engineering grade – Waterfall Security Solutions https://waterfall-security.com Unbreachable OT security, unlimited OT connectivity Tue, 25 Nov 2025 08:55:17 +0000 en-US hourly 1 https://wordpress.org/?v=6.9.4 https://waterfall-security.com/wp-content/uploads/2023/09/cropped-favicon2-2-32x32.png engineering grade – Waterfall Security Solutions https://waterfall-security.com 32 32 IT Remote Access VS. OT Remote Access https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/it-remote-access-vs-ot-remote-access/ Sun, 01 Sep 2024 12:48:55 +0000 https://waterfall-security.com/?p=26760 Outline comparing key differences between remote access used in an IT environment, and remote access solutions that cater to an industrial OT environment

The post IT Remote Access VS. OT Remote Access appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterOT security standardsIT Remote Access VS. OT Remote Access

IT Remote Access VS. OT Remote Access

An outline and comparison of the key differences between remote access used in an IT environment, and remote access solutions that cater to an industrial OT environment.
Picture of Waterfall team

Waterfall team

IT remote access vs OT remote access

When it comes to Remote Access, pretty much all available solutions deliver a very similar user experience. The user logs in and accesses another computer or device. But when we look a bit deeper, there are some very deep variations that come into consideration, especially when it comes to cybersecurity. The purpose and goals of remote access vary greatly between different uses and the acceptable levels of security.

In one of our previous blog posts, HERA Under the Hood, we covered how HERA works by explaining its technical functions and tasks. Here, we are going to outline how HERA is used and all the ways it differs from common IT Remote Access solutions.

“The purpose and goals of remote access vary greatly between different uses and the acceptable levels of security.”

Environment and Criticality

For IT Remote Access: Typically involves accessing corporate networks, applications, and data. Downtime or breaches can affect business operations, and can be costly, but usually have no impact when it comes to physical safety.

For OT Remote Access: Involves accessing industrial control systems (ICS), SCADA systems, and other critical infrastructure. Downtime or breaches can lead to significant physical and safety risks, including potential harm to people and equipment. There is very little “margin-of-error” as anything that might trigger a shutdown, even as a precaution, will have a very public and far-reaching impact.

Network Architecture

For IT Remote Access: Often involves flat network architectures and usually uses technologies like VPNs and remote desktop protocols (RDP).

For OT Remote Access: Requires segmented and isolated networks to prevent cross-contamination. Utilizes unidirectional gateways, secure remote access appliances, and proprietary protocols purpose-build and designed for OT environments.

>>Want to learn more? Talk to an expert >>

Security Focus

For IT Remote Access: Focus is on data security, confidentiality, and integrity. Primarily protecting against data breaches and unauthorized access.

For OT Remote Access: Emphasizes availability, reliability, and safety of physical processes. Protects against disruptions that could impact operational continuity and physical safety.

Update and Patch Management

For IT Remote Access: Regularly scheduled updates and patches are common.

For OT Remote Access: Patching can be more complex and infrequent due to the need for continuous operations and the critical nature of the systems.

Compliance and Standards

For IT Remote Access: Governed by standards such as ISO/IEC 27001, GDPR, and HIPAA.

For OT Remote Access: Governed by standards such as IEC 62443, NERC CIP, and NIST SP 800-82.

Technology and Tools

For IT Remote Access: Uses commercial off-the-shelf (COTS) solutions like VPNs, remote desktop services, and cloud-based remote access tools.

For OT Remote Access: Often requires specialized solutions tailored for industrial environments, such as industrial VPNs, secure remote access hardware appliances and unidirectional security gateways.

While the final result with both OT and IT remote access is a functional way of accessing a workstation remotely, the pathway to each one is of dramatically different considerations, and priorities. The goal of IT cybersecurity is to protect sensitive information from getting OUT, while OT cybersecurity protects sensitive equipment by not allowing anything IN.

When it comes to protecting OT remote access, no one offers the robust protections that HERA delivers. Read more about Hardware Enforced Remote Access (HERA)

Talk to an expert to learn more

About the author
Picture of Waterfall team

Waterfall team

Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post IT Remote Access VS. OT Remote Access appeared first on Waterfall Security Solutions.

