Webinar without auto template – Waterfall Security Solutions https://waterfall-security.com Unbreachable OT security, unlimited OT connectivity Tue, 24 Feb 2026 08:53:33 +0000 en-US hourly 1 https://wordpress.org/?v=6.9 https://waterfall-security.com/wp-content/uploads/2023/09/cropped-favicon2-2-32x32.png Webinar without auto template – Waterfall Security Solutions https://waterfall-security.com 32 32 Applying the New NCSC / CISA Guidance https://waterfall-security.com/ot-insights-center/ot-security-standards/applying-the-new-ncsc-cisa-guidance/ Tue, 20 Jan 2026 14:09:48 +0000 https://waterfall-security.com/?p=38228 The post Applying the New NCSC / CISA Guidance appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterOT security standardsApplying the New NCSC / CISA Guidance

Applying the New NCSC / CISA Guidance

8 principles for secure OT connectivity

New guidance from the UK NCSC, co-signed by CISA, BSI, Australia’s ACSC and others,  introduces significant updates for securing critical infrastructure.  

In this webinar we will review the 8 principles and dozens of sub-principles, while  introducing a simple grid for visualizing coverage. We apply the grid to network architectures typically seen in power generation, pipelines and passenger metros, evaluating the residual risk for each architecture in light of  this guidance. 

In this webinar, Andrew Ginter takes us through:

arrow red right
Aggressive patching for Internet-exposed and IT-exposed equipment.

arrow red right
Centralizing dangerous IT and Internet connectivity

arrow red right
Designing communications to simplify inspection

arrow red right
Hardening the IT/OT interface with hardware-enforced remote access and unidirectional technologies

arrow red right
Firewalled micro-segmentation to control lateral movement

arrow red right
“Browsing down” for engineering workstations

arrow red right
Managing “break-glass” accounts

arrow red right
New designs for unidirectional hardware in emergency islanding / isolation scenarios

About the Speaker

Picture of Andrew Ginter

Andrew Ginter

Andrew Ginter is the most widely-read author in the industrial security space, with over 35,000 copies of his three books in print. He is a trusted advisor to the world's most secure industrial enterprises, and contributes regularly to industrial cybersecurity standards and guidance.
Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post Applying the New NCSC / CISA Guidance appeared first on Waterfall Security Solutions.

]]> Bringing Engineering on Board and Resetting IT Expectations https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/bringing-engineering-on-board-and-resetting-it-expectations/ Thu, 25 Dec 2025 06:55:37 +0000 https://waterfall-security.com/?p=38132 In many organizations the relationship between IT/enterprise security and OT/engineering teams is dysfunctional. These teams work in the same organization, support the same mission, and even address many of the same threats, but when they sit down together it sounds like they need relationship counseling. Much has been written about the problem. Most of that writing misses the point, focusing on symptoms, not root causes. In this webinar we dig into causes, solutions and how to ask the right questions to guide the relationship into healthy cooperation.

The post Bringing Engineering on Board and Resetting IT Expectations appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterBringing Engineering on Board and Resetting IT Expectations

Bringing Engineering on Board and Resetting IT Expectations

Watch the webinar for a revealing deep dive into the real causes behind the dysfunctional relationship between IT security and OT engineering teams—and discover actionable strategies to build trust, alignment, and true cooperation.

In many organizations the relationship between IT/enterprise security and OT/engineering teams is dysfunctional. These teams work in the same organization, support the same mission, and even address many of the same threats, but when they sit down together it sounds like they need relationship counseling. Much has been written about the problem. Most of that writing misses the point, focusing on symptoms, not root causes. In this webinar we dig into causes, solutions and how to ask the right questions to guide the relationship into healthy cooperation.

