ics – Waterfall Security Solutions

Webinar: 2026 OT Cyber Threat Report

Waterfall team — Wed, 25 Mar 2026 15:30:57 +0000

OT Insights CenterWebinar: 2026 OT Cyber Threat Report

Webinar: 2026 OT Cyber Threat Report

Watch now - on demand!

In 2025, 57 cyber attacks caused real-world damage in heavy industry, world-wide. This is a 25% drop from 2024, but that’s the tip of the iceberg

Most of this reduction is because of temporary factors affecting ransomware attacks. Nation-state and hacktivist attacks doubled, with most attacks targeting critical infrastructures.

This is the only industry report focused exclusively on verified cyber incidents with physical consequences. The data set is public, all the incidents we use are included in the report’s appendix with links to public news reports

Highlighted attacks include:

Jaguar / LandRover – the most costly production shutdown in a decade,
Colins Aerospace – a crippled software system caused flight cancellations and delays for weeks – highlighting the need for rapid recovery or manual fall-backs for critical systems operated and managed by third parties,
Grounded and mis-directed ships – again highlighted the need for multiple independent checks on important external inputs, such as GPS signals, and
Polish distributed generation – a near miss because the lights stayed on, an example of the Russian nation state targeting European critical infrastructures, and a cautionary tale about “bricking” control equipment.

Join Greg Hale of ICS Strive and Andrew Ginter of Waterfall Security as they explore what lies beneath all of 2025's OT breaches with physical consequences.

Key Takeaways:

Record-breaking costs of consequences

What is behind the drop in ransomware attacks

Key defensive developments of 2025, in light of these threats

About the Speaker

Waterfall team

Stream it Now

The post Webinar: 2026 OT Cyber Threat Report appeared first on Waterfall Security Solutions.

Webinar: 2026 OT Cyber Threat Report

Andrew Ginter — Wed, 25 Feb 2026 11:01:05 +0000

OT Insights CenterWebinar: 2026 OT Cyber Threat Report

Webinar: 2026 OT Cyber Threat Report

Watch now - on demand!

In 2025, 57 cyber attacks caused real-world damage in heavy industry, world-wide. This is a 25% drop from 2024, but that’s the tip of the iceberg

Most of this reduction is because of temporary factors affecting ransomware attacks. Nation-state and hacktivist attacks doubled, with most attacks targeting critical infrastructures.

Highlighted attacks include:

Jaguar / LandRover – the most costly production shutdown in a decade,
Colins Aerospace – a crippled software system caused flight cancellations and delays for weeks – highlighting the need for rapid recovery or manual fall-backs for critical systems operated and managed by third parties,
Grounded and mis-directed ships – again highlighted the need for multiple independent checks on important external inputs, such as GPS signals, and
Polish distributed generation – a near miss because the lights stayed on, an example of the Russian nation state targeting European critical infrastructures, and a cautionary tale about “bricking” control equipment.

Join Greg Hale of ICS Strive and Andrew Ginter of Waterfall Security as they explore what lies beneath all of 2025's OT breaches with physical consequences.

Key Takeaways:

Record-breaking costs of consequences

What is behind the drop in ransomware attacks

Key defensive developments of 2025, in light of these threats

About the Speaker

Andrew Ginter

Andrew Ginter is the most widely-read author in the industrial security space, with over 35,000 copies of his three books in print. He is a trusted advisor to the world's most secure industrial enterprises, and contributes regularly to industrial cybersecurity standards and guidance.

Watch Now

The post Webinar: 2026 OT Cyber Threat Report appeared first on Waterfall Security Solutions.

What Is Industrial Control System Software?

Waterfall team — Wed, 16 Jul 2025 11:13:53 +0000

OT Insights CenterWhat Is Industrial Control System Software?

What Is Industrial Control System Software?

Whether you’re an engineer looking to deepen your understanding, a business leader evaluating automation investments, or simply curious about the technology that powers our industrial landscape, this comprehensive guide will walk you through everything you need to know about industrial control system software — from its fundamental components and core functionalities to the latest trends shaping its future.

Waterfall team

July 16, 2025

Understanding Industrial Control System Software Fundamentals

Walk into any modern manufacturing facility, power plant, or chemical processing center, and you’ll witness something remarkable: thousands of complex operations running with clockwork precision, monitored and controlled by sophisticated software systems that most people never see. Industrial Control System (ICS) software serves as the digital nervous system of our industrial world, orchestrating everything from the assembly line that builds your car to the power grid that lights your home.

Yet despite its critical role in keeping our modern infrastructure running smoothly, many professionals outside the industrial automation field remain unclear about what ICS software actually does, how it works, and why it’s become absolutely essential for operational success.

Whether you’re an engineer looking to deepen your understanding, a business leader evaluating automation investments, or simply curious about the technology that powers our industrial landscape, this comprehensive guide will walk you through everything you need to know about industrial control system software in 2025—from its fundamental components and core functionalities to the latest trends shaping its future.

What Makes Industrial Control System Software Different?

If you’ve ever wondered what sets industrial control system software apart from the business applications on your laptop or the apps on your phone, you’re not alone. The differences run much deeper than you might expect, and understanding these distinctions is crucial for anyone working with or evaluating industrial automation solutions.

The most striking difference lies in timing requirements. While your email client can take a few seconds to load without causing any real problems, industrial control system software must respond to critical events within milliseconds. When a safety sensor detects dangerous pressure levels in a chemical reactor, the control software needs to shut down the process immediately—not after a brief loading screen. This real-time performance requirement shapes every aspect of how this software is designed, from its underlying architecture to its user interface.

Reliability takes on an entirely different meaning in industrial environments. Your typical business software might crash occasionally, requiring a simple restart that costs you a few minutes of productivity. When industrial control system software fails, the consequences can include production shutdowns costing thousands of dollars per minute, equipment damage worth millions, or even safety incidents that put lives at risk. This reality demands software built with redundancy, fault tolerance, and robust error handling that far exceeds what you’d find in consumer applications.

The operating environment presents another fundamental difference. Industrial control system software must function flawlessly in conditions that would destroy your average computer—extreme temperatures, electrical interference, vibration, dust, and humidity levels that would make IT professionals break out in a cold sweat. This requires specialized hardware and software designs that prioritize durability and consistent performance over features like flashy graphics or the latest user experience trends.

Perhaps most importantly, industrial control system software operates with a completely different security model. While business applications focus on protecting data and preventing unauthorized access, industrial control systems must balance security with operational continuity. A security update that requires a system restart might be routine for office software, but it could shut down an entire production line. This creates unique challenges where cybersecurity measures must be implemented without compromising the system’s primary mission of keeping industrial processes running safely and efficiently.

Core Components of Industrial Control Software

Think of industrial control system software as a sophisticated orchestra where each component plays a specific role in creating harmonious industrial operations. Understanding these core components helps clarify how these systems coordinate thousands of simultaneous processes with remarkable precision.

The control logic engine serves as the brain, processing inputs and making split-second decisions based on programmed automation logic. This component runs continuously, scanning sensors and updating outputs hundreds of times per second.

The data acquisition layer acts as the system’s sensory network, gathering and validating information from field devices—everything from simple temperature readings to complex vibration analysis data.

Communication drivers enable different devices to talk to each other despite using different protocols. These components ensure seamless data flow between:

PLCs from different vendors
Legacy systems and modern controllers
Field devices and control rooms
Local systems and remote monitoring stations

The human-machine interface (HMI) transforms complex data into intuitive visual displays that operators can understand and interact with, generating screens, alarms, and reports for effective process monitoring.

