A3/OSARO

Industrial robot utilization requires cybersecurity strategy

Industrial robots generate billions of data points that can be used to measure and optimize robot performance, provide predictive maintenance and to drive advanced analytics. Digitalization of the industrial sector is certainly on the increase […]

Image courtesy: Brett Sayles

Cybersecurity and the human element

Every year, the UK government conducts its “Cyber Security Breaches Survey” to help organizations understand the cyber security threat landscape, including the impact of breaches and how breaches occur in the first place. Regarding how […]

Courtesy: Brett Sayles

U.S. data compromises hit record high in 2021

Every year brings new data breach victims. According to the data presented by the Atlas VPN team, the volume of publicly reported data compromises in the United States reached a record-high of 1,862 in 2021, […]

As threat increases, college cybersecurity programs are more in demand

Five principles for guiding OT cybersecurity governance

OT cybersecurity governance: Who has authority? Who is accountable? These are perhaps the two most important questions in reducing cyber risk to operations. There are “big G” governance questions such as: Who should set the […]

Reducing risk and responding to industrial environment threats

Reducing risk and responding to industrial environment threats

Industrial cybersecurity leaders – including the C-suite, CISOs, security teams, and operational leaders – are realizing the potential financial, operational and safety impact of cyber events. Attempting to get their hands around securing this challenging […]

Figure 1: PLCs, HMIs, and other Ethernet-capable automation devices used for modern automation systems can no longer rely on “cybersecurity by obscurity” and “air gaps.” They must progressively adopt advanced IT type security features. Courtesy: AutomationDirect

Cybersecurity-centered systems and fundamentals

Industrial automation project designers have rightfully maintained a primary focus on delivering correct and reliable equipment functionality. However, now that most intelligent automation devices include wired or wireless connectivity, and end users are increasingly looking […]

Courtesy: CFE Media

Cybersecurity risk is business risk

Business disruption that results from ransomware attacks is costly on many levels. Downtime, mitigation expenses and reputational costs can run anywhere from hundreds of thousands of dollars to shutting a business down for good. Recent […]

Figure 1: To determine effectiveness and maturity, take a particular control and plot the effectiveness score on the Y-axis of a graph and the DMS on the X-axis of the graph. By seeing which quadrant the result falls into, people can quickly make some general statements about the systems under consideration. Courtesy: Maverick Technologies

Securing the ICS: Measure solution effectiveness, maturity

Many articles focused on cybersecurity stress how important it is to secure an industrial control system (ICS) and share ways to implement this security. In this article, the assumption is this advice has already been […]

Figure 1: The gap between IT and OT can be overcome with the help of system integrators. Courtesy: Applied Control Engineering Inc.

Good cybersecurity requires IT/OT convergence

When an organization does not take advantage of potential synergies between information technology (IT) and operational technology (OT), it might be leaving plant floor systems open to attack. In many organizations, the lines of communication […]

Figure 1: For smaller organizations with limited network resources, it can be tempting to plug your machine directly into the business network. Courtesy: DMC

Securing your facility

As I started delving into cybersecurity, I realized I didn’t know what I didn’t know. My mental image consisted of dark rooms, high caffeine beverages and green computer screens. I even didn’t understand where to […]

Figure 1: The evolution of IT/OT convergence is critical to understand to explain why things are the way they are, and to decipher where an organization should go next. Courtesy: Grantek

Cybersecurity and IT/OT convergence: A pathway to digital transformation

The technologies that make up a company’s industrial operations today are evolving faster than ever. Competing platforms leapfrog each other for market dominance and user preference, while start-ups flush with cash from investors shake up […]

Courtesy: Trekkor

Bridging the IT and OT gap for a power service company

NovaSource Power Services (NSPS) is the insight and operations and management (O&M) services partner for owners of renewable assets ready to fuel smart growth. They manage the largest solar projects in the world, and deliver […]

Courtesy: Sealevel Systems, Inc.

