
Why Understanding OT Attacks Is Important
We can debate whether threats are credible and whether we should spend money and effort addressing credible residual risks, but to debate any of that, we must first understand the attacks.
Welcome to the resources page! We have compiled a collection of useful information, tools, and resources to help you
We can debate whether threats are credible and whether we should spend money and effort addressing credible residual risks, but to debate any of that, we must first understand the attacks.
One of the most significant vulnerabilities when it comes to OT security for critical infrastructure are the risks posed by the use of remote access into OT.
The standard answer to this questions is “The Consequence Boundary”…but which kind of consequences are we talking about? And aren’t there different levels of consequence? We help define these to answer the question.
Get up to speed on key trends and strategies in industrial security with Andrew Ginter’s favorite webinars of 2024,
Sit back and enjoy Andrew Ginter’s top 3 picks from 2024’s Industrial Security Podcast series.
Spoiler Alert: Yes, investing in OT security is very much “worth it”. It helps prevent financial losses, operational disruptions, and compliance penalties far exceeding initial costs. The average ROI can reach up to 400%, ensuring both protection and operational continuity.
I recently had opportunity to ask experts @Marc Sachs, @Sarah Fluchs and @Aaron Crow about their experience with the new Cyber-Informed Engineering (CIE) initiative.
The TSA Notice of Proposed Rulemaking for Enhancing Surface Cyber Risk Management is out. This is the long-awaited regulation that replaces the temporary security directives issued after the Colonial Pipeline incident.
Saudi Arabia’s National Cybersecurity Authority (NCA) has fulfilled the strategic priority of updating cybersecurity guidance from 2018 to include cutting edge measures to protect national critical infrastructure and industrial sites from cyberattacks.
Power generation is a critical sector facing unique cybersecurity challenges. However, as I researched, it became clear that no document existed to bridge the gap between the general, industry-agnostic ISA/IEC 62443 standards and the specific needs of power generation facilities. In response, I decided to write this ebook.