Alarm management systems continuously monitor process parameters, detecting abnormal conditions and prioritizing operator attention with contextual information and suggested corrective actions.

Finally, the security framework protects the entire system while managing user permissions, audit trails, and secure communications—ensuring only authorized access while maintaining compliance records.

How Industrial Control System Software Works

Picture a master chef coordinating a busy restaurant kitchen—that’s essentially how industrial control system software orchestrates complex industrial processes. The software operates in continuous cycles, constantly reading the current state of operations, making decisions, and adjusting systems to maintain optimal performance.

The process starts with data collection. Sensors throughout the facility continuously feed information back to the control system—temperature readings, pressure measurements, flow rates, and position data. This data streams in hundreds of times per second, creating a real-time snapshot of factory operations.

Next comes decision-making. The control logic engine compares incoming data against predetermined setpoints and programmed rules. If a temperature sensor reports a reactor running too hot, the software immediately calculates the appropriate response—reduce heating power, open cooling valves, or adjust feed rates.

The execution phase translates decisions into action. Industrial control system software sends precisely calibrated commands to actuators, valves, and motors—telling a valve to open 23% or instructing a motor to ramp up to 1,847 RPM over 3.2 seconds.

Throughout this cycle, the software maintains continuous monitoring and feedback. It watches to ensure commanded changes actually occur, adjusts for deviations, and immediately alerts operators if something isn’t responding as expected. This closed-loop control approach keeps industrial processes stable and efficient even when conditions change.

The beauty lies in managing thousands of these control loops simultaneously while maintaining perfect timing and coordination between interdependent processes—like conducting a symphony where every instrument plays its part at precisely the right moment.

Types of Industrial Control System Software Explained

Just as different musical instruments serve unique purposes in an orchestra, various types of industrial control system software each excel at specific automation tasks. Below we take a look at what some of these can include. [H3] SCADA Software:

Supervisory Control and Data Acquisition

SCADA software functions as the command center of industrial operations, providing operators with a bird’s-eye view of entire facilities or multiple sites across vast geographic areas. Think of it as air traffic control for industrial processes—it monitors everything and coordinates operations but doesn’t handle direct control.

What sets SCADA apart from other industrial control system software is its focus on supervision rather than split-second control decisions. While PLCs manage factory floor operations, SCADA excels at collecting data from hundreds of remote devices and presenting it through intuitive graphical interfaces.

SCADA shines in geographically dispersed applications—oil pipelines stretching across states, water treatment facilities serving cities, or power grids connecting multiple generation sources. The software can simultaneously monitor a pump station in Texas, a compressor in Oklahoma, and a storage facility in Louisiana from a single control room.

Key capabilities include real-time data visualization, historical trending, alarm management with prioritization, and remote control that lets operators start pumps or adjust setpoints from miles away. SCADA systems also generate regulatory compliance reports and provide data foundations for advanced analytics.

PLC Programming Software: Programmable Logic Controllers

PLC programming software is the specialized toolset that engineers use to create, test, and maintain the control logic running on Programmable Logic Controllers. If SCADA is the command center, think of PLC programming software as the language that teaches individual machines exactly what to do and when to do it.

Unlike other industrial control system software focused on monitoring, PLC programming software creates the decision-making logic that operates at the device level. Engineers write programs in specialized languages like ladder logic, function block diagrams, or structured text—each designed specifically for industrial automation applications. The software includes simulation tools for testing logic before deployment, debugging capabilities for troubleshooting, and version control for managing program changes safely.

What makes this software unique is its focus on deterministic, real-time execution. Programs must run reliably in harsh industrial environments, responding to inputs within microseconds and maintaining consistent performance over years of continuous operation. Popular platforms include Siemens TIA Portal, Allen-Bradley Studio 5000, and Schneider Electric EcoStruxure, serving as the foundation for most automated manufacturing processes from simple conveyor controls to complex robotic assembly lines.

DCS Software Platforms: Distributed Control Systems

DCS software platforms represent the enterprise-grade solution for large-scale industrial control system software applications, particularly in process industries like oil refining, chemical manufacturing, and power generation. Unlike PLCs that handle discrete control tasks, DCS platforms excel at managing continuous processes with thousands of control loops running simultaneously across entire facilities.

The key advantage of DCS software lies in its distributed architecture—control functions are spread across multiple processors and locations rather than centralized in a single controller. This design provides exceptional reliability through redundancy, where backup systems automatically take over if primary controllers fail. The software manages complex process control strategies like advanced regulatory control, model predictive control, and multi-variable optimization that would overwhelm traditional control systems.

Leading DCS platforms include Honeywell Experion, Emerson DeltaV, and ABB 800xA, each offering integrated engineering environments where process engineers can configure control strategies, design operator interfaces, and manage safety systems from unified software suites. These platforms typically include advanced features like batch processing control, recipe management, and sophisticated alarm rationalization systems designed for 24/7 continuous operation in mission-critical industrial environments.

HMI Software: Human-Machine Interface Solutions

HMI software serves as the visual bridge between complex industrial control system software and the human operators who monitor and control industrial processes. Think of it as the dashboard of your car—it transforms thousands of data points into intuitive graphics, gauges, and controls that people can quickly understand and interact with during normal operations and emergency situations.

Modern HMI software goes far beyond simple mimic displays of plant equipment. Today’s platforms create dynamic, interactive interfaces that adapt to different user roles, provide contextual information based on current process conditions, and offer touch-screen functionality for tablets and mobile devices. Operators can drill down from overview screens showing entire plant sections to detailed views of individual equipment, all while maintaining situational awareness through intelligent alarm management and trend displays.

Popular HMI platforms include Wonderware System Platform, Rockwell FactoryTalk View, and Siemens WinCC, each offering drag-and-drop development environments, extensive graphics libraries, and integration capabilities with virtually any industrial control system software. These solutions also provide advanced features like recipe management, batch tracking, reporting tools, and multi-language support for global operations, making them essential components for safe and efficient industrial automation.

Essential Features of Modern Industrial Control System Software

While industrial control systems have evolved dramatically over the past decade, certain core features have become non-negotiable for any serious automation platform. These essential capabilities separate professional-grade industrial control system software from basic monitoring tools and determine whether a system can handle the demands of modern industrial operations. These core features are described below.

Real-Time Data Processing and Monitoring

Real-time data processing represents the heartbeat of effective industrial control system software—without it, automated systems become nothing more than expensive data collectors. True real-time capability means the software can receive, process, and respond to critical information within milliseconds, not seconds or minutes. When a pressure sensor detects dangerous levels in a chemical reactor, the system must react instantly to prevent catastrophic failure.

Modern industrial environments generate staggering amounts of data—a single manufacturing line might produce thousands of data points per second from sensors, meters, and control devices. Industrial control system software must filter this flood of information, identify meaningful patterns, and present actionable insights to operators without overwhelming them. This involves sophisticated algorithms that can distinguish between normal process variations and genuine problems requiring immediate attention.

The monitoring component goes beyond simple data collection to include predictive analytics and trend analysis. Advanced systems can detect subtle changes in equipment performance that might indicate impending failures, allowing maintenance teams to address issues before they cause expensive downtime. This proactive approach transforms industrial control system software from reactive problem-solving tools into strategic assets that optimize performance and prevent costly disruptions.