Convergence or overlap? Understanding the IT/OT relationship

Until recent decades, operational technology (OT), which involves the monitoring and controlling of physical machinery and equipment, was manually managed by human workers. As information technology (IT) relies on computers for operation, its integration into […]

The modern energy grid will be data-driven, have improved security and rely on the edge to manage data processing. Courtesy: Intel/Fortinet

Building a secure energy and power grid for the future

The energy market has had rapid increases in demand that cannot be fulfilled with carbon-based fuels. It requires companies to use renewable energies such as solar and wind to keep up. What’s needed is an […]

Automated secure device onboarding is shown as a six-step process using the IoT as part of the delivery system for the supply chain. Courtesy: Fortinet/Intel

Secure device onboarding for manufacturing supply chain

The manufacturing sector is becoming more interconnected as the Internet of Things (IoT) allows data to be transferred from many devices. IoT device security is critical, and configuring credentials, a process called onboarding, is a […]

Many wonder where to start when attempting to protect embedded systems in OT cybersecurity? Here are some great places to start.

Managing the costs of OT cyber insurance

Cybersecurity insurance is an increasingly important weapon in the risk management arsenal of today’s enterprises. Unknown just a decade ago, these popular policies now offer organizations a crucial hedge against risks that defy routine assessment, […]

Figure 4: The risk management cycle, and incorporation of Industry 4.0 goals for security controls implementation. Courtesy: Grantek

Upgrading industrial PC cybersecurity in manufacturing

Learning Objectives Cybersecurity attacks against manufacturers and other industrial sites are growing every year. When developing a cybersecurity plan, is best to look at it through the lens of business risk reduction and enabling innovation. […]

Courtesy: Verve Industrial

TSA Pipeline cybersecurity directive announced

On May 27, the United States Department of Homeland Security (DHS) announced its initial regulatory response to the Colonial Pipeline ransomware attack. As the Security Directive highlighted, this is only the first step in what is likely […]

Image courtesy: Brett Sayles

Cybersecurity needs for connected building systems

Connected capabilities offer a great deal of potential for building systems. Connected HVAC, lighting, alarms, fire protection and more are all key components of smart buildings currently in demand. These capabilities offer exciting opportunities for […]

Machinery

Requiring SBOMs and their impact on OT

The concept and benefits of a software bill of materials (SBOM) are simple to understand. SBOMs are a list of all software in an application or cyber asset. Vendors need to create and maintain an […]

Throwback Attack: How Stuxnet changed cybersecurity

Throwback Attack: How Stuxnet changed cybersecurity

During the second Bush Administration, there was great concern about the rapid progress of the Iranian enrichment program, which would likely lead to the attainment of weapons-grade uranium. The center of that operation was, and […]

How to establish defense in depth for building automation systems

How to establish defense in depth for building automation systems

Building automation systems have become a soft target for cyberattacks due to the large numbers of intelligent devices connected over open networks, sophisticated threats designed to attack control systems, as well as dependency on third-party […]

PLC coding practices document released

PLC coding practices document released

The ISA Global Cybersecurity Alliance (ISAGCA), along with admeritia GmbH (admeritia),  announced the release of the Top 20 Secure PLC Coding Practices document. The document aims to provide a list of coding practices for programmable […]

How IT/OT convergence starts with understanding

How IT/OT convergence starts with understanding

IT/OT convergence isn’t just a concept, a catchy mnemonic, nor a convenient abbreviation jumble  It’s a very real and significant challenge facing manufacturers. At the crux of the issue is how information technology (IT) and […]

Many wonder where to start when attempting to protect embedded systems in OT cybersecurity? Here are some great places to start.

The importance of ICS security

Industrial control system (ICS) security is growing in importance as cyber-attacks increasingly focus on physical processes for either ransom or to cause harm to critical production systems. Attacks such as the Oldsmar water treatment plant, […]

The task of cybersecurity often falls to the IT department. But here are five questions every CISO should ask about OT cybersecurity.

