Author: Andrew Ginter

Unidirectional Remote Access Options

In this time of COVID-19 travel restrictions and quarantines, understanding options for safe, secure remote access to Industrial Sites and Control Centers is especially important. This post reviews 3 common options for secure remote access and support: server replication, Remote Screen View and Secu

The US DHS CISA just issued an alert describing a natural gas compression facility hit by ransomware. The alert recommends segmentation; the most robust segmentation is unidirectional. Read more why OT network segmentation is so important and how it should be done

How would Iran launch a cyber retaliation? Would they fly operatives into the country, drive up to power plants and cut through barbed-wire perimeters with USB drives? No - they will use their zero-days and custom malware remotely, sipping coffee in the safety of their offices. Several jurisdictions

In a recent Industrial Security podcast, Patrick Miller was asked about IT vs OT approaches to security. He replied, “We've always characterized it in terms of OT and IT

FireEye reports that the Triton (aka Trisys) malware targeting safety instrumented systems has been discovered at another undisclosed target in the Middle East. As a result of investigating that intrusion, FireEye reports that the threat actors behind Triton are a government-sponsored Russian agency

Aluminum manufacturing giant Norsk Hydro shut down by ransomware. What lesson can we learn from this? Enter to Read More>>

SECURE OPERATIONS TECHNOLOGY: THE MISSING LINK TO A SECURE INDUSTRIAL SITE - A new book by Andrew Ginter. Get your free copy now

The Carbon Black Quarterly Incident Response Threat Report for 2018 shows that destroying forensic evidence to hide attack sources and attack capabilities is becoming increasingly common. The report quotes an incident response professional as observing that “We’ve seen a lot of destruction of lo

“The beginning of wisdom is the definition of terms.” - Socrates (470 – 399 B.C.) Definitions are important - good ones shape our understanding of concepts while poor ones impair that understanding. Consider the definition: pen: a tube of ink with a tiny ball bearing at the tip How useful is

The Meltdown / Spectre saga continues. Ulf Frisk just posted a description of a vulnerability he has coined "Total Meltdown". It seems that Microsoft developers introduced an even worse vulnerability while fixing the Meltdown vulnerability in Windows 7 and Windows 2008 Server R2. With this broken Me

Consider a prolonged power outage over a large metropolitan area, or a cyber attack targeting a nuclear power plant. These are real attacks, not hypothetical ones, that affected people’s lives, and cost owners and operators both monetary and reputational damages. A key problem with modernization

A chronic complaint of industrial control system (ICS) security practitioners is under-funding, and funding decisions for security programs are frequently made by business decision-makers with a limited understanding of cybersecurity and cyber risk issues. Waterfall Security Solutions has just relea

The big news today is the Spectre and Meltdown bugs. These vulnerabilities let attack code such as Javascript steal passwords, encryption keys and session cookies from kernel memory and/or browser windows on nearly all modern computers. The performance hits and code changes needed to fix these bugs

Recent reports of cyber attacks on U.S. nuclear reactors have brought upon public doubt on the strength of cyber protections at nuclear power plants. The response from nuclear plants has resoundingly been "no need to panic, nothing to see here," but other pundits are saying "I’m not sure I believe

I recently attended the NERC CIP Emerging Technologies Round Table meeting on Cloud & IoT, where a primary focus was Bulk Electric System (BES) Cyber Systems in the cloud. BES Cyber Systems are systems with an adverse effect on the BES within 15 minutes of failure or compromise. Interestingly, t

A short while back, I was asked to speak at an event held by The Cyber Resilient Energy Delivery Consortium (CREDC), a research and development initiative funded by the U.S. Department of Energy. Its research focuses on cybersecurity and cyber-resiliency of energy delivery systems for the electric p

Recently, Waterfall joined 24 vendors from Industrie 4.0 (I4.0) and the Industrial Internet Consortium (IIC) in demonstrating secure cloud interconnectivity at the Hannover Messe industrial event. Unidirectional gateway technology and strong encryption was at the heart of this outsourced security de

This is a question that might not even emerge initially in the minds of IT security professionals. However, when we take a closer look, the differences are clear. Consider the history of IT and SCADA networks. The original "killer app" for IT networks was mainframe transaction processing. The origin

Author: Andrew Ginter

Unidirectional Remote Access Options

Ransomware Hits Gas Plant: OT Segmentation Is And Will Always Be Essential

Cyber Retaliation – The Iranian Threat

Not IT or OT – It’s All Just T

Triton/Trisys Strikes Again

The Lesson in the Norsk Hydro Ransomware Attack

Secure Operations Technology Book: The missing link to a secure industrial site

Carbon Black Reports Deleted Logs Are Increasingly Common

Defining Control Security

Total Meltdown

The New Era of Cyber Insurance

The Top 20 Cyberattacks on ICS

Protecting Industrial Control Systems from Spectre and Meltdown

Nuclear Cyber Compromise – Not On Our Watch

Insights from the NERC CIP Emerging Technologies Round Table

The Concept of Physical Enforcement of Cybersecurity Functions

Hannover Messe “Outsourced Security” Demo: An Overview and Takeaways

What are the real differences between IT cybersecurity and ICS (or SCADA) cybersecurity?

Headquarters

USA

France

AUSTRALIA

“Waterfall announces the launch of Waterfall BlackKBox™.