Webinar – Waterfall Security Solutions

Top 10 OT Cyber Attacks of 2025

Andrew Ginter — Mon, 24 Nov 2025 12:40:42 +0000

OT Insights CenterTop 10 OT Cyber Attacks of 2025

Top 10 OT Cyber Attacks of 2025

In this webinar Andrew Ginter takes us through the most unusual and most consequential cyber attacks thus far in 2025 targeting critical infrastructures around the globe.

Join us on December 18, 2025 | 12 PM New York Time

Join us for a comprehensive review of the cyber incidents that shaped the industrial landscape in 2025. We will analyze the year’s most disruptive attacks, breaking down the operational downtime, financial costs, and impacts on public safety. Beyond the damage reports, we will explore the specific targeting methods used by adversaries as documented in the public record. The session concludes with a first look at the preliminary findings from Waterfall’s highly anticipated 2026 OT Threat Report.

In the fading days of 2025, we look back at cyber attacks that impaired operations in heavy industry and critical industrial infrastructures in the year thus far. We look at:

The most consequential incidents in terms of downtime and dollar cost

Incidents affecting public safety and infrastructures

What is in the public record about how these systems were targeted

About the Speaker

Andrew Ginter

Andrew Ginter is the most widely-read author in the industrial security space, with over 23,000 copies of his three books in print. He is a trusted advisor to the world's most secure industrial enterprises, and contributes regularly to industrial cybersecurity standards and guidance.

Register Now

The post Top 10 OT Cyber Attacks of 2025 appeared first on Waterfall Security Solutions.

Security by Design- The New Imperative for Rail Systems

Waterfall team — Tue, 04 Nov 2025 07:00:36 +0000

OT Insights Center TransportationSecurity by Design- The New Imperative for Rail Systems

Security by Design- The New Imperative for Rail Systems

An introduction to the UITP Report & Real-World Applications

Watch the webinar for an in-depth exploration of the UITP “Design for Security of Safety-Critical Systems” report — a groundbreaking framework for integrating cybersecurity into rail Safety Instrumented Systems (SIL 1–SIL 4) across their entire lifecycle. Aligned with the soon-to-be-published IEC 63452 and other key safety standards, this session will provide rail operators, suppliers, and cybersecurity professionals with practical insights on applying security-by-design principles to real-world challenges. Discover how industry leaders are addressing the intersection of safety and cybersecurity, the growing impact of AI-driven threats, and the new engineering principles shaping the future of secure rail systems.

In the webinar, attendees will come away understanding:

Key findings from the UITP report and their impact on rail safety and cybersecurity

Real-world insights from Waterfall Security, MTA and Alstom on implementing recommendations

Open discussion on challenges, solutions, and best practices for embedding cybersecurity in safety-critical systems.

About the Speakers

Serge Van Themsche

Senior Consultant for Waterfall Security,
Co-Leader of the UITP Report

Eddy Thésée

Vice President Digital & Cyber Platform at Alstom

Shea McKinney

Deputy Chief Information Security Officer OT at MTA,
Contributor to the UITP Report

Michael J. Wong

Cybersecurity Director at MTA,
Contributor to the UITP Report

Hardware Hacking – Essential OT Attack Knowledge – Episode 145

November 26, 2025

Top 10 OT Cyber Attacks of 2025

November 24, 2025

Cyber Threats to the Manufacturing Industry: Risks, Impact, and Protection Strategies

November 11, 2025

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

The post Security by Design- The New Imperative for Rail Systems appeared first on Waterfall Security Solutions.

Analyzing Recent NIS2 Regulations – OT security is changing

Andrew Ginter — Sun, 05 Oct 2025 07:16:29 +0000

OT Insights Center OT security standardsAnalyzing Recent NIS2 Regulations – OT security is changing

Analyzing Recent NIS2 Regulations – OT security is changing

Watch the webinar with SecuriOT for an in-depth look at the Recent NIS2 Regulations

One EU nation after another is releasing new regulations for their energy infrastructures to comply with the NIS2 directive. Jørgen Hartig of SecuriOT in Denmark joins us to look at the recent Danish, Norwegian, Finnish and other rules. We compare the rules to each other, to long-standing NERC CIP regulations in North America, and to the IEC 62443 cross-industry standards. And we dig into what’s new – consequence boundaries, OT/IT dependencies and more – and we look at what are the new concepts and ways of thinking that are at the core these new security measures.

