Welcome to the resources page! We have compiled a collection of useful information, tools, and resources to help you
Security product vendors sometimes make outrageous claims – in this article we look at cloud-rendezvous style remote access systems for OT networks and how they work. We debunk the most outrageous claims, we look at residual risk that we accept when deploying these systems, and we suggest circumstances where deploying these kinds of systems actually does make sense.
Waterfall’s latest 2024 Threat Report document credible attacks with physical consequences on industrial and critical infrastructures. Credible attacks not only inform defensive designs, but also help prioritize new investments in OT security.
IT teams newly responsible for OT security are often appalled with the results of an initial vulnerability assessment. “Patch everything! Patch it now!” is often the directive issued to engineering teams. The correct response to such a directive is “How likely is that to kill anyone?” Engineering teams cannot proceed with any change to a system until they have a clear understanding of the answer. And the answer is almost never “zero likelihood.”
Singapore has set in motion its vision for protecting critical national infrastructure and OT networks with its newly released 2024 OT Cybersecurity Masterplan.
Gary Southwell of Aria Cyber joins us on The Industrial Security Podcast as we have a look at using AI to get ahead of constantly-changing malware.
Outline comparing key differences between remote access used in an IT environment, and remote access solutions that cater to an industrial OT environment
Jack Bliss of 1898 & Co. has adapted the CIS Top-18 list for OT/industrial, adding a lot of industrial context and lists of related OT-centric tools and technology.
Almost 10 years ago, I managed to take control of every appliance in a 200-room hotel. I could raise the blinds in each room, change the TV channels, adjust the outside lighting, modify the temperature settings, and more. I had complete control. In the years since, to my surprise, the number one question I was asked wasn’t “How did you do it?” but rather “With the control you had, what’s the worst thing you could have done?”
The engineering profession has powerful tools to address physical risk, tools that should be applied to OT cyber risks much more routinely than they are today. For example: mechanical over-pressure relief valves prevent boilers from exploding for any reason, cyber attack or otherwise. These powerful tools are too often neglected for cyber threats because they have no analogue in IT security – they not even mentioned in most cybersecurity standards, regulations and advice.