User Interface Design and Visualization Tools

User interface design can make or break industrial control system software effectiveness—even the most sophisticated control algorithms become useless if operators can’t quickly understand what’s happening or respond appropriately during critical situations. Modern industrial interfaces must present complex process information through intuitive graphics, clear alarm hierarchies, and logical navigation that works under pressure.

Effective visualization tools transform raw data streams into meaningful displays using color coding, trending charts, and dynamic equipment graphics that mirror actual plant layouts. Operators need to see at a glance whether systems are running normally, identify problems quickly, and access detailed information without navigating through multiple screens. The best industrial control system software platforms offer customizable dashboards that adapt to different user roles—maintenance technicians need different information than plant managers.

Modern visualization capabilities include mobile responsiveness for tablets and smartphones, allowing operators to monitor processes remotely, and contextual displays that automatically highlight relevant information based on current operating conditions or alarm states.

Communication Protocols and Connectivity

Communication protocols serve as the universal translators of industrial control system software, enabling devices from different manufacturers to share information seamlessly. Without robust protocol support, even the most advanced control system becomes an isolated island unable to integrate with existing equipment or future expansions.

Modern industrial facilities typically contain a mix of legacy equipment and cutting-edge devices, each speaking different communication languages—Modbus, Ethernet/IP, Profinet, OPC UA, and dozens of proprietary protocols. Effective industrial control system software must support multiple protocols simultaneously while maintaining reliable data exchange rates and handling network disruptions gracefully.

Connectivity extends beyond basic device communication to include cloud integration, remote access capabilities, and cybersecurity features that protect against unauthorized access while maintaining operational continuity. The best platforms offer plug-and-play connectivity that automatically discovers network devices and configures communication parameters, reducing installation time and minimizing configuration errors that could compromise system performance.

Safety and Security Features

Safety and security represent two sides of the same critical coin in industrial control system software—safety protects people and equipment from operational hazards, while security shields systems from cyber threats that could cause those same hazards. Modern platforms must excel at both without compromising operational efficiency.

Safety features include functional safety compliance with standards like IEC 61508 and IEC 61511, providing certified safety instrumented systems that can shut down dangerous processes within guaranteed time limits. These systems operate independently from normal control functions, ensuring that safety protection remains active even if primary control systems fail. Advanced platforms also offer safety lifecycle management tools that help engineers design, validate, and maintain safety systems throughout their operational life.

Security capabilities focus on protecting industrial control system software from increasingly sophisticated cyber threats through multi-layered defense strategies. This includes user authentication and authorization systems, encrypted communications, network segmentation, and continuous monitoring for suspicious activities. Modern platforms also provide secure remote access solutions that allow authorized personnel to troubleshoot systems without exposing critical infrastructure to external threats, while maintaining detailed audit trails for compliance and forensic analysis.

Choosing the Right Industrial Control System Software

Selecting the right industrial control system software for your facility isn’t just a technical decision—it’s a strategic investment that will impact your operations for years to come. With dozens of platforms available and each claiming to be the best solution, the key lies in understanding your specific requirements and matching them to software capabilities that align with your operational goals and long-term business strategy.

Factors to Consider When Selecting Control Software

Industry-Specific Requirements form the foundation of any selection process. Different industries have unique needs—pharmaceutical manufacturing requires strict batch tracking and regulatory compliance features, while oil and gas operations prioritize safety instrumented systems and remote monitoring capabilities. Chemical processing facilities need advanced process control algorithms, whereas discrete manufacturing focuses on motion control and robotics integration.

Technical specifications must align with your operational demands:

Performance requirements: Response times, data throughput, and concurrent user support
Hardware compatibility: Support for existing PLCs, sensors, and communication networks
Programming languages: Ladder logic, function blocks, structured text, or industry-specific languages
Database capabilities: Historical data storage, trending, and reporting functionality
Integration options: ERP connectivity, MES integration, and third-party system compatibility

Operational considerations significantly impact day-to-day effectiveness:

Ease of use: Intuitive interfaces that reduce training time and operational errors
Maintenance requirements: System updates, backup procedures, and diagnostic tools
Support availability: Vendor responsiveness, documentation quality, and local service presence
Training resources: Availability of courses, certification programs, and technical materials

Financial factors extend beyond initial licensing costs to include implementation expenses, ongoing maintenance fees, training costs, and potential productivity gains. The most expensive industrial control system software isn’t always the best choice, but the cheapest option often becomes costly when hidden limitations emerge during operation.

Compatibility and Integration Requirements

When evaluating industrial control system software, compatibility isn’t just a nice-to-have—it’s absolutely critical for operational success. I’ve seen too many implementations fail because teams didn’t thoroughly assess integration requirements upfront, leading to costly retrofits and system downtime.

The reality is that most industrial facilities operate with a mix of legacy and modern equipment. Your ICS software needs to communicate seamlessly with existing PLCs, SCADA systems, and field devices, regardless of their age or manufacturer. This means looking beyond just the latest protocols and ensuring support for older standards like Modbus RTU, DNP3, and proprietary communication methods that might still be running your critical processes.

Database integration deserves special attention. Your chosen software should connect cleanly with existing enterprise systems—whether that’s your ERP, MES, or historian databases. I’ve worked with plants where poor database integration created information silos that hurt decision-making across the entire operation. Make sure the software can handle your data volumes and provides the APIs or connectors your IT team needs.

Don’t overlook network infrastructure compatibility either. Some ICS software performs beautifully in controlled lab environments but struggles with the network latency and bandwidth limitations common in industrial settings. If you’re dealing with remote sites or older network equipment, verify that the software can maintain reliable performance under these real-world conditions.

Security integration is another crucial consideration. Your ICS software should work harmoniously with existing cybersecurity tools—firewalls, intrusion detection systems, and endpoint protection platforms. It’s not enough for the software to be secure in isolation; it needs to fit into your broader security architecture without creating vulnerabilities or blind spots.

Finally, consider future scalability requirements. The software you choose today should accommodate planned expansions, new equipment additions, and evolving industry standards. This forward-thinking approach saves significant headaches and costs down the road.

Scalability and Future-Proofing Considerations

Scalability isn’t something you can think about later—it needs to be part of your ICS software selection from day one. I’ve watched companies outgrow their control systems within just a few years, forcing expensive migrations that could have been avoided with better planning.

Start by honestly assessing your growth trajectory. Are you adding new production lines? Expanding to additional facilities? Your ICS software should handle these scenarios without requiring a complete overhaul. Look for solutions that scale both vertically—supporting more data points and users on existing hardware—and horizontally by adding new servers as needed.

Data volume growth is often underestimated. Modern industrial operations generate exponentially more data than even five years ago. The software you choose should handle this growth gracefully, with efficient storage and processing that won’t bog down as your dataset expands.

Cloud integration is becoming essential for future-proofing. While many operations still rely on on-premises systems, hybrid cloud capabilities give you flexibility for advanced analytics, remote monitoring, and backup strategies. Make sure your ICS software can bridge on-premises and cloud environments seamlessly.

Pay attention to the vendor’s development roadmap and update strategy. Choose vendors with a track record of supporting products long-term and clear migration paths for future versions. Some provide regular, backward-compatible updates while others require disruptive major upgrades.

Consider emerging technologies like AI and machine learning integration. You might not need these capabilities today, but having a platform that can incorporate them later saves you from another major system replacement. The same goes for newer communication protocols and industry standards still gaining adoption.

Finally, ensure the software can scale with your team’s expertise. It should be intuitive enough for training new operators but sophisticated enough to grow with your team’s knowledge.