Attendees will come away understanding:

What are the rules, who do they apply to, and to what degree?

What’s new – for example requirements for manual operations, spare parts, IT/OT data flow inventories, OT isolation and IT/OT dependencies?

What are the unifying concepts underlying the new security requirements?

About the Speaker

Andrew Ginter

Jørgen Hartig

Jørgen Hartig (OT Security Specialist | Founder at SecuriOT) bring practical, hands-on experience to the complex challenges of operational technology (OT) security. Jørgen Hartig work closely with clients to ensure compliance with NIS2, IEC 62443, NIST CSF, etc., making sure that security strategies are not only compliant but also resilient, scalable, and tailored to the operational reality on the ground.

Top Oil and Gas Security Challenges and Best Practices for Protection

November 11, 2025

Data Diode vs Firewall: Understanding the Key Differences in OT Security

November 4, 2025

Security by Design- The New Imperative for Rail Systems

November 4, 2025

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

The post Analyzing Recent NIS2 Regulations – OT security is changing appeared first on Waterfall Security Solutions.

Remoting Into Renewables – the latest guidelines for secure remote access applied to renewables generation

Andrew Ginter — Thu, 28 Aug 2025 12:03:00 +0000

OT Insights Center PowerRemoting Into Renewables – the latest guidelines for secure remote access applied to renewables generation

Remoting Into Renewables – the latest guidelines for secure remote access applied to renewables generation

Watch the webinar to learn how secure access can enhance both safety and performance in renewable energy operations.

As renewable energy continues to dominate new power generation projects across North America and the EU, organizations must find ways to support remote operations without compromising cybersecurity. Wind and solar sites, often remote and digitally connected, demand secure access solutions that meet both operational and regulatory needs.

This webinar explores how energy leaders are balancing efficiency with cyber resilience. We’ll cover the latest guidance from CISA, CCCS, and others, with a spotlight on hardware-enforced, unidirectional remote access, now widely recommended for high-consequence OT environments.

Whether you're planning a new facility or optimizing an existing one, you'll gain insights into:

The business impact of secure remote access

Safe, scalable deployment strategies

Aligning cybersecurity with operational goals

Real-world adoption: how renewables operators are deploying these technologies today.

About the Speakers

Andrew Ginter

Lior Frenkel

With more than 20 years of hardware and software research and development experience, Mr. Frenkel leads Waterfall Security with extensive business and management expertise. As part of his thought leadership and contribution for the industry, Lior serves as member of management at Israeli High-Tech Association (HTA), of the Manufacturers’ Association of Israel and Chairman of the Cyber Forum of HTA.

Cybersecurity Risk Assessment for Public Transport OT Environments: A Practical Guide

October 30, 2025

Managing Risk with Digital Twins – What Do We Do Next? – Episode 144

October 20, 2025

IT & OT Relationship Management

October 20, 2025

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

The post Remoting Into Renewables – the latest guidelines for secure remote access applied to renewables generation appeared first on Waterfall Security Solutions.

The Top 10 OT-Capable Malware: What We’ve Learned and What Comes Next

Andrew Ginter — Sun, 20 Jul 2025 18:36:58 +0000

OT Insights CenterThe Top 10 OT-Capable Malware: What We’ve Learned and What Comes Next

The Top 10 OT-Capable Malware: What We’ve Learned and What Comes Next

Watch the webinar for an in-depth look at the data behind how OT-capable malware has changed over the last 15 years, what's driving this change and how our defenses should evolve to tackle these threats.

In 2024 alone, researchers discovered as many new OT-capable malware families (3) as were found in the previous six years combined—each with the potential to disrupt physical operations in ICS and OT environments. Altogether, in the past 15 years, 10 OT-capable malware were found in the wild.

What’s driving this sudden surge? Who’s behind these threats (none of which, by the way, use AI yet)? And how should our defenses evolve to keep pace with these changing threats?