In this webinar you will learn:

arrow red rightConsequence is one root cause of OT/IT differences – we cannot restore human lives and damaged equipment from backups

arrow red rightAnother root cause – we defeat OT sabotage with many of the same tools as we defeat IT espionage, but we must use those tools differently

arrow red rightWho manages OT equipment is less important than how that equipment is managed

arrow red rightWe need to avoid common mistakes regarding inertia, criticality, credibility, and consequences

About the Speaker

Picture of Andrew Ginter

Andrew Ginter

Andrew Ginter is the most widely-read author in the industrial security space, with over 35,000 copies of his three books in print. He is a trusted advisor to the world's most secure industrial enterprises, and contributes regularly to industrial cybersecurity standards and guidance.
Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post Bringing Engineering on Board and Resetting IT Expectations appeared first on Waterfall Security Solutions.

]]> Top 10 OT Cyber Attacks of 2025 https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/top-10-ot-cyber-attacks-of-2025/ Mon, 24 Nov 2025 12:40:42 +0000 https://waterfall-security.com/?p=37447 The post Top 10 OT Cyber Attacks of 2025 appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterTop 10 OT Cyber Attacks of 2025

Top 10 OT Cyber Attacks of 2025

In this webinar Andrew Ginter takes us through the most unusual and most consequential cyber attacks thus far in 2025 targeting critical infrastructures around the globe.

Watch the webinar for a comprehensive review of the cyber incidents that shaped the industrial landscape in 2025. We will analyze the year’s most disruptive attacks, breaking down the operational downtime, financial costs, and impacts on public safety. Beyond the damage reports, we will explore the specific targeting methods used by adversaries as documented in the public record. The session concludes with a first look at the preliminary findings from Waterfall’s highly anticipated 2026 OT Threat Report.

In the fading days of 2025, we look back at cyber attacks that impaired operations in heavy industry and critical industrial infrastructures in the year thus far. We look at:

arrow red rightThe most consequential incidents in terms of downtime and dollar cost

arrow red rightIncidents affecting public safety and infrastructures

arrow red rightWhat is in the public record about how these systems were targeted

About the Speaker

Picture of Andrew Ginter

Andrew Ginter

Andrew Ginter is the most widely-read author in the industrial security space, with over 35,000 copies of his three books in print. He is a trusted advisor to the world's most secure industrial enterprises, and contributes regularly to industrial cybersecurity standards and guidance.
Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post Top 10 OT Cyber Attacks of 2025 appeared first on Waterfall Security Solutions.

]]> Security by Design- The New Imperative for Rail Systems https://waterfall-security.com/ot-insights-center/transportation/security-by-design-the-new-imperative-for-rail-systems/ Tue, 04 Nov 2025 07:00:36 +0000 https://waterfall-security.com/?p=36880 The post Security by Design- The New Imperative for Rail Systems appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterTransportationSecurity by Design- The New Imperative for Rail Systems

Security by Design- The New Imperative for Rail Systems

An introduction to the UITP Report & Real-World Applications

Watch the webinar for an in-depth exploration of the UITP “Design for Security of Safety-Critical Systems” report — a groundbreaking framework for integrating cybersecurity into rail Safety Instrumented Systems (SIL 1–SIL 4) across their entire lifecycle. Aligned with the soon-to-be-published IEC 63452 and other key safety standards, this session will provide rail operators, suppliers, and cybersecurity professionals with practical insights on applying security-by-design principles to real-world challenges. Discover how industry leaders are addressing the intersection of safety and cybersecurity, the growing impact of AI-driven threats, and the new engineering principles shaping the future of secure rail systems.

In the webinar, attendees will come away understanding:

arrow red rightKey findings from the UITP report and their impact on rail safety and cybersecurity

arrow red rightReal-world insights from Waterfall Security, MTA and Alstom on implementing recommendations

arrow red rightOpen discussion on challenges, solutions, and best practices for embedding cybersecurity in safety-critical systems.