Future Trends in Industrial Control System Software

Cloud-Based Control Systems and Remote Access

The shift toward cloud-based control systems is happening faster than most people expected. Just five years ago, suggesting critical industrial processes could run on cloud infrastructure would have gotten you laughed out of the room. Today, it’s a serious consideration for many operations.

The key driver isn’t just cost savings—it’s the unprecedented flexibility in managing and monitoring operations. Cloud-based systems offer better scalability, faster deployment of new tools, and access to analytics capabilities that would be prohibitively expensive to build in-house.

Remote access capabilities have evolved dramatically, especially after the pandemic forced everyone to rethink industrial operations management. However, software-based remote access solutions still present significant security risks. Traditional VPNs and remote desktop software create bidirectional network connections that can be exploited by attackers to move laterally through industrial networks.

This is where hardware-enforced remote access solutions like Waterfall’s HERA offer a more secure approach. Hardware-based solutions provide unidirectional data flow and physical air gaps that software simply cannot replicate. HERA enables secure remote access without creating the network vulnerabilities inherent in software-only solutions, making it particularly valuable for critical infrastructure applications.

Edge computing is becoming the sweet spot for many applications. Rather than moving everything to the cloud, smart companies use edge devices for time-critical control functions while leveraging cloud resources for analytics and reporting. This hybrid approach provides real-time responsiveness where needed and cloud scalability where it makes sense.

The real game-changer is how cloud systems enable predictive maintenance and advanced analytics. When control system data flows to cloud-based analytics platforms, you can identify patterns and potential issues that would be nearly impossible to spot with traditional approaches, shifting from reactive to predictive maintenance.

AI and Machine Learning Integration

AI and machine learning integration is moving from experimental to essential in industrial control systems. What started as pilot projects analyzing historical data has evolved into real-time optimization systems that actively improve plant performance.

The most immediate impact I’m seeing is in predictive maintenance. Machine learning algorithms can detect equipment degradation patterns weeks or months before traditional monitoring would catch them. This isn’t just about preventing failures—it’s about optimizing maintenance schedules to minimize production disruptions while maximizing equipment lifespan.

Process optimization is where AI really shines. Modern ICS software can now use machine learning to continuously adjust control parameters based on real-time conditions, raw material variations, and quality targets. I’ve worked with chemical plants where AI-driven optimization increased yield by 3-5% while reducing energy consumption—improvements that translate to millions in annual savings.

Anomaly detection has become incredibly sophisticated. AI systems can learn normal operational patterns and immediately flag deviations that might indicate equipment problems, cyber attacks, or process upsets. These systems catch issues that human operators might miss, especially during shift changes or high-workload periods.

The integration isn’t seamless yet, though. Many existing control systems weren’t designed with AI in mind, creating challenges around data quality, latency, and integration complexity. The most successful implementations I’ve seen start with specific use cases rather than trying to AI-enable everything at once.

Edge AI is becoming crucial for time-sensitive applications. Rather than sending all data to the cloud for processing, edge devices can run machine learning models locally, making real-time decisions while still benefiting from cloud-based model training and updates.

The key is choosing ICS software that’s designed for AI integration from the ground up, not retrofitted with AI capabilities as an afterthought.

Conclusion

Industrial control system software has evolved from basic monitoring tools to sophisticated platforms that drive operational excellence. The decisions you make today about ICS software will impact your operations for years to come, making careful evaluation more critical than ever.

Don’t just buy software—invest in a platform that grows with your business. Whether you’re dealing with legacy equipment integration, planning for cloud migration, or preparing for AI-driven optimization, the right ICS software should be your foundation for future innovation, not a limitation.

The industrial landscape is changing rapidly. Companies that choose flexible, scalable, and secure ICS solutions today will lead their industries tomorrow. Those that settle for basic functionality or ignore emerging trends risk being left behind.

Take the time to thoroughly evaluate your options, involve your operations team in the selection process, and choose vendors who understand that industrial control systems aren’t just software purchases—they’re strategic investments in your company’s future.

Your industrial control system software should work as hard as you do. Make sure you choose one that will.

About the author

Waterfall team

FAQs About Industrial Control System Software

What Is ICS?

Andrew Ginter’s Top 3 Webinars of 2024

Andrew Ginter — Tue, 17 Dec 2024 11:38:14 +0000

OT Insights Center OT security standardsAndrew Ginter’s Top 3 Webinars of 2024

Andrew Ginter’s Top 3 Webinars of 2024

Discover Andrew Ginter’s top picks for the most insightful and engaging webinars of 2024, covering key trends and strategies in industrial security.

Andrew Ginter

December 17, 2024

As 2024 comes to a close, it’s traditional to reflect on the and maybe catch up on bits of reading and events that we missed throughout the year because of our busy schedules. To this end, I recommend to you three of this year’s Waterfall webinars, each an overview of Waterfall or other authors’ reports that read faster when we’ve seen an overview, so each of us can skip faster to the material we find most potentially useful.

My Top Three Webinars of 2024:

1) Cyber Attacks with Physical Consequences – 2024 Threat Report

By the numbers –Waterfall & ICS Strive produce the world’s most conservative and most credible OT / industrial security threat report. In this webinar the authors review the numbers – public disclosures of attacks with physical consequences. And we look at what the numbers mean for the practice and future of industrial cybersecurity.

To read further, the threat report is available here.

2) IEC 62443 for Power Generation

The IEC 62443 standards are cross industry, somewhat out of date, and deliberately vague in many areas – and so need to be interpreted to apply them successfully. In this webinar, Dr. Jesus Molina provides an overview of his report that shows how to interpret and apply the standards to conventional electric power plants.

To read further, the IEC 62443 for Power Generation report is available here.

3) Evolving Global OT Cyber Guidelines

This webinar is a favorite of mine because of big turnout and the thoughtful questions and comments from the audience. In this webinar, we explore the latest developments in OT cybersecurity regulations, standards and guidance worldwide and what these developments mean for industries navigating this complex landscape.

If you would like to read more, I recommend the brand new, multi-national Principles of OT Security – it’s good, and with only 9 pages of payload, it’s an easy read over the holidays.

These are my top 3. If you would like to see even more of our videos, I encourage you to subscribe to the Waterfall Youtube channel where we upload new videos regularly.

80K Stryker Devices Wiped Following Iran-Attributed Attack

March 24, 2026

Cyber-Informed Engineering Recognized with Cyber Policy Award for Research Impact

March 18, 2026

Waterfall Security Solutions recognized by Gartner®

March 9, 2026

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

The post Andrew Ginter’s Top 3 Webinars of 2024 appeared first on Waterfall Security Solutions.

Andrew Ginter’s Top 3 Podcast Episodes of 2024

Andrew Ginter — Mon, 16 Dec 2024 15:12:04 +0000

OT Insights Center OT security standardsAndrew Ginter’s Top 3 Podcast Episodes of 2024

Andrew Ginter’s Top 3 Podcast Episodes of 2024

As 2024 winds down, kick back and enjoy some of Andrew Ginter's best podcast picks

Over the past 12 months, it has been a pleasure and a privilege to co-host the Industrial Security Podcast. When I started the podcast 5-ish years ago, bluntly, I did not know if there was enough industrial security content in the world for more than a year or two of episodes. It turns out the OT security space is much broader and deeper than I knew, and I’ve both learned something in every episode and become aware of how much more that I don’t know that every one of my guests do know and give us a few insights based on that knowledge in every episode.