]]> Webinar: Industry-Specific 62443 Insights for Power Generation https://waterfall-security.com/ot-insights-center/power/webinar-industry-specific-62443-insights-for-power-generation/ Thu, 29 Aug 2024 08:04:22 +0000 https://waterfall-security.com/?p=26656 An in-depth webinar that goes beyond the buzzwords and provides practical, industry-specific guidance on applying the ISA/IEC 62443 standards to safeguard critical power infrastructure

The post Webinar: Industry-Specific 62443 Insights for Power Generation appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterPowerWebinar: Industry-Specific 62443 Insights for Power Generation

Webinar: Industry-Specific 62443 Insights for Power Generation

Watch the webinar for an in-depth session that goes beyond the buzzwords and provides practical, industry-specific guidance on applying the ISA/IEC 62443 standards to safeguard critical power infrastructure

The ISA/IEC 62443 standards provide a robust framework for enhancing cybersecurity across various industries, yet interpreting the standards in power generation presents unique challenges and opportunities.

Whether you’re a cybersecurity professional, OT engineer, or industry leader, watch the webinar recording for an in-depth webinar that goes beyond the buzzwords and provides practical, industry-specific guidance on applying the ISA/IEC 62443 standards to safeguard critical power infrastructure.

In this webinar, Dr. Jesus Molina takes us through:

arrow red right Decoding the complexities of 62443: Gain a clear understanding of the standards, their structure, and how they apply to power generation

arrow red right Navigating the implementation challenges: Learn how to address the unique needs of safety-critical and equipment protection sub-networks.

arrow red right Adopting a consequence-driven approach: Discover how to conduct effective risk assessments that account for high-impact, low-probability scenarios.

arrow red right Architect secure networks: Implement zoning and interconnected structures that enhance OT resilience.

arrow red right Strengthen defenses beyond SL4: Explore engineering-grade controls to complement cybersecurity measures and reduce reliance on expensive SL4 classifications.

About the Speaker

Picture of Dr. Jesus Molina

Dr. Jesus Molina

Jesus Molina is Waterfall’s Director of Industrial Security. He is a security expert in both OT and IT security. A former hacker, his research on offensive security in industrial systems has been echoed by many publications and media, including Wired and NPR. Mr. Molina has acted as chair of several security organizations, including the Trusted Computing Group and the IoT Internet Consortium. He is the co-writer of the Industrial Internet Security Framework and the author of several security-related patents and academic research papers. Mr. Molina holds a M.S. and a Ph.D from the University of Maryland.

Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post Webinar: Industry-Specific 62443 Insights for Power Generation appeared first on Waterfall Security Solutions.

]]> Recorded Webinar: The NIS2 Directive: A Guide for OT Professionals https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/recorded-webinar-the-nis2-directive-a-guide-for-ot-professionals/ Thu, 18 Jan 2024 12:16:08 +0000 https://waterfall-security.com/?p=18007 Dr Jesus Molina takes us on an in-depth 2 on the European NIS2 Directive, it's timeline, what it will entail, and who needs to comply.

The post Recorded Webinar: The NIS2 Directive: A Guide for OT Professionals appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterOT security standardsRecorded Webinar: The NIS2 Directive: A Guide for OT Professionals

Recorded Webinar: The NIS2 Directive: A Guide for OT Professionals

In this recorded webinar, we take an in-depth look at the European NIS2 Directive and help explain the timeline for its rollout, who needs to comply, and what compliance with the directive will most likely look like.
Picture of Waterfall team

Waterfall team

NIS2 Recorded Webinar

Some of the highlights we discussed about NIS2:

arrow red right  From NIS to NIS2: Tracing the journey of how the NIS was transposed into law and highlighting the novelties introduced in NIS2.

arrow red right NIS2 Deep Dive: We explain the NIS2 Directive’s implications for OT cybersecurity.

arrow red right Real-World Applications: How to apply NIS2 guidelines in diverse OT scenarios, using IEC63452 and NCCS as examples.

arrow red right Risk Management Strategies: Examples of effective strategies to mitigate risks in OT environments, ensuring compliance with NIS2.

 

Dr. Molina also discussed the timelines of the NIS2 Directive’s rollout, and what needs to be completed by each deadline in order to be compliant.NIS2 Directive timeline

Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post Recorded Webinar: The NIS2 Directive: A Guide for OT Professionals appeared first on Waterfall Security Solutions.

]]> Recorded Webinar: The Top 10 OT/ICS Cyberattacks of 2023 https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/recorded-webinar-the-top-10-ot-ics-cyberattacks-of-2023/ Thu, 14 Dec 2023 13:03:19 +0000 https://waterfall-security.com/?p=14768 For those of us who live and breathe OT or ICS cybersecurity, what better way to end the year than with an in-depth look at the most novel, notorious and impactful cyber incidents on critical infrastructure, industrial controls systems, and physical operations around the globe.

