OT Insights Center
Welcome to OT Insights Center
We have compiled a collection of useful information, tools, and resources to help you find the information you are looking for.
Power 
Oil & Gas 
Water & Wastewater 
Manufacturing 
Facilities 
Transportation 
Metals & Mining 
Government and Defense 
Blog
Saudi Arabia Strengthens National Cyber Posture with OT Cybersecurity Controls Regulations
Saudi Arabia’s National Cybersecurity Authority (NCA) has fulfilled the strategic priority of updating cybersecurity guidance from 2018 to include cutting edge measures to protect national critical infrastructure and industrial sites from cyberattacks....
Blog
Why I Wrote Power Generation OT Security: Applying and Interpreting ISA/IEC 62443 Standards
Power generation is a critical sector facing unique cybersecurity challenges. However, as I researched, it became clear that no document existed to bridge the gap between the general, industry-agnostic ISA/IEC 62443 standards and the specific needs of power generation facilities. In response, I decided to write this ebook....
Podcast
Driving Change – Cloud Systems and Japanese CCE | Episode 132
Tomomi Ayoyama translated the book Countering Cyber Sabotage - Consequence-Driven, Cyber-Informed Engineering - to Japanese. Tomomi recalls the effort of translating CCE to Japanese and looks forward to applying CCE and OT security principles to industrial cloud systems at Cognite....
Blog
Ireland Makes OT Security Top Priority
Ireland’s NCSC has taken a very positive first step in protecting its national critical infrastructure and OT systems by addressing the essential characteristics that make OT networks different, encouraging engineering-based principles and tasks to effectively mitigate the risk of physical consequences of compromise....
Webinar
Webinar: Evolving Global OT Cyber Guidelines, Recent Developments and What is Driving it
Join us on November 27, 2024, at 12 PM EST for a look into the recent evolution of OT security standards...
Blog
Cloud-Rendezvous-Style OT Remote Access: Residual Risk
Security product vendors sometimes make outrageous claims - in this article we look at cloud-rendezvous style remote access systems for OT networks and how they work. We debunk the most outrageous claims, we look at residual risk that we accept when deploying these systems, and we suggest circumstances where deploying these kinds of systems actually does make sense....
Trending posts
Stay up to date
Subscribe to our blog and receive insights straight to your inbox
Blog
Saudi Arabia Strengthens National Cyber Posture with OT Cybersecurity Controls Regulations
Saudi Arabia’s National Cybersecurity Authority (NCA) has fulfilled the strategic priority of updating cybersecurity guidance from 2018 to include cutting edge measures to protect national critical infrastructure and industrial sites from cyberattacks....
Blog
Why I Wrote Power Generation OT Security: Applying and Interpreting ISA/IEC 62443 Standards
Power generation is a critical sector facing unique cybersecurity challenges. However, as I researched, it became clear that no document existed to bridge the gap between the general, industry-agnostic ISA/IEC 62443 standards and the specific needs of power generation facilities. In response, I decided to write this ebook....
Blog
Ireland Makes OT Security Top Priority
Ireland’s NCSC has taken a very positive first step in protecting its national critical infrastructure and OT systems by addressing the essential characteristics that make OT networks different, encouraging engineering-based principles and tasks to effectively mitigate the risk of physical consequences of compromise....
Blog
Cloud-Rendezvous-Style OT Remote Access: Residual Risk
Security product vendors sometimes make outrageous claims - in this article we look at cloud-rendezvous style remote access systems for OT networks and how they work. We debunk the most outrageous claims, we look at residual risk that we accept when deploying these systems, and we suggest circumstances where deploying these kinds of systems actually does make sense....
Blog
The 2024 Threat Report: Prioritizing Cyber Security Spending
Waterfall’s latest 2024 Threat Report document credible attacks with physical consequences on industrial and critical infrastructures. Credible attacks not only inform defensive designs, but also help prioritize new investments in OT security....