Choosing three from this year’s episodes was hard, but here are three that stood out for me. If you ask me for a theme for these episodes, I’d have to say all three provide insights into high-consequence attacks, risk blind spots, and of course defenses against these attacks. This is all consistent with the perspective of the Cyber-Informed Engineering initiative and with the themes I explore in my latest book, Engineering-Grade OT Security: A Manager’s Guide.

I hope you enjoy listening to these podcasts as much as I enjoyed the interviews and discussions. And stay tuned, we are working on many more guests and discussions in 2025!

My Top Three Episodes of 2024:

Episode #134: Insights into Nation State Threats with Joseph Price

In this episode, Joseph Price nation-state threats and attacks. Nation states are often held up as “bogeymen,” able to do anything to anyone for reasons that are opaque to mere mortals. Joseph peels back a couple layers for us, explaining how to interpret the data is available in the public domain. He walks us through what to expect in terms of attack capabilities, how the world’s superpowers routinely test each other’s defenses, responses and capabilities in both physical and cyber domains, and looks at what this means for both small and large infrastructure sites and defensive programs.

Episode #123: Tractors to Table Industrial Security in the Industry of Human Consumables with Marc Sachs

In this episode, Marc Sachs, Senior Vice President and Chief Engineer at the Center for internet Security, Chief Security Officer for Pattern Computer, and a former White House National Security Council Presidential Appointee, takes a deep dive into the cybersecurity challenges facing the food production industry.

He examines the industry’s growing reliance on automation, from farmers leveraging GPS, drones and self-driving equipment to large-scale food production facilities dependent on interconnected systems. While these advancements have dramatically improved efficiency and productivity, automation has also created important new vulnerabilities. Marc walks us through real-world examples of cyber threats targeting this critical industry, the potential consequences of a future attacks, and practical measures that organizations can take to bolster their defenses.

This episode provides an eye-opening look at how completely automated the high end of agriculture and food production has become, and how this is a problem as more and more operations deploy this kind of automation.

Episode #131: Hitting Tens of Thousands of Vehicles At Once with Matt MacKinnon

In this episode, Matt MacKinnon, Head of Global Strategic Alliances at Upstream Security, looks at a cybersecurity niche in the automotive industry that I did not know existed: protecting the cloud systems that vehicle manufacturers rely on to manage and interact with the vehicles they produce. From passenger cars to 18-wheelers and massive mining equipment, connected vehicles enable everything from diagnostics and updates to real-time remote control.

Matt explains how digital transformation and the pervasive use of cloud systems in automotive and heavy equipment industries has introduced new attack opportunities, with potential consequences ranging from unauthorized manipulation of vehicular systems, data breaches, and potential threats to safe and reliable operations.

How to manage these risks and protect cloud systems connected to vehicles? Matt walks us through protective technology and how it works – technology I did not know existed.

Consequential OT Breaches Dropped in 2025 – What Happened?

March 5, 2026

How to Apply the NCSC/CISA 2026 Guidance

March 1, 2026

Webinar: 2026 OT Cyber Threat Report

February 25, 2026

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

The post Andrew Ginter’s Top 3 Podcast Episodes of 2024 appeared first on Waterfall Security Solutions.

Cybersecurity Approaches Unique to OT Security

Andrew Ginter — Thu, 15 Aug 2024 09:08:28 +0000

OT Insights Center OT security standardsCybersecurity Approaches Unique to OT Security

Cybersecurity Approaches Unique to OT Security

The engineering profession has powerful tools to address physical risk, tools that should be applied to OT cyber risks much more routinely than they are today. For example: mechanical over-pressure relief valves prevent boilers from exploding for any reason, cyber attack or otherwise. These powerful tools are too often neglected for cyber threats because they have no analogue in IT security – they not even mentioned in most cybersecurity standards, regulations and advice.

Andrew Ginter

August 15, 2024

The engineering profession has powerful tools that address physical risk, tools that should be applied to OT cyber risks much more widely than they are today. For example, mechanical over-pressure valves prevent pressure vessels from exploding. These valves contain no CPUs and are therefore un-hackable. Torque-limiting clutches prevent turbines from disintegrating, contain no CPUs, and are thus un-hackable. Unidirectional gateways are physically able to send information in only one direction and are physically unable to send attack information in the other direction. Today, these powerful tools are too often neglected because they have no analogue in the IT security space, and are not mentioned in almost all cybersecurity standards, regulations and advice published over the last two decades.

Digging deeper, the engineering profession has managed risks to public safety for over a century. It is because poor engineering poses risks to public safety that the engineering profession is a legislated, self-regulating profession in many jurisdictions, similar to the medical and legal professions. The engineering profession has an enormous contribution to make to managing OT cyber risks, but this is poorly understood both inside and outside the profession.

Engineering Obligations for Cybersecurity

Why? In part, this is because are perhaps fifty times as many IT security practitioners in the world as OT security practitioners, thus IT experts are often the first people consulted when we need industrial cybersecurity solutions. Most IT security experts, however, are not engineers and so are not aware of the responsibilities of, nor the contributions that can be made by, the engineering profession.

The profession itself is not much better off. If cyber attacks with physical consequences continue doubling annually, then the OT cyber problem will reach crisis proportions before the end of the decade. In most jurisdictions however, the engineering profession has not yet come to grips with these risks to public safety. At this writing, it is unclear whether there has ever been a case of an engineer being disciplined or losing their license for failing to apply robust cyber risk management to industrial designs that involve public safety or national security. While some jurisdictions, such as the United Kingdom, have added “cybersecurity and data protection” to their code of ethics, most engineers are still not aware of the rapidly changing societal expectations for industrial cybersecurity in their practices.

Engineering Approaches to OT Security

There is progress though. In the last half decade, several approaches to robust security engineering have emerged:

Process engineering: The ISA’s Security PHA Review textbook documents an approach for using routine Process Hazard Analysis engineering outputs to help design unhackable physical mitigations for cyber threats to worker, environmental and public safety,
Automation engineering: The Countering Cyber Sabotage – Introducing Consequence-driven Cyber-informed Engineering (CCE) textbook is primarily about risk assessment, but includes several chapters on unhackable mitigations for cyber threats, including unhackable digital mitigations for cyber threats to equipment protection, and
Network engineering: my own Secure Operations Technology (SEC-OT) Appendix in my latest text Engineering-Grade OT Security – A manager’s guide describes the engineering perspective of protecting correct physical operations from cyber-sabotage attacks embedded in incoming online and offline information flows.

In this theme, the US Department of Energy (DOE) also released a National Cyber-Informed Engineering Strategy (CIE) in 2022, and CIE Implementation Guide in 2023. These developments, the CIE initiative and the CIE perspective are arguably the most important advances in OT Security since the Gartner Group coined the phrase “OT Security” in 2005. The CIE initiative is developing an engineering body of knowledge to, among other things, “use design decisions and engineering controls to mitigate or even eliminate avenues for cyber-enabled attack or reduce the consequences when an attack occurs.”

“This makes so much sense. Why is this new? This shouldn’t be new. Why have we not been looking at the problem this way since the beginning?”

Why Is This New?

All these initiatives are long overdue. When I explain these opportunities, perspectives and opportunities to stakeholders from engineering teams to enterprise security teams and boards of directors, the single most common response is something like:

“This makes so much sense. Why is this new? This shouldn’t be new. Why have we not been looking at the problem this way since the beginning?”

