Top 10 Industrial Cybersecurity Pulse articles of 2022

IT/OT convergence
Image courtesy: Brett Sayles

Over the past year, Industrial Cybersecurity Pulse has posted many articles, ranging from various cybersecurity attacks to best practices to protect your industrial control systems (ICS) and their networks.

To wrap up 2022, we looked to see which articles were most visited by our audience … you! Here are the top 10 articles from 2022.

1. How to mitigate cloud security threats

Many people nowadays work in industries that largely rely on cloud computing to stay on top of their daily tasks. Moreover, the system allows people to seamlessly integrate as many employees as needed into any project. Even so, cloud security has some pretty major flaws. It’s vulnerable to configuration errors, malware, insider threats, data breaches and even account hijacking.

2. What you need to know about the NERC CIP standards

The NERC CIP standards are the mandatory security standards that apply to entities that own or manage facilities that are part of the U.S. and Canadian electric power grid. They were initially approved by the Federal Energy Regulatory Commission (FERC) in 2008. Their wide-ranging requirements drive a significant amount of investment by the regulated utilities and have helped create a foundation of cybersecurity awareness among the electric utility sector in North America.

3. How a desert water utility helped protect critical infrastructure

Because of its foundational importance to the nation, critical infrastructure has always been in the crosshairs of hackers and threat actors. It’s essential for water and other utilities to take advantage of new technologies and security solutions that can help provide visibility into networks and physical infrastructures. Regardless of the security solutions being used, Oldsmar was definitely a wake-up call for many in the industry, including Kristen Sanders, the then-chief information security officer at the Albuquerque (New Mexico) Bernalillo County Water Utility Authority.

4. The permanent Microsoft DCOM hardening patch could shut down your ICS

March 14, 2023, is a date that organizations utilizing operational technology should have circled on their calendars. After that date, it will no longer be possible to disable a critical Microsoft DCOM hardening patch, which could trigger equipment shutdowns and lead to revenue disruptions, unless there are backups available prior to the patch enablement. The update involves the Distributed Component Object Model (DCOM) — a software component embedded in industrial control systems from companies like Rockwell Automation, Honeywell, Siemens and GE.

5. Nine reasons why ICS/OT infrastructure is insecure

In the past, ICS/OT systems were not connected to the internet; OT security was restricted to safeguarding the physical infrastructure with well-known solutions such as security guards, biometrics and fences. Now, for ease of operability, all ICS/OT infrastructure introduces internet connectivity or is in the process of doing so. This transformation exposes these infrastructures to vulnerabilities that cannot be only protected with the help of old solutions. Vulnerable infrastructure could result in serious disruptions with huge financial, environmental and/or health issues.

6. Five questions every CISO should ask about OT cybersecurity

The task of cybersecurity often falls on the information technology department, which makes being a CISO a very challenging job. Asking the right questions about operational technology cybersecurity is imperative to the success in protecting industrial control systems and their counterparts.

7. How serial-to-Ethernet converters help attackers breach cyber-physical assets

In an age when digital transformation heavily influences critical infrastructure’s initiatives, serial-to-Ethernet converters provide ICS operators with a cost-effective and easy-to-use solution to achieve operational efficiency. However, as the ICS threat landscape rapidly broadens, it has proven to be a double-edged sword for asset owners — by presenting malicious threat actors with a gateway to high-risk cyber-physical devices.

8. How Conti ransomware took down operational technology

Ransomware has taken the world by storm, and informational technology (IT) is not the only technology affected. Operational technology (OT), which is increasingly blending with IT, is also susceptible to ransomware tactics, techniques and procedures (TTPs). When ransomware strikes OT, the effects have the potential to be devastating. Here, we look at a Conti ransomware attack that spread from IT to OT systems.

9. Six critical components of integrated cybersecurity for industrial control systems

Security risks and attacks against industrial control systems (ICS) within critical infrastructure sectors are increasing. Firms that offer and implement comprehensive solutions are needed. The financial and legal ramifications of breached ICSs are going up, and regulatory agencies are increasingly interested in an organization’s ability to defend against cyberattacks.

10. Tabletop card game about cybersecurity teaches online fundamentals

The Hackers’ Epoch: The Cybersecurity Card Game by Scruffy City Games helps students understand online threats and teaches them fundamental terms they’ll need to learn. After playing the game, students will better understand the meaning of terms like backdoor, data breach or exploit. This tabletop card game about cybersecurity fits right into most high school curriculums and is a authenticated educational product.




Keep your finger on the pulse of top industry news