Blog
How Likely Is That To Kill Anyone?
IT teams newly responsible for OT security are often appalled with the results of an initial vulnerability assessment. “Patch everything! Patch it now!” is often the directive issued to engineering teams. The correct response to such a directive is “How likely is that to kill anyone?” Engineering teams cannot proceed with any change to a system until they have a clear understanding of the answer. And the answer is almost never “zero likelihood.”...
Trending posts
Hitting Tens of Thousands of Vehicles At Once | Episode 131
September 26, 2024
The Singapore OT Cybersecurity Masterplan
September 16, 2024
Stay up to date
Subscribe to our blog and receive insights straight to your inbox
Books and eBooks
eBook: Cybersecurity in Power Generation – Applying and Interpreting ISA/IEC 62443 Standards
Books and eBooks
BMS Use-Case eBook: Impenetrable Cyber Defense for Data Center Infrastructure
This eBook explores the best-practices for protecting the BMS (Building Management System) from internet-based cyberattacks and similar threats. Get your copy today...
Books and eBooks
2024 Threat Report – OT Cyberattacks with Physical Consequences
Report on 68 cyberattacks that caused physical consequences to industrial control systems (ICS) and Operational Technology (OT) in 2023 that are in public records....
Books and eBooks
eBook: Unidirectional Security Gateways for Government Networks
The cyber threat environment is getting worse, and our adversaries are developing more powerful attack tools. Government agencies need to increase automation and network connectivity to maintain strategic military, governance, and economic advantages....
Books and eBooks
Engineering-grade OT Security – A Manager’s Guide
Waterfall is pleased to make free copies of the book available to qualified practitioners when the book releases. Request your copy now...
Trending posts
AI Takes on Polymorphic Malware | Episode 130
September 10, 2024
IT Remote Access VS. OT Remote Access
September 1, 2024
Webinar: Industry-Specific 62443 Insights for Power Generation
August 29, 2024
Stay up to date
Subscribe to our blog and receive insights straight to your inbox
Case studies
Cybersecurity for Government Networks
Securing a classified/high-security network with a Unidirectional Security Gateway, ensuring continuous and secure cross-domain data flow, while preventing sensitive data from leaking into or being exfiltrated from external, low-security/unclassified networks....
Case studies
UAE Based Oil & Gas Refinery
How a UAE-based refinery was able to protect their legacy system to the extent it could safely be connected to the internet, IT networks, and the Cloud....
Case studies
Securing a European TSO
Protecting a regional Transmission System Operator (TSO) in Europe from outside cyber threats....
Case studies
Cybersecurity for LNG Ports
Protect liquefied natural gas (LNG) infrastructure from external cyber threats while complying with local cybersecurity regulations....
Case studies
Unidirectional Protection For Railway Signaling Networks
Enabling 100% secure remote monitoring of rail signaling and control networks, enabling SOC and corporate IT systems with secure visibility into signaling networks....
Case studies
Enabling The Digital Refinery
Protecting critical equipment of a highly sensitive petrochemicals processing plant, while improving production performance with real-time, actionable, and predictive analytics....
Trending posts
New Resource: Adapting IT Advice for OT | Episode 129
August 25, 2024
Cybersecurity Approaches Unique to OT Security
August 15, 2024
Stay up to date
Subscribe to our blog and receive insights straight to your inbox
Infographic
Checklist: 9 Best Practices to Safeguard Upstream Oil & Gas Operations from Cyber Attacks
Upstream Oil & Gas production has a unique range of threats and risks to consider when compared to other industrial operations. Our checklist infographic takes a dive into what to consider and secure when it comes to Upstream operations....
Infographic
Top 10 Cyberattacks of 2023
2023 saw an uptick of cyberattacks across many industries. Our infographic focuses on cyberattacks in 2023 that impacted industrial operations, specifically Operational Technology (OT) and Industrial Controls Systems (ICS) that are commonly used within critical and important infrastructure....