Six steps for cyberattack incident response planning

How a company responds to an incident is important. The wrong response could damage the company’s reputation or destroy it altogether. A proactive and timely response to an incident can result in great press and […]

Image courtesy: CFE Media and Technology

Lessons learned from the Colonial Pipeline attack

Over the weekend, Colonial Pipeline, owner of 5,500 miles of pipeline carrying natural gas, gasoline, and diesel from Texas to New Jersey, shut down its operations in response to what it said was a ransomware […]

Courtesy: Industrial Defender

Overcome patch, management vulnerabilities in an OT environment

A vulnerability is a weakness in a computing resource that can be exploited to cause harm. Mitigating vulnerability risk is accomplished through an effective vulnerability management program that includes vulnerability monitoring, vulnerability risk assessment, and vulnerability mitigation […]

Throwback Attack: Lessons from the Aurora vulnerability

Throwback Attack: Lessons from the Aurora vulnerability

Lessons can be learned from prior cybersecurity efforts, even older ones, as this 2007 demonstration showed. Are you aware of the eight ways to mitigate the Aurora vulnerability? In 2007, the Department of Homeland Security, […]

Proactive management of plant cybersecurity

Proactive management of plant cybersecurity

A combination of information technology (IT) and operations technology (OT) cybersecurity expertise is required to manage the influx of Industrial Internet of Things (IIoT) devices and increased IT/OT integration.

Image courtesy: Brett Sayles

How to approach IoT cybersecurity for smart buildings

The proliferation of the Internet of Things (IoT) is making buildings more complex and dynamic, with hundreds of devices connecting to disparate systems to perform a wide range of functions like energy management, physical security […]

Courtesy: Chris Vavra, CFE Media

Creating a threat-informed defense for a facility

The MITRE ATT&CK for ICS Matrix provides a common nomenclature that allows asset owners, security researchers and consultants, internal defenders and product vendors to better communicate about adversary techniques. Nothing in it is new to […]

Bryan Bennett of ESD talks about the IT/OT divide.

Securing Facilities: Expert Interview Series, Bryan Bennett, ESD

Cyberattacks on industrial manufacturing and government facilities have been on the rise, but securing facilities takes more than just a shrewd and effective information technology (IT) department. There also needs to be buy-in from operational […]

Five essential security functions for hybrid networks

Five essential security functions for hybrid networks

Organizations have distributed data and workloads across cloud environments and on-premises data centers. As a result, IT teams have to deploy, manage, and secure increasingly complex and hybrid networks. And even though many organizations have moved […]

Selecting HMI remote access options

Selecting HMI remote access options

Two leading methods exist for establishing mobile human-machine interface (HMI) connectivity; one providing more cybersecurity. See table comparison of remote access HMI connections.

Courtesy: Rick Ellis

Molson Coors cyberattack impacts production, shipments

Another major company has fallen victim to a cyberattack that has caused significant disruptions to its business operations. In an SEC filing, Chicago-based brewing and beverage company Molson Coors recently acknowledged they experienced a systems […]

Figure 1: Technological advances are keeping the world connected. High-performance HMI graphics, for instance, are key to getting critical data to the right people at the right time and can help improve an operator’s ability to manage the operation more effectively, increasing response time to alarms and other abnormal situations. Data really is king. Courtesy: MAVERICK Technologies

How to achieve remote automation success

The world we live in is not the same world we once knew. Unprecedented global events and new technological advances are forcing manufacturers to adapt and work in an ever-evolving, more remote business environment. Change […]

Image courtesy: Brett Sayles

ICS cybersecurity company appoints CEO

Mission Secure, an industria­l control system (ICS) cybersecurity technology company, appointed John Adams as Chief Executive Officer (CEO). He will succeed David Drescher, who will remain with the board of directors. “A generational shift has […]

Image courtesy: Brett Sayles

Four OT, ICS security patching lessons to consider

Having comprehensive list of security-related patches by using operational technology (OT)-specific patching tools to gather complete software, vulnerability, and security patching information sounds simple. Information technology (IT) security professionals will tell users to scan it […]

Four ways to sharpen the technology that runs buildings in 2020

Four ways to sharpen building system technologies

IoT and intelligent management systems have revolutionized the capabilities of our buildings by enabling better automation and increasing efficiencies for better overall building health

Courtesy: Verve Industrial

Compensating controls in ICS cybersecurity

Most operational technology (OT) environments use scan-based patching tools, which are pretty standard but not overly insightful to show us what assets we have and how they are configured. What is really needed is robust […]

The IDC IT/OT Convergence Survey shows the importance of achieving physical and cybersecurity integration.