In this webinar Andrew Ginter takes us through:

Look at the data from the ‘Top 10 ICS/OT-Capable Malware’ since 2010

Compare ransomware-grade OT malware with nation-state-grade OT malware

Examine the differences between autonomous and remote-control malware

Dig deeper into how AI can enable a new wave of autonomous malware in the near future

About the Speaker

Andrew Ginter

Analyzing Recent NIS2 Regulations – OT security is changing

October 5, 2025

Doing the Math – Remote Access at Wind Farms

September 22, 2025

I don’t sign s**t – Episode 143

September 10, 2025

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

The post The Top 10 OT-Capable Malware: What We’ve Learned and What Comes Next appeared first on Waterfall Security Solutions.

13 Ways to Break a Firewall (and alternatives for OT security)

Andrew Ginter — Wed, 25 Jun 2025 10:06:43 +0000

OT Insights Center13 Ways to Break a Firewall (and alternatives for OT security)

13 Ways to Break a Firewall (and alternatives for OT security)

Firewalls are a go-to for OT security—but how much protection do they really offer? In this webinar, we explore 13+ real-world attack scenarios that defeat firewalls, show where firewalls fall short, and share smarter, stronger alternatives for securing industrial systems.

Firewalls are almost always the second technical step taken to secure
industrial / OT automation systems. But how much security do firewalls impart?

One way to compare the strength of different defensive technologies and designs is to compare the attacks those designs defeat reliably, vs the attacks they do not defeat. In this presentation, we look at firewalls, at attacks that defeat firewalls, and at mitigations, compensating measures and alternatives for and to firewalls.

And yes, the number “13” is a lucky ‘marketing’ number. We will in fact touch on closer to 18 or 19 kinds of attacks/scenarios.

In this webinar Andrew Ginter takes us through:

Which types of cyberattacks firewalls can and can’t stop in industrial environments

Real-world examples of firewall failures

Practical alternatives that strengthen OT security when firewalls fall short

About the Speaker

Andrew Ginter

Secure Industrial Remote Access Solutions

August 28, 2025

Remoting Into Renewables – the latest guidelines for secure remote access applied to renewables generation

August 28, 2025

NIS2 and the Cyber Resilience Act (CRA) – Episode 142

August 18, 2025

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

The post 13 Ways to Break a Firewall (and alternatives for OT security) appeared first on Waterfall Security Solutions.

Risks, Rules & Gaps: The Latest on NIS2 and CRA

Andrew Ginter — Tue, 03 Jun 2025 09:05:07 +0000

OT Insights CenterRisks, Rules & Gaps: The Latest on NIS2 and CRA

Risks, Rules & Gaps: The Latest on NIS2 and CRA

Watch the webinar for a look at the latest developments in member state legislation to comply with NIS2, and at how the Cyber Resilience Act (CRA) is affecting both industrial automation manufacturers as well as owners and operators in different kinds of industries.

With the NIS 2 Directive and the Cyber Resilience Act (CRA), cybersecurity requirements are increasing for critical infrastructures as well as industrial automation and other products in the European Union.

But the road to stronger requirements is not all smooth. While NIS 2 has been in force since 2023, some Member States have not yet transposed the Directive into national law, even though the deadline for transposition has already passed. And the national laws implementing NIS-2 differ in each Member State, though with NIS-2 there is minimum degree of harmonization.

Finally, while the new CRA contains new harmonized requirements for products with digital elements, there are corner cases that seem to make little sense, especially when applying CRA-compliant products to change-controlled critical infrastructures.

Watch the webinar featuring Christine Kiefer LL.M from Reusch Law and Andrew Ginter from Waterfall Security, to learn more about the latest developments in cybersecurity law in the European Union.

Christine Kiefer

Attorney-at-Law Christina Kiefer, LL.M. (Oslo) is a Senior Associate in the Digital Business Unit of reuschlaw in Saarbrücken, advising companies and public institutions on data protection and cybersecurity as well as IT and contract law.

Andrew Ginter

SCADA Security Fundamentals

August 14, 2025

What is OT Network Monitoring?

August 14, 2025

What Is ICS (Industrial Control System) Security?

August 14, 2025

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

The post Risks, Rules & Gaps: The Latest on NIS2 and CRA appeared first on Waterfall Security Solutions.

