Author: Courtney Schneider

Threats to operations control systems are no longer theoretical. With manufacturing control networks connectivity steadily increasing, a unidirectional IIoT architecture reflects a robust and trustworthy way of achieving the increased efficiencies and other business benefits of the IIoT’s central. New post by Courtney Schneider, Cyber Policy Research Manager at Waterfall Security

The essence of today’s OT security problem is that the data-centric, IT-class protections are simply not enough for operational security and control system security needs. A cyber breach to physical processes and powerful tools can have disastrous consequences. Preventing misuse and protecting correct control is the goal of OT security. Read the new post by Courtney Schneider, Cyber Policy Research Manager at Waterfall Security

Over the last few decades, the clear path to securing operational technology has been difficult to forge as so much has come from the vast world of IT data protection, encryption and authentication. On the other hand, practitioners on the OT side of the digital network speak about the risks and unwanted consequences of this very technology to the physical systems they operate. The term SEC-OT - short for ‘Secure Operations Technology’ - is an attempt to combine all of the knowledge and best practices of secure industrial sites into one cohesive and disciplined approach. While the traditional IT approach is

Waterfall Security is pleased to announce our Industrial Security Podcast featuring interviews with world-recognized experts on a wide range of industrial cybersecurity topics. The podcast will address current and developing ICS topics such as: Do expert ICS penetration testers target live/running systems? (cheat: not always, but yes, they do, carefully) What questions should boards of directors be asking their CIO/CSO’s about industrial/OT cybersecurity? What changes is the Industrial Internet of Things (IIoT) bringing about in the next few years? What does the latest industrial cyber risk assessment methodology from EPRI look like? All of these questions are answered in episodes

Much has been written and debated regarding communicating cyber risk to boards and other key corporate decision makers. Conveying to a non-technical audience the criticality of cyber vulnerabilities in IT systems that support business functions can be a daunting task; but what if the systems don’t just support the business, what if they are the business? For businesses who supply critical services and infrastructure to their customers, risk to the control systems from a cyber source is a relatively new concept, and industrial cyber risk dramatically increases the severity of worst-case scenarios. Information technology that supports business functions and protects confidential

Governments all over the world are beginning to toughen cyber regulations imposed on industry to respond to the increasing threat of cyber attacks on national critical infrastructure. This class of cyber attack does not just limit itself to enterprise systems. If the control systems of a digitized petro-chemical plant, for example, fall in the hands of a threat actor, not only can the national energy supply be in danger, but the physical plant itself could be at risk of explosion or fire. This clear and present danger is considered a serious threat in Israel, where several such attacks attempted on industrial

Different continents point to similar concerns The Black Hat Asia 2018 attendee survey polled IT and security professionals from 12 East Asian countries, Australia and elsewhere, asking about the threats and challenges they are most concerned with, the attacks and attackers they fear most, as well as their cybersecurity posture. The main takeaway from the survey is that security professionals across the globe are reaching a growing consensus, sharing a high level of concern over targeted cyberattacks and potential breaches of critical infrastructure. The same concern was echoed in the previous BlackHat survey that polled European security professionals several months ago,

Written into law The Directive on the Security of Network Information Systems (NIS) represents the first pan-European law covering requirements for cybersecurity. It aims to achieve a common security posture for European countries by means of strengthening 1) cybersecurity capabilities at a national level, 2) EU-wide cybersecurity cooperation, and 3) risk management and reporting for operators of essential services and digital service providers. 2018 will be a year of changes for cybersecurity in the European Union. Deadlines approaching include transposing the NIS Directive into European States’ national law by May 9, 2018, and each EU Member State identifying national operators of essential

Cybersecurity best practice according to ANSSI, France’s National Agency for the Security of Information Systems, points to unidirectional data flow solutions. Why? Because it’s the safest and most reliable way to segregate and protect your critical network from less trusted networks and cyber threats. The regulation is now reality, and we’re here to make sense of it all. ANSSI’s detailed cybersecurity guidance for Industrial Control Systems issued in 2014 was and is still today seen as the most comprehensive, clear, and sophisticated industrial control system (ICS) security best practice in the world: Cybersecurity for Industrial Control Systems – Classification Method and Key

AGC Partners recently released an in-depth report detailing the growing market for manufacturing analytics, and the companies that currently make up its booming ecosystem. The subject is timely, as advancements in the Industrial Internet of things (IIoT), Big Data, and Machine Learning have opened the door for manufacturers to embrace manufacturing analytics, particularly, process optimization and predictive maintenance. The report, titled “Taking Big Data from the Carpet to the Concrete,” proposes that manufacturing analytics is no longer simply a support function focused on costs , but rather, has quickly proved to be a strategic capability impacting revenue and “determining future competitiveness