Cybersecurity required for safe IIoT robots

For a robot to be safe, it must also be secure from cyberattacks in the age of Industrie 4.0 and the Industrial Internet of Things (IIoT). Everyone in the information technology (IT) and operations technology (OT) departments are responsible for ensuring this happens.

The human asset in cybersecurity

The human asset in cybersecurity

Cybersecurity education: Human hacking, the compromise of human assets, is often the first step in a cybersecurity breach, even if or when technical systems are secure. Help coworkers and those in your supply chain to avoid being the entry point for attack. Learn attack methods, five attack types and five prevention techniques.

What OSHA can teach us about cybersecurity

What OSHA can teach us about cybersecurity

What does OSHA teach us about industrial cybersecurity? Clearly, high cybersecurity risk could increase risk of industrial accidents, but OSHA’s model can help in other ways. Prior to 1970, worker safety in industrial settings was […]

Eaton recommends managing cybersecurity risks through a Secure Development Lifecycle (SDL) with protocols in place for threat modeling, requirements analysis, implementation, verification and ongoing maintenance to manage risks throughout the product lifecycle.In October 2020, Eaton became the first company to have its product development processes certifiedby the IEC and UL. Eaton recently joined the International Society of Automation (ISA) Global CybersecurityAlliance as a founding member to advance advocacy for a global cybersecurity standard and industry collaboration. Courtesy: Eaton

How cybersecurity is affecting control and automation

Learning Objectives Cybersecurity global standards from IEC, ISA Global Cybersecurity Alliance and UL help lower risk.  Cybersecurity education and training.  The Industrial Internet of Things (IIoT), connected devices and the vast amounts of generated data create industrial […]

Four best practices for industrial wireless LANs

Four best practices for industrial wireless LANs

Deployments and optimal operation of industrial wireless local area networks (LANs) require attention to site survey, lifecycle management, cybersecurity and collaboration. Need to optimize existing industrial wireless networks?

Video: Cybersecurity for Energy Managers

Video: Cybersecurity for Energy Managers

Cybersecurity is an important aspect of project implementation, and will become critical as information and operations technologies converge.

Courtesy of: CFE Media and Technology

Throwback Attack: Smart buildings, smarter hackers

As society has delved deeper into the fourth — and soon to be fifth — industrial revolution, technology has become more woven into our everyday lives. Once upon a time, smart technology was found only […]

Many wonder where to start when attempting to protect embedded systems in OT cybersecurity? Here are some great places to start.

Three steps to building an ICS/OT roadmap

Gartner estimates that by 2023, 75% of organizations will restructure risk and security governance to address converged information technology (IT), operational technology (OT), Internet of Things (IoT) and physical security needs – an increase from fewer […]

Image courtesy: Brett Sayles

How AI lets Priefert Manufacturing stay productive

Founded in 1964, Priefert Manufacturing is one of the largest farm, ranch and rodeo equipment manufacturers in the world. With a huge range of equipment in locations that span several acres in the U.S., it is […]

Image courtesy: CFE Media and Technology

Colonial Pipeline fined almost $1 million

On May 5, 2022, The U.S. Department of Transportation’s Pipeline and Hazardous Materials Safety Administration (PHMSA) issued a Notice of Probable Violation (NOPV) and Proposed Compliance Order to Colonial Pipeline Company for close to $1 […]

MIT researchers demonstrated that analog-to-digital converters in smart devices are vulnerable to power and electromagnetic side-channel attacks that hackers use to “eavesdrop” on devices and steal secret information. They developed two security strategies that effectively and efficiently block both types of attacks. Courtesy: MIT News

Stronger security systems for smart devices

Researchers are pushing to outpace hackers and develop stronger protections that keep data safe from malicious agents who would steal information by eavesdropping on smart devices. Much of the work done to prevent these “side-channel […]

Researchers discuss cyber-physical threat response

Protecting the power grid through cyber-physical threat response

Current methods of defending critical energy infrastructure from multistage, cyber-physical threats remain largely dependent upon human intervention and compartmentalized monitoring with an emphasis on prevention. But how can electric power utilities quickly and effectively respond […]

A hacker in the background.