About the Speakers

Picture of Serge Van Themsche

Serge Van Themsche

Senior Consultant for Waterfall Security,
Co-Leader of the UITP Report

Picture of Eddy Thésée

Eddy Thésée

Vice President Digital & Cyber Platform at Alstom

Picture of Shea McKinney

Shea McKinney

Deputy Chief Information Security Officer OT at MTA,
Contributor to the UITP Report

Picture of Michael J. Wong

Michael J. Wong

Cybersecurity Director at MTA,
Contributor to the UITP Report

Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post Security by Design- The New Imperative for Rail Systems appeared first on Waterfall Security Solutions.

]]> Analyzing Recent NIS2 Regulations – OT security is changing https://waterfall-security.com/ot-insights-center/ot-security-standards/analyzing-recent-nis2-regulations-ot-security-is-changing/ Sun, 05 Oct 2025 07:16:29 +0000 https://waterfall-security.com/?p=36227 One EU nation after another is releasing new regulations for their energy infrastructures to comply with the NIS2 directive. Jørgen Hartig of SecuriOT in Denmark joins us to look at the recent Danish, Norwegian, Finnish and other rules.

The post Analyzing Recent NIS2 Regulations – OT security is changing appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterOT security standardsAnalyzing Recent NIS2 Regulations – OT security is changing

Analyzing Recent NIS2 Regulations – OT security is changing

Watch the webinar with SecuriOT for an in-depth look at the Recent NIS2 Regulations

One EU nation after another is releasing new regulations for their energy infrastructures to comply with the NIS2 directive. Jørgen Hartig of SecuriOT in Denmark joins us to look at the recent Danish, Norwegian, Finnish and other rules. We compare the rules to each other, to long-standing NERC CIP regulations in North America, and to the IEC 62443 cross-industry standards. And we dig into what’s new – consequence boundaries, OT/IT dependencies and more – and we look at what are the new concepts and ways of thinking that are at the core these new security measures.

Attendees will come away understanding:

arrow red right What are the rules, who do they apply to, and to what degree?

arrow red right What’s new – for example requirements for manual operations, spare parts, IT/OT data flow inventories, OT isolation and IT/OT dependencies?

arrow red right What are the unifying concepts underlying the new security requirements?

About the Speaker

Picture of Andrew Ginter

Andrew Ginter

Andrew Ginter is the most widely-read author in the industrial security space, with over 35,000 copies of his three books in print. He is a trusted advisor to the world's most secure industrial enterprises, and contributes regularly to industrial cybersecurity standards and guidance.
Picture of Jørgen Hartig

Jørgen Hartig

Jørgen Hartig (OT Security Specialist | Founder at SecuriOT) bring practical, hands-on experience to the complex challenges of operational technology (OT) security. Jørgen Hartig work closely with clients to ensure compliance with NIS2, IEC 62443, NIST CSF, etc., making sure that security strategies are not only compliant but also resilient, scalable, and tailored to the operational reality on the ground.

Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post Analyzing Recent NIS2 Regulations – OT security is changing appeared first on Waterfall Security Solutions.

]]> Risks, Rules & Gaps: The Latest on NIS2 and CRA https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/risks-rules-gaps-the-latest-on-nis2-and-cra/ Tue, 03 Jun 2025 09:05:07 +0000 https://waterfall-security.com/?p=32960 Watch the webinar where we’ll look at the latest developments in member state legislation to comply with NIS2 and CRA.

The post Risks, Rules & Gaps: The Latest on NIS2 and CRA appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterRisks, Rules & Gaps: The Latest on NIS2 and CRA

Risks, Rules & Gaps: The Latest on NIS2 and CRA

Watch the webinar for a look at the latest developments in member state legislation to comply with NIS2, and at how the Cyber Resilience Act (CRA) is affecting both industrial automation manufacturers as well as owners and operators in different kinds of industries.

With the NIS 2 Directive and the Cyber Resilience Act (CRA), cybersecurity requirements are increasing for critical infrastructures as well as industrial automation and other products in the European Union.

But the road to stronger requirements is not all smooth. While NIS 2 has been in force since 2023, some Member States have not yet transposed the Directive into national law, even though the deadline for transposition has already passed. And the national laws implementing NIS-2 differ in each Member State, though with NIS-2 there is minimum degree of harmonization.