Safety-Critical Clouds in Power Generation – 7 Designs Using Cyber-Informed Engineering

Andrew Ginter — Sun, 27 Apr 2025 08:19:51 +0000

OT Insights CenterSafety-Critical Clouds in Power Generation – 7 Designs Using Cyber-Informed Engineering

Safety-Critical Clouds in Power Generation – 7 Designs Using Cyber-Informed Engineering

The industrial internet is coming. Reap almost all the benefits with almost none of the risks.

The Industrial Internet of Things (IIoT) is the future of automation in power generation and many other industries. The IIoT promises huge gains in efficiency and flexibility, with cloud-based systems and decision-making at the heart of these gains. Today, even safety-critical and critical-infrastructure (CI) decision-making is moving steadily out into the cloud.

But safety-critical and CI systems deserve engineering-grade cybersecurity. So, how can we provide this for Internet-based clouds?

Watch the webinar where we will look at the problem from the perspective of the new Cyber-Informed Engineering (CIE) initiative and dig into 7 design patterns for different kinds of safety-critical, cloud-based systems.

In this webinar Andrew Ginter takes us through:

Review the limitations of traditional IT-grade cyber protections for cloud systems.

Explore seven engineering-grade designs for protecting safety-critical and reliability-critical clouds.

Propose design principles for evaluating critical cloud designs.

For practitioners in power generation, OT security, or other critical infrastructures, this is an opportunity to explore two leading edges: the Industrial Internet (future of automation) and CIE (future of OT security).

We hope you can watch the webinar.

About the Speaker

Andrew Ginter

Network Duct Tape – Episode 141

August 13, 2025

Credibility, not Likelihood – Episode 140

August 6, 2025

Rethinking Secure Remote Access for Industrial and OT Networks

August 6, 2025

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

The post Safety-Critical Clouds in Power Generation – 7 Designs Using Cyber-Informed Engineering appeared first on Waterfall Security Solutions.

Building a Game Plan for OT Remote Access

Andrew Ginter — Mon, 17 Mar 2025 09:39:41 +0000

OT Insights CenterBuilding a Game Plan for OT Remote Access

Building a Game Plan for OT Remote Access

Watch the webinar where we’ll provide an overview of the current landscape of OT remote access solutions and help you make the right decision for your OT network.

OT remote access is seen as essential for many industries – partly to save costs, and partly because physical travel to very distant substations, compressor stations, mine sites, and other physical assets is difficult, time-consuming, and sometimes even dangerous.

The problem is that there is a bewildering variety of OT remote access solutions out there, with different kinds of needs in different kinds of industries and use cases.

In this webinar Andrew Ginter takes us through:

Provide an overview of the current landscape of solutions and needs.
Recommend a decision process – how to gather critical information, the steps required to make informed decisions in a specific order.
Provide examples of the decision process across various industries and contexts – from municipal utilities to backbone / heavy infrastructure to manufacturing and building automation.

Watch the webinar as we "fly low and fast" - in 60 minutes see all the options in one place, and where and why each one makes sense, with concrete examples.

Andrew Ginter

Unidirectional vs Bidirectional: Complete Integration Guide

July 30, 2025

The Top 10 OT-Capable Malware: What We’ve Learned and What Comes Next

July 20, 2025

13 Ways to Break a Firewall

July 16, 2025

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

The post Building a Game Plan for OT Remote Access appeared first on Waterfall Security Solutions.

Unpacking the 2025 OT Cyber Threat Report

Andrew Ginter — Wed, 26 Feb 2025 09:31:45 +0000

OT Insights CenterUnpacking the 2025 OT Cyber Threat Report

Unpacking the 2025 OT Cyber Threat Report

Watch the webinar where we’ll dive deep into the findings of the most credible report in the OT Security industry.

In 2024, there was 146% increase in the number of sites impacted by cyberattacks targeting heavy industry.

The Waterfall Threat Report 2025 brings you comprehensive, verifiable data on cyber attacks that makes it the most trusted resource in the field.

Watch the webinar and join Greg Hale, Editor of ISSSource and Co-founder of ICS Strive, and Andrew Ginter, VP of Industrial Security at Waterfall, as they talk us through today’s threat landscape.

In this webinar Andrew Ginter and Greg Hale take us through:

Discover the latest cybersecurity trends: From nation-state attacks to the explosion of ICS-capable malware, the report uncovers critical patterns.