Throwback Attack: MiniDuke malware attacks 23 countries

While governments and organizations are attacked daily, some attacks leave little, if any, damage. It really depends on the sophistication level of the threat actor, which varies with each hack. However, there can be a […]

Many wonder where to start when attempting to protect embedded systems in OT cybersecurity? Here are some great places to start.

Locking down team communication can help control information

Communication is vital to managing every part of a business. In each communication within your company and between your company and external entities, you’re exchanging information. Some of that information might be simple pleasantries or […]

SwRI used programmable logic controllers (PLCs) connected to input/output (I/O) modules to a test network. Algorithms scanned the network for cyberattacks through data packets transferred over the Modbus/TCP protocol. Courtesy: Southwest Research Institute (SwRI)

IDS developed for industrial control systems

Southwest Research Institute has developed technology to help government and industry detect cyber threats to industrial networks used in critical infrastructure and manufacturing systems. SwRI funded the research to address emerging cyber threats in the […]

Many wonder where to start when attempting to protect embedded systems in OT cybersecurity? Here are some great places to start.

Automated manufacturing cybersecurity risks

Automation is the use of equipment to automate systems and production processes to reduce work. While factory automation and robotic innovations are thriving in the U.S., the country has fallen behind in utilizing automation for manufacturing. […]

Courtesy: Brett Sayles

Securing energy infrastructure from cyber threats

Energy infrastructure is a large sector. It has evolved in the past 200 years and is still evolving. From mechanical to electronics to sophisticated control system technologies, it has helped improved the usage and efficiency […]

A robot powered by OSARO’s machine learning system picks consumer goods. Courtesy: A3/OSARO

Industrial robot utilization requires cybersecurity strategy

Industrial robots generate billions of data points that can be used to measure and optimize robot performance, provide predictive maintenance and to drive advanced analytics. Digitalization of the industrial sector is certainly on the increase […]

Image courtesy: Brett Sayles

Cybersecurity and the human element

Every year, the UK government conducts its “Cyber Security Breaches Survey” to help organizations understand the cyber security threat landscape, including the impact of breaches and how breaches occur in the first place. Regarding how […]

Courtesy: Brett Sayles

U.S. data compromises hit record high in 2021

Every year brings new data breach victims. According to the data presented by the Atlas VPN team, the volume of publicly reported data compromises in the United States reached a record-high of 1,862 in 2021, […]

As threat increases, college cybersecurity programs are more in demand

Five principles for guiding OT cybersecurity governance

OT cybersecurity governance: Who has authority? Who is accountable? These are perhaps the two most important questions in reducing cyber risk to operations. There are “big G” governance questions such as: Who should set the […]

Reducing risk and responding to industrial environment threats

Reducing risk and responding to industrial environment threats

Industrial cybersecurity leaders – including the C-suite, CISOs, security teams, and operational leaders – are realizing the potential financial, operational and safety impact of cyber events. Attempting to get their hands around securing this challenging […]

Figure 1: PLCs, HMIs, and other Ethernet-capable automation devices used for modern automation systems can no longer rely on “cybersecurity by obscurity” and “air gaps.” They must progressively adopt advanced IT type security features. Courtesy: AutomationDirect

Cybersecurity-centered systems and fundamentals

Industrial automation project designers have rightfully maintained a primary focus on delivering correct and reliable equipment functionality. However, now that most intelligent automation devices include wired or wireless connectivity, and end users are increasingly looking […]

Courtesy: CFE Media

Cybersecurity risk is business risk

Business disruption that results from ransomware attacks is costly on many levels. Downtime, mitigation expenses and reputational costs can run anywhere from hundreds of thousands of dollars to shutting a business down for good. Recent […]

Figure 1: To determine effectiveness and maturity, take a particular control and plot the effectiveness score on the Y-axis of a graph and the DMS on the X-axis of the graph. By seeing which quadrant the result falls into, people can quickly make some general statements about the systems under consideration. Courtesy: Maverick Technologies

Securing the ICS: Measure solution effectiveness, maturity

Many articles focused on cybersecurity stress how important it is to secure an industrial control system (ICS) and share ways to implement this security. In this article, the assumption is this advice has already been […]

Figure 1: The gap between IT and OT can be overcome with the help of system integrators. Courtesy: Applied Control Engineering Inc.