Finally, while the new CRA contains new harmonized requirements for products with digital elements, there are corner cases that seem to make little sense, especially when applying CRA-compliant products to change-controlled critical infrastructures.

Watch the webinar featuring Christine Kiefer LL.M from Reusch Law and Andrew Ginter from Waterfall Security, to learn more about the latest developments in cybersecurity law in the European Union. 

Picture of Christine Kiefer

Christine Kiefer

Attorney-at-Law Christina Kiefer, LL.M. (Oslo) is a Senior Associate in the Digital Business Unit of reuschlaw in Saarbrücken, advising companies and public institutions on data protection and cybersecurity as well as IT and contract law.

Picture of Andrew Ginter

Andrew Ginter

Andrew Ginter is the most widely-read author in the industrial security space, with over 35,000 copies of his three books in print. He is a trusted advisor to the world's most secure industrial enterprises, and contributes regularly to industrial cybersecurity standards and guidance.
Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post Risks, Rules & Gaps: The Latest on NIS2 and CRA appeared first on Waterfall Security Solutions.

]]> Webinar: HERA – Hardware-Enforced Remote Access https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/webinar-hera-hardware-enforced-remote-access/ Tue, 16 Jul 2024 07:31:13 +0000 https://waterfall-security.com/?p=23774 Recorded webinar as we took a look at solutions enforced by dedicated hardware, and what benefits such solutions offer for OT security.

The post Webinar: HERA – Hardware-Enforced Remote Access appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterWebinar: HERA – Hardware-Enforced Remote Access

Webinar: HERA – Hardware-Enforced Remote Access

Watch now the webinar as we look at solutions that are enforced by dedicated hardware, and what benefits such solutions offer over comparable software-only solutions.

Software-based remote access — VPNs, 2FA, firewalls, jump hosts, and more all have vulnerabilities and potential zero-days that are exploited routinely by sophisticated threat actors. In this webinar, we look at problems with and attacks that breach conventional “secure” remote access, and we introduce Waterfall’s HERA — Hardware-Enforced Remote Access. With a layer of hardware-enforced protection, in addition to layers of software protection, HERA represents a material improvement in the security of remote access systems for OT networks, even at unattended sites. With strong client protections, TPM support, session recording, moderated access, moderated sessions, zero trust controls, and many other powerful features, HERA opens up a new era for protected remote access to critical networks.

Please watch our webinar to learn about problems with “secure” remote access and a new, powerful capability for safer remote access to OT systems.

In this webinar, Andrew Ginter takes us through:

arrow red right

What attacks have been breaching 2FA, VPNs and other conventional “secure” remote access solutions? What attacks have been breaching 2FA, VPNs and other conventional “secure” remote access solutions? What attacks have been breaching 2FA, VPNs and other conventional “secure” remote access solutions?

arrow red right

How are these attacks and risks neutralized by hardware enforcement?

arrow red right

How can HERA contribute to strong OT network segmentation and physical segmentation requirements?

arrow red right

And examples of how Hardware Enforced Remote Access would be used day-to-day in an industrial setting.

About the Speaker

Picture of Andrew Ginter

Andrew Ginter

VP Industrial Security at Waterfall Security Solutions

Picture of Greg Hale

Greg Hale

Editor/Founder at ISSSource and co-author of the annual Waterfall / ICS Strive Threat Report

Picture of Jim McGlone

Jim McGlone

CTO at Automation, Strategy & Performance and co-author of the highly-regarded Security PHA Review text

Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post Webinar: HERA – Hardware-Enforced Remote Access appeared first on Waterfall Security Solutions.

]]> Webinar: Engineering Cybersecurity Mitigations for Municipal Water Systems https://waterfall-security.com/ot-insights-center/water-wastewater/webinar-engineering-cybersecurity-mitigations-for-municipal-water-systems/ Sun, 19 May 2024 08:57:53 +0000 https://waterfall-security.com/?p=23014 Large water utilities are looking to gain efficiencies by adopting new distributed edge devices and digital transformation initiatives incorporating the latest machine learning and AI algorithms. Meanwhile, small to mid-size municipalities, are wanting to maintain their reliability without increasing their rate-base.

