There are voices in the industrial security community advocating a return to hard-wired protective relays, discarding two decades of progress in this space. But, a practical solution is to protect the protection. In power plants, as in high voltage substations, protective relays can be connected to

Critical infrastructure OT equipment directly connected to the Internet is the focus of the just-issued and very long NSA/CISA AA20-205A alert. Surprises: this is the first alert recommending a manual-ops fall-back plan (resilience) and a tamper-proof repository for "gold" images (to use during manu

Honda shut down a number of manufacturing facilities on Monday June 8, 2020, with most, but not all facilities back up again Tuesday. The (unconfirmed) cause appears to be an infestation by the “Snake” ransomware

The US government acts to protect the electric grid - but there is only so much any government can do. Unlike physical conflicts, the only way to defeat the most sophisticated cyber attacks is for individual sites to take the lead

Why do some incident response programs work effectively, while others don’t? In this blog post, we examine the essential building blocks of an enterprise-level cyber incident response program, as well as the common mistakes and pitfalls that may lead such a program to fail just when you need it mo

In this time of COVID-19 travel restrictions and quarantines, understanding options for safe, secure remote access to Industrial Sites and Control Centers is especially important. This post reviews 3 common options for secure remote access and support: server replication, Remote Screen View and Secu

How would Iran launch a cyber retaliation? Would they fly operatives into the country, drive up to power plants and cut through barbed-wire perimeters with USB drives? No - they will use their zero-days and custom malware remotely, sipping coffee in the safety of their offices. Several jurisdictions

Threats to operations control systems are no longer theoretical. With manufacturing control networks connectivity steadily increasing, a unidirectional IIoT architecture reflects a robust and trustworthy way of achieving the increased efficiencies and other business benefits of the IIoT’s central.

Over the last few decades, the clear path to securing operational technology has been difficult to forge as so much has come from the vast world of IT data protection, encryption and authentication. On the other hand, practitioners on the OT side of the digital network speak about the risks and unwa

FireEye reports that the Triton (aka Trisys) malware targeting safety instrumented systems has been discovered at another undisclosed target in the Middle East. As a result of investigating that intrusion, FireEye reports that the threat actors behind Triton are a government-sponsored Russian agency

Waterfall Security is pleased to announce our Industrial Security Podcast featuring interviews with world-recognized experts on a wide range of industrial cybersecurity topics. The podcast will address current and developing ICS topics such as: Do expert ICS penetration testers target live/running s

OT remote access is efficient and convenient - for attackers Remote access might look like a good idea. Every computer on an enterprise network certainly has some sort of Remote Desktop capability: tech support takes control of my laptop routinely to install new software or to fix issues. Sometime

“The beginning of wisdom is the definition of terms.” - Socrates (470 – 399 B.C.) Definitions are important - good ones shape our understanding of concepts while poor ones impair that understanding. Consider the definition: pen: a tube of ink with a tiny ball bearing at the tip How useful is

Written into law The Directive on the Security of Network Information Systems (NIS) represents the first pan-European law covering requirements for cybersecurity. It aims to achieve a common security posture for European countries by means of strengthening 1) cybersecurity capabilities at a nationa

The Meltdown / Spectre saga continues. Ulf Frisk just posted a description of a vulnerability he has coined "Total Meltdown". It seems that Microsoft developers introduced an even worse vulnerability while fixing the Meltdown vulnerability in Windows 7 and Windows 2008 Server R2. With this broken Me

Consider a prolonged power outage over a large metropolitan area, or a cyber attack targeting a nuclear power plant. These are real attacks, not hypothetical ones, that affected people’s lives, and cost owners and operators both monetary and reputational damages.  A key problem with modernization

Cybersecurity best practice according to ANSSI, France’s National Agency for the Security of Information Systems, points to unidirectional data flow solutions. Why? Because it’s the safest and most reliable way to segregate and protect your critical network from less trusted networks and cyber t

A chronic complaint of industrial control system (ICS) security practitioners is under-funding, and funding decisions for security programs are frequently made by business decision-makers with a limited understanding of cybersecurity and cyber risk issues. Waterfall Security Solutions has just relea

Recently, a major Canadian company suffered a targeted ransomware attack and was forced to pay $425,000 to restore the encrypted data of both its production base and back-up servers. We have spoken and warned of ransomware in the past, particularly in the aftermath of the global WannaCry attack. Mos

Recently, Waterfall announced a global partnership with intelligence-led security company FireEye, in a push to deliver comprehensive cybersecurity solutions for businesses with industrial sites. The partnership seamlessly integrates FireEye’s cloud-based Threat Analytics Platform (TAP) with relia

Recent reports of cyber attacks on U.S. nuclear reactors have brought upon public doubt on the strength of cyber protections at nuclear power plants. The response from nuclear plants has resoundingly been "no need to panic, nothing to see here," but other pundits are saying "I’m not sure I believe

 Guest blog The recent WannaCry/WannaCrypt, attacks received global attention in the news and social media. Its widespread impact and rapid propagation shocked and scared people around the world. Concern was amplified by reports that it involved a stolen NSA exploit (EternalBlue). Existing Microso

Recently we’ve received a lot of interest from water and waste management facilities regarding our Unidirectional Security Gateway- which is making me wonder what’s brought this on?  Let’s look at the facts. The primary source for cyber risks in water and waste management facilities comes fro

The Ukraine power grid cyberattack continued to dominate cybersecurity news in February as various researchers reported findings from their investigations of the incident. In other news, researchers discovered sustained cyberattacks against Japan’s critical infrastructure, most likely perpetrated

The threat of terrorism is top of mind for many, and of increasing concern to those tasked with protecting industrial control systems (ICS). ISIS has issued threats against the North American electric grid, for example. While the cyber capability of ISIS is thus far unsophisticated, advanced attack