Good cybersecurity requires IT/OT convergence

When an organization does not take advantage of potential synergies between information technology (IT) and operational technology (OT), it might be leaving plant floor systems open to attack. In many organizations, the lines of communication […]

Figure 1: For smaller organizations with limited network resources, it can be tempting to plug your machine directly into the business network. Courtesy: DMC

Securing your facility

As I started delving into cybersecurity, I realized I didn’t know what I didn’t know. My mental image consisted of dark rooms, high caffeine beverages and green computer screens. I even didn’t understand where to […]

Figure 1: The evolution of IT/OT convergence is critical to understand to explain why things are the way they are, and to decipher where an organization should go next. Courtesy: Grantek

Cybersecurity and IT/OT convergence: A pathway to digital transformation

The technologies that make up a company’s industrial operations today are evolving faster than ever. Competing platforms leapfrog each other for market dominance and user preference, while start-ups flush with cash from investors shake up […]

Courtesy: Trekkor

Bridging the IT and OT gap for a power service company

NovaSource Power Services (NSPS) is the insight and operations and management (O&M) services partner for owners of renewable assets ready to fuel smart growth. They manage the largest solar projects in the world, and deliver […]

Courtesy: Sealevel Systems, Inc.

Convergence or overlap? Understanding the IT/OT relationship

Until recent decades, operational technology (OT), which involves the monitoring and controlling of physical machinery and equipment, was manually managed by human workers. As information technology (IT) relies on computers for operation, its integration into […]

The modern energy grid will be data-driven, have improved security and rely on the edge to manage data processing. Courtesy: Intel/Fortinet

Building a secure energy and power grid for the future

The energy market has had rapid increases in demand that cannot be fulfilled with carbon-based fuels. It requires companies to use renewable energies such as solar and wind to keep up. What’s needed is an […]

Automated secure device onboarding is shown as a six-step process using the IoT as part of the delivery system for the supply chain. Courtesy: Fortinet/Intel

Secure device onboarding for manufacturing supply chain

The manufacturing sector is becoming more interconnected as the Internet of Things (IoT) allows data to be transferred from many devices. IoT device security is critical, and configuring credentials, a process called onboarding, is a […]

Many wonder where to start when attempting to protect embedded systems in OT cybersecurity? Here are some great places to start.

Managing the costs of OT cyber insurance

Cybersecurity insurance is an increasingly important weapon in the risk management arsenal of today’s enterprises. Unknown just a decade ago, these popular policies now offer organizations a crucial hedge against risks that defy routine assessment, […]

Figure 4: The risk management cycle, and incorporation of Industry 4.0 goals for security controls implementation. Courtesy: Grantek

Upgrading industrial PC cybersecurity in manufacturing

Learning Objectives Cybersecurity attacks against manufacturers and other industrial sites are growing every year. When developing a cybersecurity plan, is best to look at it through the lens of business risk reduction and enabling innovation. […]

Courtesy: Verve Industrial

TSA Pipeline cybersecurity directive announced

On May 27, the United States Department of Homeland Security (DHS) announced its initial regulatory response to the Colonial Pipeline ransomware attack. As the Security Directive highlighted, this is only the first step in what is likely […]

Image courtesy: Brett Sayles

Cybersecurity needs for connected building systems

Connected capabilities offer a great deal of potential for building systems. Connected HVAC, lighting, alarms, fire protection and more are all key components of smart buildings currently in demand. These capabilities offer exciting opportunities for […]

Machinery

Requiring SBOMs and their impact on OT

The concept and benefits of a software bill of materials (SBOM) are simple to understand. SBOMs are a list of all software in an application or cyber asset. Vendors need to create and maintain an […]