The post Webinar: Engineering Cybersecurity Mitigations for Municipal Water Systems appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterWater & WastewaterWebinar: Engineering Cybersecurity Mitigations for Municipal Water Systems

Webinar: Engineering Cybersecurity Mitigations for Municipal Water Systems

Join our webinar for a look at how municipal water systems are engineered to mitigate cybersecurity threats and risks.

Join us on June 18, 2024, 11AM Eastern Time

Engineering Cybersecurity Mitigations for Municipal Water Systems webinar

Large water utilities are looking to gain efficiencies by adopting new distributed edge devices and digital transformation initiatives incorporating the latest machine learning and AI algorithms. Meanwhile, small to mid-size municipalities, are wanting to maintain their reliability without increasing their rate-base. Yet, a worsening threat environment looms over North American and European operators. Increasingly sophisticated criminal ransomware, hacktivist, and nation-state actors have penetrated water utilities – without yet causing severe consequences. Nevertheless, the fact is that attacks have reached into critical networks and are nearly doubling year-over-year.

In this webinar, Mariano Martín Tirado, a Tech Leader at Acciona, and Rees Machtemes, Waterfall's Director of Industrial Security – passionate engineers with decades of combined industry experience – discuss:

arrow red right The latest incidents and trends impacting the Water industry.

arrow red right Recent developments in the field of engineering-grade mitigations to cyber risks that apply to Water & Wastewater operations.

arrow red right Strategies to protect water distribution and collection control systems.

arrow red right Opportunities to boost municipal cyber security for water systems through the purchasing and procurement process.

arrow red right Enabling the digital transformation of municipal water systems in the most secure way.

Join us on June 18th, to look at the latest and most powerful techniques for assuring safety, reliability, and efficiency in a world of ever-increasing cyber threats.

About the Speakers

Picture of Mariano Martín Tirado

Mariano Martín Tirado

Mariano is an advanced IT and OT expert with years of experience in Electrical engineering, communication networks, customised software and hardware solutions, and the application of new technology in the industrial sector. He is the technical leader responsible for the digitalization, technology and circular economy department at Acciona for water and wastewater treatment. He is passionate about using his expertise to drive innovation and to make a difference in the future of our planet. He holds degrees in both computer engineering from the college Innovation Luis Vives and in political science from the Complutense University of Madrid.

Picture of Rees Machtemes, P.Eng.

Rees Machtemes, P.Eng.

Rees Machtemes is a Director of Industrial Security at Waterfall Security Solutions, and the lead researcher for Waterfall’s 2024 Threat Report. He is a professional engineer with 15 years of hands-on experience with both IT and OT systems. Rees has designed power generation and transmission substations, automated food and beverage plant, audited and tested private and government telecom solutions, and supported IT data centers and OT hardware vendors. This experience has led him to champion cyber-safe systems design and architecture.

An obsessive tinkerer and problem-solver, you’ll often spot him next to a soldering station, mechanic’s toolbox, or stack of UNIX servers. He holds a B.Sc. in Electrical Engineering from the University of Alberta.

Share

Register Now

The post Webinar: Engineering Cybersecurity Mitigations for Municipal Water Systems appeared first on Waterfall Security Solutions.

]]> Webinar: Cyber-securing Safety and Equipment Protection Systems in Mining https://waterfall-security.com/ot-insights-center/metals-mining/webinar-cyber-securing-safety-and-equipment-protection-systems-in-mining/ Wed, 01 May 2024 08:16:00 +0000 https://waterfall-security.com/?p=22600 Safety is the top priority in almost all mines, and reliable, efficient physical operations are close seconds. Cybersecurity is essential to these priorities,

The post Webinar: Cyber-securing Safety and Equipment Protection Systems in Mining appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterMetals & MiningWebinar: Cyber-securing Safety and Equipment Protection Systems in Mining

Webinar: Cyber-securing Safety and Equipment Protection Systems in Mining

Join us on May 29th, with 2 live webinar sessions at 9:00 AM Singapore time, and 11:00 AM New York time.