The post Recorded Webinar: The Top 10 OT/ICS Cyberattacks of 2023 appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterOT security standardsRecorded Webinar: The Top 10 OT/ICS Cyberattacks of 2023

Recorded Webinar: The Top 10 OT/ICS Cyberattacks of 2023

In this webinar recording, we take an in-depth look at the most novel, notorious, and impactful cyber incidents of 2023 on critical infrastructure around the globe.
Picture of Waterfall team

Waterfall team

Top 10 Cyberattacks 2023 Webinar Recording

As 2023 winds down, it’s only natural to take stock of what’s happened and plan to make things better in the next year.

For those of us who live and breathe OT or ICS cybersecurity, what better way to end the year than with an in-depth look at the most novel, notorious and impactful cyber incidents on critical infrastructure, industrial controls systems, and physical operations around the globe.

In this webinar, Rees Machtemes takes us through:

arrow red right What happened in 2023?

arrow red right How did this year’s incidents compare with the past?

arrow red right What does this tell us about what we expect in the near future?

Rees then expands upon and explains some of this past year’s developments in regards to the best ways to prevent such OT/ICS related incidents from happening in 2024 and onward.

Watch Now>>

Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post Recorded Webinar: The Top 10 OT/ICS Cyberattacks of 2023 appeared first on Waterfall Security Solutions.

]]> Recorded Webinar: Engineering-Grade OT Security: A Manager’s Guide https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/recorded-webinar-engineering-grade-ot-security-a-managers-guide/ Thu, 02 Nov 2023 08:21:40 +0000 https://waterfall-security.com/?p=13565 In the webinar, we discuss engineering-grade OT security, a new model for cyber risk, and how to decide how much security is needed for different types of systems.

The post Recorded Webinar: Engineering-Grade OT Security: A Manager’s Guide appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterOT security standardsRecorded Webinar: Engineering-Grade OT Security: A Manager’s Guide

Recorded Webinar: Engineering-Grade OT Security: A Manager’s Guide

We had a great webinar with a nice turnout. We discussed Engineering-grade OT security, which is a new model for addressing cyber risk, and how to decide how much security is needed for different systems.
Picture of Waterfall team

Waterfall team

Andrew Ginter new book recorded webinar

In this webinar, we announced my new book Engineering-Grade OT Security: A manager’s guide, and got into the details of the question posed in the book:  “How much is enough?” when a cyber attacks that can impact physical operations.

The answer to that question very much depends on consequences – small shoe factories are not at all the same as a passenger rail switching systems.

Some topics of the book we discussed included:

arrow red right Engineering-grade protections that are unique to the OT space, mainly drawn from safety engineering,

arrow red right Network engineering techniques to prevent attacks from pivoting into safety-critical or reliability-critical systems.

arrow red right A new model for cyber risk that makes it easier to answer the question “how much is enough?” for different kinds of systems.

And we finished off by answering that key question head-on. We looked at legal and professional obligations that dictate where engineering-grade and where IT-grade solutions must be used. We walked through how to decide how much engineering-grade, IT-grade and even insurance-type protections are justified for different types of threats – network-based vs. insider vs. supply chain vs. removable media.

We also looked at how to communicate these decisions through layers of management where messages might otherwise get lost or misinterpreted.

Watch Now>>

Want to get your advanced copy of Andrew Ginter’s new book?
>>Click here to get your copy

Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post Recorded Webinar: Engineering-Grade OT Security: A Manager’s Guide appeared first on Waterfall Security Solutions.

]]> Network Engineering | Recorded Webinar https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/network-engineering-recorded-webinar/ https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/network-engineering-recorded-webinar/#comments Mon, 23 Oct 2023 13:32:36 +0000 https://waterfall-security.com/?p=13401 In the webinar, I introduced network engineering in the context of Cyber-Informed Engineering (CIE) with useful examples.

The post Network Engineering | Recorded Webinar appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterOT security standardsNetwork Engineering | Recorded Webinar

Network Engineering | Recorded Webinar

We had a great webinar with a nice turnout. The topic was how the digital transformation of the Electric Utilities industry is unleashed once engineering-grade cybersecurity is able to protect in the industrial systems.
Picture of Waterfall team

Waterfall team

Network Engineering Recorded Webinar

In the webinar, I introduced network engineering in the context of Cyber-Informed Engineering (CIE) with examples including:

  • Consequence boundaries
  • The EPRI IIoT methodology
  • Analog signalling
  • Unidirectional gateways
  • IT/OT dependencies
  • Data abstraction
 

Listen in >>

Engineering-grade solutions are deterministic and predictable. Cyber-Informed Engineering (CIE) is exploring safety engineering, protection engineering and other engineering approaches to addressing cyber risk, in addition to traditional cybersecurity approaches.

