Expert Impressions of Cyber-Informed Engineering
I recently had opportunity to ask experts @Marc Sachs, @Sarah Fluchs and @Aaron Crow about their experience with the new Cyber-Informed Engineering (CIE) initiative.
November 27, 2024
Author: Andrew Ginter
Welcome to the resources page! We have compiled a collection of useful information, tools, and resources to help you
TSA NOPR for Pipelines, Rail & Bussing – Enhancing Surface Cyber Risk Management
The TSA Notice of Proposed Rulemaking for Enhancing Surface Cyber Risk Management is out. This is the long-awaited regulation that replaces the temporary security directives issued after the Colonial Pipeline incident.
November 26, 2024
Webinar: Evolving Global OT Cyber Guidelines, Recent Developments and What is Driving it
Watch the webinar for a look into the recent evolution of OT security standards
November 6, 2024
Cloud-Rendezvous-Style OT Remote Access: Residual Risk
Security product vendors sometimes make outrageous claims – in this article we look at cloud-rendezvous style remote access systems for OT networks and how they work. We debunk the most outrageous claims, we look at residual risk that we accept when deploying these systems, and we suggest circumstances where deploying these kinds of systems actually does make sense.
October 14, 2024
Webinar: Navigating OT Remote Access – Technologies, Limitations, and the Latest Recommendations
Watch for an insightful webinar as we delve into the rapidly evolving landscape of OT remote access. With the surge in remote access to OT networks, industrial operations and critical infrastructures are under pressure to enhance their security measures.
October 8, 2024
How Likely Is That To Kill Anyone?
IT teams newly responsible for OT security are often appalled with the results of an initial vulnerability assessment. “Patch everything! Patch it now!” is often the directive issued to engineering teams. The correct response to such a directive is “How likely is that to kill anyone?” Engineering teams cannot proceed with any change to a system until they have a clear understanding of the answer. And the answer is almost never “zero likelihood.”
September 26, 2024
Cybersecurity Approaches Unique to OT Security
The engineering profession has powerful tools to address physical risk, tools that should be applied to OT cyber risks much more routinely than they are today. For example: mechanical over-pressure relief valves prevent boilers from exploding for any reason, cyber attack or otherwise. These powerful tools are too often neglected for cyber threats because they have no analogue in IT security – they not even mentioned in most cybersecurity standards, regulations and advice.
August 15, 2024
Hardware-Enforced Remote Access (HERA) – Under the Hood
Waterfall’s HERA is a true interactive OT remote access with unidirectional protection for OT. How does it work?
July 17, 2024
Remote Access Vulnerabilities and a Hardware-Enforced Solution
Remote access for OT is vital for maintaining efficiencies, troubleshooting, and is also important for retaining remote workers. But most remote access solutions pose a range of security risks. We introduce HERA – Hardware-Enforced Remote Access – as a safer alternative.
July 16, 2024
Upstream / Midstream / Downstream Cyber Attacks – Dependency Analysis
It turns out that there are really only three ways that ransomware can shut down OT networks and physical operations: “abundance of caution” shutdowns, OT dependencies on IT systems and services, and ransomware impacting OT networks and systems directly.
July 9, 2024