Cyber-securing Safety and Equipment Protection Systems in Mining

Safety is the top priority in almost all mines, and reliable, efficient physical operations are close seconds. Cybersecurity is essential to all these priorities, in a world where automation is remotely accessible and where many mines are the targets of threats from sophisticated ransomware criminals to nation states. In addition, the trend towards cloud computing and cloud-based predictive maintenance services complicates cybersecurity and expands attack opportunities.

The good news is that Cyber-Informed Engineering (CIE) offers a new engineering-friendly approach to understanding and addressing cyber threats that have the potential to impair worker safety and damage long-lead-time equipment.

Join our webinar on Wednesday May 29th where we'll look at:

arrow red right The latest cyberattack outage data as we introduce CIE and dig into consequences, blind spots, electro-mechanical mitigations, and network engineering. 

arrow red right Comparing engineering-grade designs to IT-grade designs such as “secure” remote access and “secure” by design initiatives – these IT-grade approaches work well for small shoe factories, but have serious limitations in the most consequential mining networks.

arrow red right We’ll finish with a look at advanced topics – such as data abstraction for safer cloud-based remote control of mining operations.

 

About the Speaker

Picture of Andrew Ginter, Waterfall VP Industrial Security

Andrew Ginter, Waterfall VP Industrial Security

Andrew Ginter is the most widely-read author in the industrial security space, with over 20,000 copies of his first two books in print. He is a trusted advisor to the world's most secure industrial enterprises, and contributes regularly to industrial cybersecurity standards and guidance.

Share

Register Now

The post Webinar: Cyber-securing Safety and Equipment Protection Systems in Mining appeared first on Waterfall Security Solutions.

]]> Recorded Webinar: Engineering-Grade IEC 62443 – A Guide For Power Generation https://waterfall-security.com/ot-insights-center/power/recorded-webinar-engineering-grade-iec-62443-a-guide-for-power-generation/ Tue, 02 Apr 2024 12:59:11 +0000 https://waterfall-security.com/?p=21689 The Cyber-Informed Engineering (CIE) initiative, funded by the US Department of Energy, is a new way to look at IEC 62443 – a perspective that clears up a lot of confusion.

The post Recorded Webinar: Engineering-Grade IEC 62443 – A Guide For Power Generation appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterPowerRecorded Webinar: Engineering-Grade IEC 62443 – A Guide For Power Generation

Recorded Webinar: Engineering-Grade IEC 62443 – A Guide For Power Generation

Webinar Recording: An in-depth look at the IEC 62443 standard, IEC 62443-3-2 risk assessments, and why would we need 62443-4-2 certified components for power generation operations.

Picture of Waterfall team

Waterfall team

Recorded webinar about IEC 62443 for Power Generation

IEC 62443 is used widely in power generation, but some aspects of the standard are ambiguous, and others are easily confused.

The Cyber-Informed Engineering (CIE) initiative, funded by the US Department of Energy, is a new way to look at IEC 62443 – a perspective that clears up a lot of confusion.

In this webinar recording, Andrew Ginter guides us through the intricacies of IEC 62443 for power generation, seen through the lens of CIE

In this recorded webinar, Andrew took us through:

arrow red right What are the IEC 62443 standards and which ones apply to power generation?

arrow red right How can CIE help IEC 62443-3-2 risk assessments determine Security Level targets?

arrow red right How can engineering-grade mitigations eliminate cyber threats, in addition to IEC 62443-3-3 mitigations?

arrow red right What kind of extra protection do we get from 62443-4-2 certified components?


Watch Now:

Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post Recorded Webinar: Engineering-Grade IEC 62443 – A Guide For Power Generation appeared first on Waterfall Security Solutions.

]]>