Network engineering is a collection of techniques that lies at the boundary between security engineering and cybersecurity, and is needed whenever worst-case consequences of cyber compromise are unacceptable.

Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post Network Engineering | Recorded Webinar appeared first on Waterfall Security Solutions.

]]> https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/network-engineering-recorded-webinar/feed/ 2 Engineering Grade Protection for Data Center OT Systems https://waterfall-security.com/ot-insights-center/facilities/engineering-grade-protection-for-data-center-ot-systems/ Thu, 14 Sep 2023 09:15:51 +0000 https://waterfall-security.com/?p=11222 Uptime is a very important Key Performance Indicator (KPI) for data centers, and the physical infrastructures in data centers are essential to uptime – electric power systems, backup power, fire suppression, physical access control, cooling and more.

The post Engineering Grade Protection for Data Center OT Systems appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterFacilitiesEngineering Grade Protection for Data Center OT Systems

Engineering Grade Protection for Data Center OT Systems

Protecting Data Centers From Industrial OT Threats
Picture of Andrew Ginter

Andrew Ginter

Engineering Grade Protection for Data Center OT Systems by Andrew Ginter, VP Industrial Security

Uptime is a very important Key Performance Indicator (KPI) for data centers, and the physical infrastructures in data centers are essential to uptime – electric power systems, backup power, fire suppression, physical access control, cooling and more. Managing cybersecurity for these infrastructures is different from managing security for information systems – while problems with a new software version or security update can be “backed out” to preserve uptime, damaged high-voltage transformers and cavitation damage to cooling systems cannot be restored from backups.

Cyber-Informed Engineering

This means that the physical infrastructure of data centers is more of an engineering domain than an information processing domain. While the engineering profession has been criticized for being slow to embrace cybersecurity risks and solutions, a new initiative is changing that. The Cyber-Informed Engineering (CIE) initiative at the Idaho National Laboratory is (1) working to make the engineering profession much more aware of cybersecurity issues and solutions and (2) working to apply powerful engineering techniques to cyber risks – techniques and technologies that have historically been used to address only physical threats. For example – mechanical vibration sensors electrically connected to a large cooler’s cut-off switch can be used as a last-resort safety system, protecting cooling systems from damage. Large cooling systems that move liquids risk cavitation damage if they are operated at too high a speed. A mechanical fail-safe eliminates the risk of damage to the cooler when a cyber attack both mis-operates the cooler and disables the cyber safeties designed to protect the cooler from damage.

Network Engineering

Network engineering is part of this new CIE initiative. Network engineering uses engineering-grade protections to prevent cyber attacks from entering data center OT networks in the first place. This is important because data centers are all about uptime and reliability. In the cooler example above, what happens when mechanical fail-safes engage to protect the cooler? Things shut down – the infrastructure that is essential to continuous data center operations is shut down to protect it from damage. It is a good thing that engineering-grade measures prevent threats to worker safety and equipment damage. But if we want our uptime preserved, we need more. We need to prevent cyber attacks from entering OT networks in the first place and triggering these fail-safe shut-downs.

While network engineering includes a number of engineering-grade tools for the prevention of cyber attacks from entering OT networks, the most widely-applicable tool is the unidirectional gateway. The gateways are deployed at consequence boundaries – connections between networks with physical consequences vs. networks with only business consequences. In data centers, the gateways are deployed most commonly at IT/OT interfaces. Unlike software firewalls, hardware-enforced unidirectional gateways provide engineering-grade unidirectionality – OT data is copied to IT networks in real time, with zero risk that cyber attacks (like ransomware) from IT can penetrate through the gateways back into OT networks to put uptime at risk, or to put the physical equipment that is essential to uptime at risk.

“…hardware-enforced unidirectional gateways provide engineering-grade unidirectionality – OT data is copied to IT networks in real time, with zero risk that cyber attacks from IT can penetrate through the gateways back into OT networks.”

The World Is Changing

Data centers are changing the world, and the world is changing around data centers. Environmental and climate concerns are driving change to the design of computers, power systems, power supplies, cooling systems and many other aspects of data centers. Concerns about the rapid increase in cyber attacks with OT / physical consequences are driving a push towards engineering-grade protections for worker safety, for equipment protection, and for network protection in OT systems. Data center owners and operators are responding to all of these changes – because reducing environmental impacts and reducing cyber threats to uptime are both essential to competitiveness in a very demanding industry. The increased use of unidirectional gateway technology is a reflection of the latter trend – at the junction of engineering and cybersecurity.
Get your complimentary copy now
Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post Engineering Grade Protection for Data Center OT Systems appeared first on Waterfall Security Solutions.

]]>