Throwback Attack: How Stuxnet changed cybersecurity

Throwback Attack: How Stuxnet changed cybersecurity

During the second Bush Administration, there was great concern about the rapid progress of the Iranian enrichment program, which would likely lead to the attainment of weapons-grade uranium. The center of that operation was, and […]

How to establish defense in depth for building automation systems

How to establish defense in depth for building automation systems

Building automation systems have become a soft target for cyberattacks due to the large numbers of intelligent devices connected over open networks, sophisticated threats designed to attack control systems, as well as dependency on third-party […]

PLC coding practices document released

PLC coding practices document released

The ISA Global Cybersecurity Alliance (ISAGCA), along with admeritia GmbH (admeritia),  announced the release of the Top 20 Secure PLC Coding Practices document. The document aims to provide a list of coding practices for programmable […]

How IT/OT convergence starts with understanding

How IT/OT convergence starts with understanding

IT/OT convergence isn’t just a concept, a catchy mnemonic, nor a convenient abbreviation jumble  It’s a very real and significant challenge facing manufacturers. At the crux of the issue is how information technology (IT) and […]

Many wonder where to start when attempting to protect embedded systems in OT cybersecurity? Here are some great places to start.

The importance of ICS security

Industrial control system (ICS) security is growing in importance as cyber-attacks increasingly focus on physical processes for either ransom or to cause harm to critical production systems. Attacks such as the Oldsmar water treatment plant, […]

The task of cybersecurity often falls to the IT department. But here are five questions every CISO should ask about OT cybersecurity.

Six steps for cyberattack incident response planning

How a company responds to an incident is important. The wrong response could damage the company’s reputation or destroy it altogether. A proactive and timely response to an incident can result in great press and […]

Image courtesy: CFE Media and Technology

Lessons learned from the Colonial Pipeline attack

Over the weekend, Colonial Pipeline, owner of 5,500 miles of pipeline carrying natural gas, gasoline, and diesel from Texas to New Jersey, shut down its operations in response to what it said was a ransomware […]

Courtesy: Industrial Defender

Overcome patch, management vulnerabilities in an OT environment

A vulnerability is a weakness in a computing resource that can be exploited to cause harm. Mitigating vulnerability risk is accomplished through an effective vulnerability management program that includes vulnerability monitoring, vulnerability risk assessment, and vulnerability mitigation […]

Throwback Attack: Lessons from the Aurora vulnerability

Throwback Attack: Lessons from the Aurora vulnerability

Lessons can be learned from prior cybersecurity efforts, even older ones, as this 2007 demonstration showed. Are you aware of the eight ways to mitigate the Aurora vulnerability? In 2007, the Department of Homeland Security, […]

Proactive management of plant cybersecurity

Proactive management of plant cybersecurity

A combination of information technology (IT) and operations technology (OT) cybersecurity expertise is required to manage the influx of Industrial Internet of Things (IIoT) devices and increased IT/OT integration.

Image courtesy: Brett Sayles

How to approach IoT cybersecurity for smart buildings

The proliferation of the Internet of Things (IoT) is making buildings more complex and dynamic, with hundreds of devices connecting to disparate systems to perform a wide range of functions like energy management, physical security […]

Courtesy: Chris Vavra, CFE Media

Creating a threat-informed defense for a facility

The MITRE ATT&CK for ICS Matrix provides a common nomenclature that allows asset owners, security researchers and consultants, internal defenders and product vendors to better communicate about adversary techniques. Nothing in it is new to […]

Bryan Bennett of ESD talks about the IT/OT divide.

Securing Facilities: Expert Interview Series, Bryan Bennett, ESD

Cyberattacks on industrial manufacturing and government facilities have been on the rise, but securing facilities takes more than just a shrewd and effective information technology (IT) department. There also needs to be buy-in from operational […]

Five essential security functions for hybrid networks

Five essential security functions for hybrid networks

Organizations have distributed data and workloads across cloud environments and on-premises data centers. As a result, IT teams have to deploy, manage, and secure increasingly complex and hybrid networks. And even though many organizations have moved […]

Selecting HMI remote access options

Selecting HMI remote access options

Two leading methods exist for establishing mobile human-machine interface (HMI) connectivity; one providing more cybersecurity. See table comparison of remote access HMI connections.