Now, to be fair, many of the actual engineering techniques we’re talking about are not new – they are very old. Safety engineering has been with us for a very long time, as has protection engineering. But using these and other powerful tools universally and systematically to address cyber risk – in addition to other threats to safe and reliable operations – this is new. Applying the perspective of the engineering profession to these problems is new, whether it should be or not.

The future is bright for OT Security seen through the lens of engineering for safety, reliability and critical infrastructure / national security imperatives. I encourage you and all OT security practitioners, engineers or enterprise security, to become aware of and start using CIE, the engineering perspective and engineering-grade defenses to improve and simplify OT security.

For more information on this topic, please request your free copy of this author’s latest textbook Engineering-Grade OT Security – A manager’s guide.

About the author

Andrew Ginter

2026 OT Cyber Threat Report

February 18, 2026

Groundbreaking OT Security Guidance

February 5, 2026

Applying the New NCSC / CISA Guidance

January 20, 2026

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

The post Cybersecurity Approaches Unique to OT Security appeared first on Waterfall Security Solutions.

What is OT Anyway?

Andrew Ginter — Tue, 02 Apr 2024 09:39:38 +0000

OT Insights Center OT security standardsWhat is OT Anyway?

What is OT Anyway?

What does the term OT really mean? What did it mean 20 years ago? What does it mean today?

Andrew Ginter

April 2, 2024

What is OT? Where to begin? The field of automation engineering has been around for almost as long as the engineering profession has existed. More recently, in 2005, the Gartner Group coined the term “operational technology” (OT). In the beginning, the term was used by IT teams to mean, more or less, “all that industrial and engineering stuff that we IT people do not understand.” Engineers of course did not use the term, at least initially, because they generally did understand very thoroughly “all that engineering stuff.”

Engineers have very recently started to use the “OT” term, primarily when interacting with enterprise security teams. Engineers use the term to refer to the computers and networks that control important, complex, and often dangerous physical processes. Many of these physical processes constitute critical industrial infrastructures, such as water treatment systems, passenger rail systems, and the electric grid. These physical processes are powerful tools, and their misoperation generally has unacceptable physical consequences. Preventing such misoperation is the goal of OT cyber risk management.

“Engineers use the term to refer to the computers and networks that control important, complex, and often dangerous physical processes.”

Arcane Terminology

Thus, while the term “OT risk” is new, people were monitoring, controlling and to some extent automating physical processes with dials, gauges, and analog control loops before there were computers, and have been using computers to assist with such control almost since the first computers were invented. As with any old field, the terminology is arcane. The first computers used in operations were so woefully under-powered that each computer could do only one kind of thing, and so every little thing that an automation computer did was given a different name.

For example, control systems are sometimes called SCADA systems, where SCADA stands for “Supervisory Control and Data Acquisition.” A SCADA system is an industrial control system that uses a wide-area network (WAN) to communicate over long distances. Electric grids, pipelines and water distribution systems use SCADA systems. In contrast, “DCS” stands for “Distributed Control System.” A DCS is an industrial control system where no WAN is involved, and where the entire physical process is contained in one site. Power plants, refineries and chemical plants use DCSs. Historically, SCADA systems and DCSs were different – one kind of software could not control the other kind of process. Nowadays, general-purpose control systems have all the features of both SCADA systems and DCSs, making the difference between the two terms more usage than technology.

The modern term encompassing DCSs, SCADA systems and all other kinds of control systems is “industrial control system” (ICS), but there are many variations of the term. The IEC 62443 standards insist on calling these systems “industrial control and automation systems” (IACS). Many refineries call their control systems Process Control Networks (PCNs). Building owners and operators call their control systems Building Automation Systems. And rail system operators call some of their control systems switching systems, others operational control systems (OCC), and yet others signalling systems – in that industry, the term “OT” is only just starting to be used.

Process vs. Discrete Manufacturing

Industrial processes can be classified as well. Critical industrial infrastructures are generally examples of “process industries.” In process industries, the material being manipulated is more or less “goo” at some point in the physical process: water purification systems manipulate water, refineries manipulate oil, and pipelines move fluids. Electric grids are considered process industries as well, because electricity is produced in a continuous stream that can be modelled as more or less a fluid. Even transportation and traffic control systems are considered by many to be process systems, though this pushes the concept a bit.

Within process industries, there are batch industries and continuous industries. Batch industries, such as mining and pharmaceuticals, are industries where the production line does not run continuously. Instead, the physical process produces identifiable batches of outputs. Continuous industries, such as water treatment plants, power plants and offshore oil platforms, consume inputs and produce outputs more or less constantly. Worst case consequences of cyber sabotage in process industries can be spectacular. These industries are sometimes called “boomable” industries – with one of the main jobs of the control system being to stay “left of boom”.

Discrete manufacturing is the opposite of process manufacturing. While process industries work with continuous inputs to produce continuous or discrete outputs, discrete manufacturing assembles small, discrete inputs into larger discrete outputs, such as automobiles, aircraft, and home appliances. There are many similarities between process and discrete manufacturing, but there are significant differences as well. Discrete manufacturing often consists of individual machines or “production cells,” each with a technician responsible for operating and/or repairing machines in the cell. Each machine tends to have its own small, local “human-machine interface” (HMI).

Whereas process industries are often “boomable,” worst case consequences of cyber attacks on discrete manufacturing tend to be threats to product quality – which can be very important in fields such as aircraft manufacturing – and threats to individual technicians operating the equipment. A machine that turns on while a technician has their hand or body inside the machine while servicing it, can injure or kill the person, but generally poses no threat to other technicians in the plant, nor to public safety.

Human-Machine Interface (HMI)

An important aspect common to all SCADA systems is the human operator. Control systems for important industrial facilities almost always have human oversight. System operators are charged with ensuring the safe and reliable operation of the physical process. These operators use tools known as human-machine interface (HMI) software. This software almost always includes a graphical visualization of the state of the physical process, and often includes other elements such as alarm managers and historical trending tools called process historians.

In many industries, by policy and sometimes by law, process operators are required to permit the physical process to operate only if they have a high degree of confidence that the process is operating safely. If the operator ever loses such confidence, for example because their displays freeze, or a message pops up saying, “you have been hacked,” they must act. An affected operator may transfer control of the process to a secondary or redundant HMI or control system. However, if after some seconds or minutes the operator is still not sufficiently confident of the correct and safe operation of the physical process, then that operator must return the process to a known-safe state – most often by triggering an emergency shutdown of the physical process.

This means that most often, the simplest way that cyber attacks can cause physical consequences is for the attack to impair the operation of some part of an operator’s HMI or the systems supporting the HMI. The simplest physical consequences of such attacks are shutdowns of the physical process. A problem with such shutdowns is that industrial processes very often can be shut down much faster than they start up. Physical operations can take days to recover full production again after an emergency shutdown. In some cases, regulatory approvals must be obtained before restarting physical processes, delaying plant restarts by as much as months. Worse, emergency shutdowns often put physical stress on industrial equipment, stress that can lead to either immediate equipment failures, further delaying restarts, or to premature equipment aging.

OT Security Priorities

While safe and reliable operations are the top priority in almost all industrial networks, confidentiality can be a priority as well. For example, pharmaceutical firms often regard the detailed processes used to manufacture their outputs as closely held trade secrets. Discrete manufacturers sometimes regard the programs and settings for industrial robots and other manufacturing equipment the same way. Enterprise security teams have an important role to play in protecting this information.