Understand the shifting landscape: New incident disclosure rules may be hindering transparency, not helping it. Learn why.

Hear directly from the experts: Greg Hale, Editor of ISSSource and Co-founder of ICS Strive, alongside Andrew Ginter, VP of Industrial Security at Waterfall, will guide you through the most pressing findings.

About the speakers

Andrew Ginter

Greg Hale

Greg Hale is the founder and editor of Industrial Safety and Security Source (ISSSource.com), the website focused on sharing Safety and Security news in the manufacturing automation sector. Prior to starting up ISSSource.com 12 years ago, he was the chief editor of InTech magazine for more than 10 years

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

The post Unpacking the 2025 OT Cyber Threat Report appeared first on Waterfall Security Solutions.

Webinar – Waterfall Security Solutions

Top 10 OT Cyber Attacks of 2025

Top 10 OT Cyber Attacks of 2025

In this webinar Andrew Ginter takes us through the most unusual and most consequential cyber attacks thus far in 2025 targeting critical infrastructures around the globe.

In the fading days of 2025, we look back at cyber attacks that impaired operations in heavy industry and critical industrial infrastructures in the year thus far. We look at:

About the Speaker

Andrew Ginter

Register Now

Share

Security by Design- The New Imperative for Rail Systems

Security by Design- The New Imperative for Rail Systems

An introduction to the UITP Report & Real-World Applications

In the webinar, attendees will come away understanding:

About the Speakers

Serge Van Themsche

Eddy Thésée

Shea McKinney

Michael J. Wong

Share

Trending posts

Stay up to date

Tags

Analyzing Recent NIS2 Regulations – OT security is changing

Analyzing Recent NIS2 Regulations – OT security is changing

Watch the webinar with SecuriOT for an in-depth look at the Recent NIS2 Regulations

Attendees will come away understanding:

About the Speaker

Andrew Ginter

Jørgen Hartig

Share

Trending posts

Stay up to date

Tags

Remoting Into Renewables – the latest guidelines for secure remote access applied to renewables generation

Remoting Into Renewables – the latest guidelines for secure remote access applied to renewables generation

Watch the webinar to learn how secure access can enhance both safety and performance in renewable energy operations.

Whether you're planning a new facility or optimizing an existing one, you'll gain insights into:

About the Speakers

Andrew Ginter

Lior Frenkel

Share

Trending posts

Stay up to date

Tags

The Top 10 OT-Capable Malware: What We’ve Learned and What Comes Next

The Top 10 OT-Capable Malware: What We’ve Learned and What Comes Next

Watch the webinar for an in-depth look at the data behind how OT-capable malware has changed over the last 15 years, what's driving this change and how our defenses should evolve to tackle these threats.

In this webinar Andrew Ginter takes us through:

About the Speaker

Andrew Ginter

Share

Trending posts

Stay up to date

Tags

13 Ways to Break a Firewall (and alternatives for OT security)

13 Ways to Break a Firewall (and alternatives for OT security)

Firewalls are a go-to for OT security—but how much protection do they really offer? In this webinar, we explore 13+ real-world attack scenarios that defeat firewalls, show where firewalls fall short, and share smarter, stronger alternatives for securing industrial systems.

In this webinar Andrew Ginter takes us through:

About the Speaker

Andrew Ginter

Share

Trending posts

Stay up to date

Tags

Risks, Rules & Gaps: The Latest on NIS2 and CRA

Risks, Rules & Gaps: The Latest on NIS2 and CRA

Watch the webinar for a look at the latest developments in member state legislation to comply with NIS2, and at how the Cyber Resilience Act (CRA) is affecting both industrial automation manufacturers as well as owners and operators in different kinds of industries.

Christine Kiefer

Andrew Ginter

Share

Trending posts

Stay up to date

Tags

Safety-Critical Clouds in Power Generation – 7 Designs Using Cyber-Informed Engineering

Safety-Critical Clouds in Power Generation – 7 Designs Using Cyber-Informed Engineering

The industrial internet is coming. Reap almost all the benefits with almost none of the risks.

In this webinar Andrew Ginter takes us through:

About the Speaker

Andrew Ginter

Share