Infographic
Ransomware Attack on Data Center Infrastructure (Infographic)
Learn how legacy approaches for Data Center infrastructure protection still leave critical networks exposed to attacks....
Infographic
Oil and Gas Cyber Attacks
What cyber crime threats to oil & gas infrastructures are top of mind for government and business leaders?...
Trending posts
Hardware-Enforced Remote Access (HERA) – Under the Hood
July 17, 2024
Webinar: HERA – Hardware-Enforced Remote Access
July 16, 2024
Stay up to date
Subscribe to our blog and receive insights straight to your inbox
Podcast
Driving Change – Cloud Systems and Japanese CCE | Episode 132
Tomomi Ayoyama translated the book Countering Cyber Sabotage - Consequence-Driven, Cyber-Informed Engineering - to Japanese. Tomomi recalls the effort of translating CCE to Japanese and looks forward to applying CCE and OT security principles to industrial cloud systems at Cognite....
Podcast
Hitting Tens of Thousands of Vehicles At Once | Episode 131
Compromise a cloud service and tens thousands of vehicles can be affected all at once. Matt MacKinnon of Upstream Security walks us through the world of cloud security for connected vehicles, transport trucks, tractors, and other "stuff that moves."...
Podcast
AI Takes on Polymorphic Malware | Episode 130
Gary Southwell of Aria Cyber joins us on The Industrial Security Podcast as we have a look at using AI to get ahead of constantly-changing malware....
Podcast
New Resource: Adapting IT Advice for OT | Episode 129
Jack Bliss of 1898 & Co. has adapted the CIS Top-18 list for OT/industrial, adding a lot of industrial context and lists of related OT-centric tools and technology....
Podcast
Their Own Rail System, Water Treatment, and More | Episode 128
Airports are like small cities. Eric Vautier, CISO of all 3 Paris airports looks at WHAT is an airport and how are thousands of airports changing their cybersecurity because of NIS2 and the regulatory environment....
Podcast
Rapid Recovery After an Attack | Episode 127
Ransomware is the most common cyber attack causing OT outages - all Windows machines encrypted. What if we could "press a button" and have everything working again in seconds or minutes? Alex Yevtushenko of Salvador Technologies joins us to look at new technology for rapid recovery....
Trending posts
Stay up to date
Subscribe to our blog and receive insights straight to your inbox
Video
Webinar: Navigating OT Remote Access – Technologies, Limitations, and the Latest Recommendations
Join us for an insightful webinar as we delve into the rapidly evolving landscape of OT remote access. With the surge in remote access to OT networks, industrial operations and critical infrastructures are under pressure to enhance their security measures....
Video
Webinar: Industry-Specific 62443 Insights for Power Generation
An in-depth webinar that goes beyond the buzzwords and provides practical, industry-specific guidance on applying the ISA/IEC 62443 standards to safeguard critical power infrastructure...
Video
Webinar: HERA – Hardware-Enforced Remote Access
Recorded webinar as we took a look at solutions enforced by dedicated hardware, and what benefits such solutions offer for OT security....
Video
Webinar Recording: Engineering Cybersecurity Mitigations for Municipal Water Systems
Mariano Martín Tirado, from Acciona, and Rees Machtemes, from Waterfall, discuss the risks and threat environment that Water Utilities face and how to counter against them....
Video
Webinar Recording: Cyber-securing Safety and Equipment Protection Systems in Mining
Cyber-Informed Engineering (CIE) offers a new engineering-friendly approach to understanding and addressing cyber threats that have the potential to impair worker safety and damage long-lead-time equipment in Mining & Metals operations....
Video
Webinar Recording: Cyber Attacks with Physical Consequences – 2024 Threat Report
Webinar recording of a deep dive into the details of OT cyberattacks from our 2024 Threat Report....
Trending posts
Stay up to date
Subscribe to our blog and receive insights straight to your inbox