The bottom line? There is enormous variety in the field of “OT” systems, and that variety, especially the differences in worst-case consequences of compromise – drive requirements for OT security and OT risk management systems.

To dig deeper, click here to request a copy of this author’s latest book, Engineering-Grade OT Security: A manager’s guide.

About the author

Andrew Ginter

IT/OT Cyber Theory: Espionage vs. Sabotage

January 6, 2026

Ships Re-Routed, Ships Run Aground

January 6, 2026

New CISA, CCCS et al Alert | Advice on Pro-Russian Hacktivists Targeting

January 6, 2026

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

The post What is OT Anyway? appeared first on Waterfall Security Solutions.

5 Ways Waterfall Central™ Improves Situational Awareness

Waterfall team — Thu, 18 Jan 2024 12:07:55 +0000

OT Insights Center OT security standards5 Ways Waterfall Central Improves Situational Awareness

5 Ways Waterfall Central Improves Situational Awareness

Introducing Waterfall Central: Come for simple remote monitoring of multiple devices, stay for the situational awareness.

Waterfall team

January 18, 2024

Situational awareness (SA) is one of the most important facets when considering any form of security, and especially cybersecurity. Network Operation Centers (NOC) and Security Operation Centers (SOC) are keen to have a strong grasp of what is going on within their scope of responsibilities. This way, they can be proactive instead of reactive to threats, risks, and general operational incidents.

Waterfall Central is a browser-based solution designed to enable personnel responsible for multiple Waterfall devices to easily monitor all their devices.

Waterfall Central is a browser-based solution designed to enable personnel responsible for multiple Waterfall devices to easily monitor all their devices.

All Your Waterfall Devices on a Single Pane of Glass

Beyond simply allowing 1 person to monitor multiple Waterfall assets, the Waterfall Central delivers something else: Situational Awareness. If you’re an analyst in a NOC (network operating center) or SOC (security operating center) and you need better operational awareness, Waterfall Central was designed for you. While Central primarily addresses the increasing demand for monitoring multiple Waterfall appliances, Central can serve other important purposes that facilitate added security.

5 Examples of Improved Situational Awareness with Waterfall Central

1. Heartbeat Signal Monitoring

In the event that a Waterfall device stops sending a heartbeat signal, Waterfall Central provides immediate awareness. This could be indicative of various issues, such as a loose cable, server room power failure, or a blown fuse. Identifying and addressing such issues promptly can prevent complications.

2. Real-time Issue Resolution

Waterfall Central presents a clear picture of all Waterfall devices on a single screen, allowing for the swift identification and resolution of emerging issues. The built-in wizard generates issue tickets for prompt communication with the OEM, which saves time and helps resolve any issues faster.

The opposite of situational awareness is ‘being distracted’, so by helping avoid the distraction of chasing down inconsequential incidents and OEM reporting, attention can be applied elsewhere.

3. Confirmation of OT Connectivity

Central assists in confirming OT connectivity, ensuring that various IT systems are receiving data from Waterfall devices. This feature is particularly valuable when onboarding new solutions to optimize industrial processes, offering a quick way to verify proper integration and functionality.

4. Automated Alerts for Anomalies

Waterfall Central is equipped with built-in alerts that notify users of device failures or abnormalities. These alerts can be configured to draw attention to anomalies that may indicate security incidents or other problems, providing an additional layer of proactive security measures.

5. Rapid Incident Evaluation

One of the most useful capabilities that comes from having all your Waterfalls on a single pane of glass is knowing that an “incident” is nothing. A good example would be connectivity dropping across many devices at the same time for a few minutes, and then goes back up. Such a scenario is most often just IT resetting an internet router or switch. If such an incident was to be reviewed after-the-fact on each device’s logs, it would probably require a good amount of work before determining it was just an inconsequential event. By seeing all Waterfall devices in real-time, such conclusions can be reached quickly and easily.

Centralized Security, Better Awareness

By keeping a centralized dashboard for all your Waterfall devices, it is easier to ensure that everything is running smoothly, while reducing the person hours needed to simply confirm certain details and knowing about important issues sooner. And keep in mind this is in addition to the primary benefits that Central has to offer, which is monitoring multiple Waterfalls.

Want to learn more? Contact us

Bringing Engineering on Board and Resetting IT Expectations

December 25, 2025

We can’t – and shouldn’t – fix everything – Episode 147

December 17, 2025

Medical Device Cybersecurity Is Tricky – Episode 146

December 11, 2025

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

The post 5 Ways Waterfall Central™ Improves Situational Awareness appeared first on Waterfall Security Solutions.

Securing Industrial Data Flow to AWS

Waterfall team — Tue, 09 Jan 2024 08:45:31 +0000

OT Insights Center OT security standardsSecuring Industrial Data Flow to AWS

Securing Industrial Data Flow to AWS

Waterfall is proud to be recognized as the industry standard for connecting OT systems to the AWS Cloud.

Waterfall team

January 9, 2024

As industries embrace the power of the Industrial Internet of Things (IIoT) and other cloud-based technologies to enhance operational efficiencies, a challenge has emerged in bridging the gap between the need for digitization and the importance of securing critical infrastructure systems. The conventional approach of directly connecting Industrial Control Systems (ICS) and Operational Technology (OT) to external networks poses significant cybersecurity risks. After extensive joint lab testing and data validation, Amazon Web Services (AWS) now recommends using Waterfall Unidirectional Gateways as the preferred solution for securely connecting industrial systems to the AWS cloud.

The delicate balance between digitization and security

Waterfall Security and Amazon Web Services both acknowledge the necessity for a balanced approach in advancing digitization, while safeguarding critical infrastructure systems. In line with AWS’s 10 security golden rules for IIoT solutions, AWS recommends deploying security appliances, particularly unidirectional gateways, to regulate the data flow and establish unbreachable one-way connections to external networks and cloud services. This way, data can securely flow to the AWS Cloud for access and function use within AWS’s IoT SiteWise and IoT Core, while any attempt to breach the industrial systems remains physically impossible.

“AWS recommends deploying security appliances, particularly unidirectional gateways, to regulate the data flow and establish unbreachable one-way connections to external networks and cloud services.”

The power of Unidirectional Gateways

Unidirectional gateways, which are a much more secure alternative to traditional firewalls, ensure a one-way data flow from the OT network to the IT network and the cloud while being physically unable to send traffic in the reverse direction. Unidirectional gateways are compliant with many industry standards such as NERC CIP and ISA/IEC 62443. While deployed behind-the-scenes, these unidirectional gateways play a crucial role in protecting critical infrastructure systems.

Waterfall Unidirectional Gateway to the AWS Cloud

Option 1 –> Sending OT/IIoT Data to AWS IoT SiteWise:

Waterfall Security’s Unidirectional Cloud Gateway facilitates the secure transmission of OT/IIoT data to AWS IoT SiteWise. The gateway replicates OPC UA data from an OPC UA server, hosting a replica OPC UA server for the IT network. The AWS IoT SiteWise Edge gateway running on AWS IoT Greengrass collects and sends this data to AWS IoT SiteWise in the cloud, enabling efficient visualization and analysis.

Option 2 –> Sending OT/IIoT Data to AWS IoT Core:

Waterfall’s Unidirectional Gateway, acting as an MQTT broker on the industrial network, facilitates the transmission of industrial data to AWS IoT Core using the MQTT protocol. This data can then be routed to various AWS services for processing, such as AWS IoT Events, AWS Lambda, Amazon Kinesis, Amazon Simple Storage Service (Amazon S3), and Amazon Timestream. The Waterfall Unidirectional Gateway ensures a secure and one-way transfer of data, physically removing the possibility of inbound cybersecurity risks.

