Expert Impressions of Cyber-Informed Engineering
I recently had opportunity to ask experts @Marc Sachs, @Sarah Fluchs and @Aaron Crow about their experience with the new Cyber-Informed Engineering (CIE) initiative.
November 27, 2024
Content Category: Blog
Welcome to the resources page! We have compiled a collection of useful information, tools, and resources to help you
TSA NOPR for Pipelines, Rail & Bussing – Enhancing Surface Cyber Risk Management
The TSA Notice of Proposed Rulemaking for Enhancing Surface Cyber Risk Management is out. This is the long-awaited regulation that replaces the temporary security directives issued after the Colonial Pipeline incident.
November 26, 2024
Saudi Arabia Strengthens National Cyber Posture with OT Cybersecurity Controls Regulations
Saudi Arabia’s National Cybersecurity Authority (NCA) has fulfilled the strategic priority of updating cybersecurity guidance from 2018 to include cutting edge measures to protect national critical infrastructure and industrial sites from cyberattacks.
November 20, 2024
Why I Wrote Power Generation OT Security: Applying and Interpreting ISA/IEC 62443 Standards
Power generation is a critical sector facing unique cybersecurity challenges. However, as I researched, it became clear that no document existed to bridge the gap between the general, industry-agnostic ISA/IEC 62443 standards and the specific needs of power generation facilities. In response, I decided to write this ebook.
November 19, 2024
Ireland Makes OT Security Top Priority
Ireland’s NCSC has taken a very positive first step in protecting its national critical infrastructure and OT systems by addressing the essential characteristics that make OT networks different, encouraging engineering-based principles and tasks to effectively mitigate the risk of physical consequences of compromise.
November 18, 2024
Cloud-Rendezvous-Style OT Remote Access: Residual Risk
Security product vendors sometimes make outrageous claims – in this article we look at cloud-rendezvous style remote access systems for OT networks and how they work. We debunk the most outrageous claims, we look at residual risk that we accept when deploying these systems, and we suggest circumstances where deploying these kinds of systems actually does make sense.
October 14, 2024
The 2024 Threat Report: Prioritizing Cyber Security Spending
Waterfall’s latest 2024 Threat Report document credible attacks with physical consequences on industrial and critical infrastructures. Credible attacks not only inform defensive designs, but also help prioritize new investments in OT security.
September 29, 2024
How Likely Is That To Kill Anyone?
IT teams newly responsible for OT security are often appalled with the results of an initial vulnerability assessment. “Patch everything! Patch it now!” is often the directive issued to engineering teams. The correct response to such a directive is “How likely is that to kill anyone?” Engineering teams cannot proceed with any change to a system until they have a clear understanding of the answer. And the answer is almost never “zero likelihood.”
September 26, 2024
The Singapore OT Cybersecurity Masterplan
Singapore has set in motion its vision for protecting critical national infrastructure and OT networks with its newly released 2024 OT Cybersecurity Masterplan.
September 16, 2024
IT Remote Access VS. OT Remote Access
Outline comparing key differences between remote access used in an IT environment, and remote access solutions that cater to an industrial OT environment
September 1, 2024
