Waterfall is the OT Security Company – our newsletter highlights the latest podcasts, articles, and whitepapers relevant to secure industrial sites. We invite you to sign up below to stay current with the latest advanced OT security topics.

Latest news from waterfall

WannaCry – Lessons for Industrial Companies

 Guest blog The recent WannaCry/WannaCrypt, attacks received global attention in the news and social media. Its widespread impact and rapid propagation shocked and scared people around the world. Concern was amplified by reports that it involved a stolen NSA exploit (EternalBlue). Existing Microsoft patches for the underlying SMB vulnerability gave some comfort, but only those with new and updated Windows systems. The impact on business was particularly noteworthy. Operations were disrupted in parts of the British National Health System, Spain’s Telefonica, FedEx, Deutsche Bahn, LATAM airlines, and Renault-Nissan, which had to stop production at several plants. While there were no

More »
The Concept of Physical Enforcement of Cybersecurity Functions

A short while back, I was asked to speak at an event held by The Cyber Resilient Energy Delivery Consortium (CREDC), a research and development initiative funded by the U.S. Department of Energy. Its research focuses on cybersecurity and cyber-resiliency of energy delivery systems for the electric power and oil & gas industries. I’d like to share here a part of my contribution to this forum. The future of combined software and hardware cybersecurity products seems to be fertile ground. While software-based cybersecurity measures such as firewalls and cryptosystems have been around for the past 30 years, hardware-enforced security is

More »
Using Physics to Protect Industrial Devices Against Hacking

Guest Blog To the non-expert, cyber security can look tantalizingly simple: Just put a guard in front of your stuff and use it to keep the bad guys out. This observation tracks closely with the non-computing analogy of facility entry guards, a favorite comparison brought up during coffee at Board dinners: Guards control who enters the building,we are told, so security gateways should do the same for networks. The problem is that things are not so simple. Take the TCP protocol as an example: For a server to authenticate a client through a gateway, a session must first be established,

More »