Let the OT data flow to AWS Cloud-based services

In conclusion, Waterfall Security offers a robust solution for securely streaming OT/IIoT data to AWS IoT SiteWise and AWS IoT Core. By leveraging unidirectional gateways, industrial operations can harness the power of AWS cloud services without risks to their ICS/OT environments. This approach not only simplifies OT/IT integration, but also aligns with AWS’s multi-layered security approach outlined in the ten security golden rules for IIoT solutions. Waterfall Security remains committed to enhancing the security of critical infrastructure sectors, providing a foundation for secure, efficient, and digitized industrial operations.

Hardware Hacking – Essential OT Attack Knowledge – Episode 145

November 26, 2025

Top 10 OT Cyber Attacks of 2025

November 24, 2025

Cyber Threats to the Manufacturing Industry: Risks, Impact, and Protection Strategies

November 11, 2025

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

The post Securing Industrial Data Flow to AWS appeared first on Waterfall Security Solutions.

All Time Favorite Podcast Episodes: Andrew Ginter’s Top Picks

Waterfall team — Tue, 26 Dec 2023 14:13:34 +0000

OT Insights Center OT security standardsAll Time Favorite Podcast Episodes: Andrew Ginter’s Top Picks

All Time Favorite Podcast Episodes: Andrew Ginter’s Top Picks

Five of Andrew's favorite podcasts to enjoy as 2023 comes to an end, and 2024 begins.

Waterfall team

December 26, 2023

I was asked to put a few words together about my favorite Industrial Security Podcast episodes of all time. I scanned the complete list at https://waterfall-security.com/podcast and came up with these five. The first four were episodes that contributed materially my thinking & the formation of sections and chapters in my latest “gold” book Engineering-Grade OT Security: A manager’s guide.

The fifth didn’t really fit the gold book, but I’m mulling the episode over for possible inclusion in my next book, if there is one. The gold book was all about risk in the context of individual organizations. For the future, I’m wondering if the world needs a bigger picture book of where OT cyber risk fits into the context of “all risks” that modern societies face, from nuclear war and EMPs to massive solar storms and global warming. I dunno for sure, please let me know what you think.

“If you have time over the Christmas break and are looking for a podcast or five to make you think – full of ideas that will challenge your current understanding of the OT/industrial security space – these are the episodes I recommend.”

My top five episodes:

Episode #28: Unhackable Safeguards with James McGlone

James is a co-author of Security PHA Review, a brilliantly-written book on using Process Hazard Analysis / HAZOP spreadsheets & concepts to improve cybersecurity with unhackable / engineering-grade mitigations.

Episode #68: Capabilities vs. Probabilities with Mark Fabro
Mark explains capabilities-based risk vs. older and murkier likelihood-based models, and uses capabilities to introduce cyber Design-Basis Threat (cDBT) – a way to eliminate “risk-based” hand waving.

Episode #85: Cyber Insurance is Changing Fast with Georgina Williams

Georgina walks us through changes in the insurance industry triggered by NotPetya and the $1.4 billion USD Merck Pharma payout. For many, OT cyber insurance is not the “one stop” solution it once was.

Episode #100: Engineering-Grade Security in the CIE Strategy with Cheri Caddy
Cheri led the US DOE / INL Cyber-Informed Engineering Strategy. Feedback I’ve heard from practitioners suggests the CIE Strategy might just be the single best thing to happen to OT cybersecurity, ever.

Episode #96: Consequences Matter with Danielle Jablanski
Danielle walks us through the very big picture. It is not just worst-case consequences that determine government policy & regulations, but also society’s ability to respond to different kinds of worst-case attacks.

If you have time over the holidays and are looking for a podcast (or five) to make you think – full of ideas that will challenge your current understanding of the OT/industrial security space – these are the episodes I recommend.

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

The post All Time Favorite Podcast Episodes: Andrew Ginter’s Top Picks appeared first on Waterfall Security Solutions.

ics – Waterfall Security Solutions

Webinar: 2026 OT Cyber Threat Report

Webinar: 2026 OT Cyber Threat Report

Watch now - on demand!​

Join Greg Hale of ICS Strive and Andrew Ginter of Waterfall Security as they explore what lies beneath all of 2025's OT breaches with physical consequences.Key Takeaways:

About the Speaker

Waterfall team

Stream it Now

Share

Webinar: 2026 OT Cyber Threat Report

Webinar: 2026 OT Cyber Threat Report

Watch now - on demand!

Join Greg Hale of ICS Strive and Andrew Ginter of Waterfall Security as they explore what lies beneath all of 2025's OT breaches with physical consequences.Key Takeaways:

About the Speaker

Andrew Ginter

Watch Now

Share

What Is Industrial Control System Software?

What Is Industrial Control System Software?

Waterfall team

Understanding Industrial Control System Software Fundamentals

What Makes Industrial Control System Software Different?

Core Components of Industrial Control Software

How Industrial Control System Software Works

Types of Industrial Control System Software Explained

PLC Programming Software: Programmable Logic Controllers

DCS Software Platforms: Distributed Control Systems

HMI Software: Human-Machine Interface Solutions

Essential Features of Modern Industrial Control System Software

Real-Time Data Processing and Monitoring

User Interface Design and Visualization Tools

Communication Protocols and Connectivity

Safety and Security Features

Choosing the Right Industrial Control System Software

Factors to Consider When Selecting Control Software

Compatibility and Integration Requirements

Scalability and Future-Proofing Considerations

Future Trends in Industrial Control System Software

Cloud-Based Control Systems and Remote Access

AI and Machine Learning Integration

Conclusion

About the author

Waterfall team

FAQs About Industrial Control System Software

Andrew Ginter’s Top 3 Webinars of 2024

Andrew Ginter’s Top 3 Webinars of 2024

Discover Andrew Ginter’s top picks for the most insightful and engaging webinars of 2024, covering key trends and strategies in industrial security.

Andrew Ginter

My Top Three Webinars of 2024:

1) Cyber Attacks with Physical Consequences – 2024 Threat Report

2) IEC 62443 for Power Generation

3) Evolving Global OT Cyber Guidelines

Share

Trending posts

Stay up to date

Tags

Andrew Ginter’s Top 3 Podcast Episodes of 2024

Andrew Ginter’s Top 3 Podcast Episodes of 2024

As 2024 winds down, kick back and enjoy some of Andrew Ginter's best podcast picks

My Top Three Episodes of 2024:

Share

Trending posts

Stay up to date

Tags

Cybersecurity Approaches Unique to OT Security

Cybersecurity Approaches Unique to OT Security

Andrew Ginter

Engineering Obligations for Cybersecurity

Engineering Approaches to OT Security

Why Is This New?

About the author

Andrew Ginter

Share

Trending posts

Stay up to date

Tags

What is OT Anyway?

What is OT Anyway?

What does the term OT really mean? What did it mean 20 years ago? What does it mean today?

Andrew Ginter

Watch now - on demand!

Join Greg Hale of ICS Strive and Andrew Ginter of Waterfall Security as they explore what lies beneath all of 2025's OT breaches with physical consequences.

Key Takeaways:

Join Greg Hale of ICS Strive and Andrew Ginter of Waterfall Security as they explore what lies beneath all of 2025's OT breaches with physical consequences.

Key Takeaways:

The delicate balance between digitization and security