Learn Why it’s Important to Protect Power Generating Units the Right Way. A new blog post by Courtney Schneider
Learn Why it’s Important to Protect Power Generating Units the Right Way. A new blog post by Courtney Schneider
Why do some incident response programs work effectively, while others don’t? In this blog post, we examine the essential building blocks of an enterprise-level cyber incident response program, as well as the common mistakes and pitfalls that may lead such a program to fail just when you need it mo
In August 2019 the US Government Accountability Office (GAO) published a Report to Congressional Requesters expressing concern regarding the current state of security and resilience for the US power grid. In this article Courtney Schneider focuses on the GAO recommendation to the Federal Energy Regu
In this post, we explain the unique structure and context of a modern IT/OT DMZ, and why a traditional IT DMZ model doesn’t cut muster for secure integration with ICS networks.
Threats to operations control systems are no longer theoretical. With manufacturing control networks connectivity steadily increasing, a unidirectional IIoT architecture reflects a robust and trustworthy way of achieving the increased efficiencies and other business benefits of the IIoT’s central.
The essence of today’s OT security problem is that the data-centric, IT-class protections are simply not enough for operational security and control system security needs. A cyber breach to physical processes and powerful tools can have disastrous consequences. Preventing misuse and protecting cor
Over the last few decades, the clear path to securing operational technology has been difficult to forge as so much has come from the vast world of IT data protection, encryption and authentication. On the other hand, practitioners on the OT side of the digital network speak about the risks and unwa
Waterfall Security is pleased to announce our Industrial Security Podcast featuring interviews with world-recognized experts on a wide range of industrial cybersecurity topics. The podcast will address current and developing ICS topics such as: Do expert ICS penetration testers target live/running s
Much has been written and debated regarding communicating cyber risk to boards and other key corporate decision makers. Conveying to a non-technical audience the criticality of cyber vulnerabilities in IT systems that support business functions can be a daunting task; but what if the systems don’t
Governments all over the world are beginning to toughen cyber regulations imposed on industry to respond to the increasing threat of cyber attacks on national critical infrastructure. This class of cyber attack does not just limit itself to enterprise systems. If the control systems of a digitized p
Different continents point to similar concerns The Black Hat Asia 2018 attendee survey polled IT and security professionals from 12 East Asian countries, Australia and elsewhere, asking about the threats and challenges they are most concerned with, the attacks and attackers they fear most, as well
Written into law The Directive on the Security of Network Information Systems (NIS) represents the first pan-European law covering requirements for cybersecurity. It aims to achieve a common security posture for European countries by means of strengthening 1) cybersecurity capabilities at a nationa
Cybersecurity best practice according to ANSSI, France’s National Agency for the Security of Information Systems, points to unidirectional data flow solutions. Why? Because it’s the safest and most reliable way to segregate and protect your critical network from less trusted networks and cyber t
AGC Partners recently released an in-depth report detailing the growing market for manufacturing analytics, and the companies that currently make up its booming ecosystem. The subject is timely, as advancements in the Industrial Internet of things (IIoT), Big Data, and Machine Learning have opened t
Recently, a major Canadian company suffered a targeted ransomware attack and was forced to pay $425,000 to restore the encrypted data of both its production base and back-up servers. We have spoken and warned of ransomware in the past, particularly in the aftermath of the global WannaCry attack. Mos
Recently, Waterfall announced a global partnership with intelligence-led security company FireEye, in a push to deliver comprehensive cybersecurity solutions for businesses with industrial sites. The partnership seamlessly integrates FireEye’s cloud-based Threat Analytics Platform (TAP) with relia
This is the largest safety and environmental protection effort BSEE have undertaken. But as with any new regulation the industry has its concerns
When covering for risk, best practice teaches us to categorize, measure and profile our vulnerabilities. Intel - the world’s largest and most highly valued semiconductor chip maker and inventor of the processors found in most personal computers - knows this process well. Countless tests are run by
The Department of Homeland Security recently stated that it had received reports of 59 cyber incidents at energy facilities last year- up nearly a third from the previous year. Those 59 were only a fraction of the 290 incidents the DHS combatted last year across industrial sectors including oil and
[vc_row css_animation="" row_type="row" use_row_as_full_screen_section="no" type="full_width" angled_section="no" text_align="left" background_image_as_pattern="without_pattern"][vc_column][vc_column_text] This past month we have witnessed another win in the world of ICS security standards coming f