Courtesy: Rick Ellis

Molson Coors cyberattack impacts production, shipments

Another major company has fallen victim to a cyberattack that has caused significant disruptions to its business operations. In an SEC filing, Chicago-based brewing and beverage company Molson Coors recently acknowledged they experienced a systems […]

Figure 1: Technological advances are keeping the world connected. High-performance HMI graphics, for instance, are key to getting critical data to the right people at the right time and can help improve an operator’s ability to manage the operation more effectively, increasing response time to alarms and other abnormal situations. Data really is king. Courtesy: MAVERICK Technologies

How to achieve remote automation success

The world we live in is not the same world we once knew. Unprecedented global events and new technological advances are forcing manufacturers to adapt and work in an ever-evolving, more remote business environment. Change […]

Image courtesy: Brett Sayles

ICS cybersecurity company appoints CEO

Mission Secure, an industria­l control system (ICS) cybersecurity technology company, appointed John Adams as Chief Executive Officer (CEO). He will succeed David Drescher, who will remain with the board of directors. “A generational shift has […]

Image courtesy: Brett Sayles

Four OT, ICS security patching lessons to consider

Having comprehensive list of security-related patches by using operational technology (OT)-specific patching tools to gather complete software, vulnerability, and security patching information sounds simple. Information technology (IT) security professionals will tell users to scan it […]

Four ways to sharpen the technology that runs buildings in 2020

Four ways to sharpen building system technologies

IoT and intelligent management systems have revolutionized the capabilities of our buildings by enabling better automation and increasing efficiencies for better overall building health

Courtesy: Verve Industrial

Compensating controls in ICS cybersecurity

Most operational technology (OT) environments use scan-based patching tools, which are pretty standard but not overly insightful to show us what assets we have and how they are configured. What is really needed is robust […]

The IDC IT/OT Convergence Survey shows the importance of achieving physical and cybersecurity integration.

Cybersecurity required for safe IIoT robots

For a robot to be safe, it must also be secure from cyberattacks in the age of Industrie 4.0 and the Industrial Internet of Things (IIoT). Everyone in the information technology (IT) and operations technology (OT) departments are responsible for ensuring this happens.

The human asset in cybersecurity

The human asset in cybersecurity

Cybersecurity education: Human hacking, the compromise of human assets, is often the first step in a cybersecurity breach, even if or when technical systems are secure. Help coworkers and those in your supply chain to avoid being the entry point for attack. Learn attack methods, five attack types and five prevention techniques.

What OSHA can teach us about cybersecurity

What OSHA can teach us about cybersecurity

What does OSHA teach us about industrial cybersecurity? Clearly, high cybersecurity risk could increase risk of industrial accidents, but OSHA’s model can help in other ways. Prior to 1970, worker safety in industrial settings was […]

Eaton recommends managing cybersecurity risks through a Secure Development Lifecycle (SDL) with protocols in place for threat modeling, requirements analysis, implementation, verification and ongoing maintenance to manage risks throughout the product lifecycle.In October 2020, Eaton became the first company to have its product development processes certifiedby the IEC and UL. Eaton recently joined the International Society of Automation (ISA) Global CybersecurityAlliance as a founding member to advance advocacy for a global cybersecurity standard and industry collaboration. Courtesy: Eaton

How cybersecurity is affecting control and automation

Learning Objectives Cybersecurity global standards from IEC, ISA Global Cybersecurity Alliance and UL help lower risk.  Cybersecurity education and training.  The Industrial Internet of Things (IIoT), connected devices and the vast amounts of generated data create industrial […]

Four best practices for industrial wireless LANs

Four best practices for industrial wireless LANs

Deployments and optimal operation of industrial wireless local area networks (LANs) require attention to site survey, lifecycle management, cybersecurity and collaboration. Need to optimize existing industrial wireless networks?

Video: Cybersecurity for Energy Managers

Video: Cybersecurity for Energy Managers

Cybersecurity is an important aspect of project implementation, and will become critical as information and operations technologies converge.

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES