Andrew Ginter, Author at Waterfall Security

Ukrainian Conflict Puts Critical Infrastructures at Risk

The attack on the Belarusian rail system is yet another example of an attack that cripples IT systems, and so brings about OT consequences, like the Colonial Pipeline attack, and the JBS meatpacking attack

Effective the end of December 2021, new security directives require that railroad carriers, as well as owner/operator of a passenger railroad carrier or rail transit system, perform 4 critical actions. In this blog, post we are clarifying all the new information

Why is it, that the Colonial pipeline had to be shut down? Targeted ransomware can affect physical operations in one of three ways

Multi-factor authentication is held up as a 'silver bullet' for protecting remote access systems, but Pulse VPN MFA was just breached. What does this mean for industrial security?

The threat environment continues to evolve with Russian Sandworm group breaching Centreon monitoring system installations with targeted attacks. New blog post by Andrew Ginter

The High-Tech Association of the Israeli Manufacturers Association has named Lior Frenkel, co-founder and CEO of Waterfall Security Solutions, to lead a newly established Cyber Companies Forum. Read more

Industrial/OT cybersecurity programs include people, processes and technology. We often talk about our technology, unidirectional security gateways, here, but that technology alone is not all that is needed. A full program includes all the elements from the NIST framework. Click here to explore secu

There are voices in the industrial security community advocating a return to hard-wired protective relays, discarding two decades of progress in this space. But, a practical solution is to protect the protection. In power plants, as in high voltage substations, protective relays can be connected to

Critical infrastructure OT equipment directly connected to the Internet is the focus of the just-issued and very long NSA/CISA AA20-205A alert. Surprises: this is the first alert recommending a manual-ops fall-back plan (resilience) and a tamper-proof repository for "gold" images (to use during manu

Honda shut down a number of manufacturing facilities on Monday June 8, 2020, with most, but not all facilities back up again Tuesday. The (unconfirmed) cause appears to be an infestation by the “Snake” ransomware

The US government acts to protect the electric grid - but there is only so much any government can do. Unlike physical conflicts, the only way to defeat the most sophisticated cyber attacks is for individual sites to take the lead

In this time of COVID-19 travel restrictions and quarantines, understanding options for safe, secure remote access to Industrial Sites and Control Centers is especially important. This post reviews 3 common options for secure remote access and support: server replication, Remote Screen View and Secu

The US DHS CISA just issued an alert describing a natural gas compression facility hit by ransomware. The alert recommends segmentation; the most robust segmentation is unidirectional. Read more why OT network segmentation is so important and how it should be done

How would Iran launch a cyber retaliation? Would they fly operatives into the country, drive up to power plants and cut through barbed-wire perimeters with USB drives? No - they will use their zero-days and custom malware remotely, sipping coffee in the safety of their offices. Several jurisdictions

In a recent Industrial Security podcast, Patrick Miller was asked about IT vs OT approaches to security. He replied, “We've always characterized it in terms of OT and IT

FireEye reports that the Triton (aka Trisys) malware targeting safety instrumented systems has been discovered at another undisclosed target in the Middle East. As a result of investigating that intrusion, FireEye reports that the threat actors behind Triton are a government-sponsored Russian agency

Aluminum manufacturing giant Norsk Hydro shut down by ransomware. What lesson can we learn from this? Enter to Read More>>

SECURE OPERATIONS TECHNOLOGY: THE MISSING LINK TO A SECURE INDUSTRIAL SITE - A new book by Andrew Ginter. Get your free copy now

The Carbon Black Quarterly Incident Response Threat Report for 2018 shows that destroying forensic evidence to hide attack sources and attack capabilities is becoming increasingly common. The report quotes an incident response professional as observing that “We’ve seen a lot of destruction of lo

“The beginning of wisdom is the definition of terms.” - Socrates (470 – 399 B.C.) Definitions are important - good ones shape our understanding of concepts while poor ones impair that understanding. Consider the definition: pen: a tube of ink with a tiny ball bearing at the tip How useful is

Author: Andrew Ginter

Ukrainian Conflict Puts Critical Infrastructures at Risk

Waterfall Simplifies TSA Directives for Rails Cyber Incident Response

Three Ways Ransomware Can Shut Down A Pipeline | Colonial Pipeline Attack Update

Critical Infrastructure Implications of the Pulse Multifactor Authentication Bypass

Obsolete Centreon Version Breached

The Israeli High-Tech Association Names Lior Frenkel to Head the Cyber Companies Forum

Security Programs: The IEC Perspective

Resilience: Protecting Protective Relays

NSA/CISA AA20-205A Alert Analysis

Snake Hits Honda

Electric System National Emergency

Unidirectional Remote Access Options

Ransomware Hits Gas Plant: OT Segmentation Is And Will Always Be Essential

Cyber Retaliation – The Iranian Threat

Not IT or OT – It’s All Just T

Triton/Trisys Strikes Again

The Lesson in the Norsk Hydro Ransomware Attack

Secure Operations Technology Book: The missing link to a secure industrial site

Carbon Black Reports Deleted Logs Are Increasingly Common

Defining Control Security

HEADQUARTERS

USA

United Arab Emirates

FRANCE

SINGAPORE

AUSTRALIA

FOLLOW US

RESOURCES

“Waterfall announces the launch of Waterfall BlackKBox™.