ot cybersecurity – Waterfall Security Solutions https://waterfall-security.com Unbreachable OT security, unlimited OT connectivity Thu, 09 Apr 2026 12:41:42 +0000 en-US hourly 1 https://wordpress.org/?v=6.9.4 https://waterfall-security.com/wp-content/uploads/2023/09/cropped-favicon2-2-32x32.png ot cybersecurity – Waterfall Security Solutions https://waterfall-security.com 32 32 Webinar: 2026 OT Cyber Threat Report https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/webinar-2026-ot-cyber-threat-report-2/ Wed, 25 Mar 2026 15:30:57 +0000 https://waterfall-security.com/?p=39009 This webinar covers the record-breaking costs of consequences, what is behind the drop in ransomware attacks and the key defensive developments of 2025, in light of these threats

The post Webinar: 2026 OT Cyber Threat Report appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterWebinar: 2026 OT Cyber Threat Report

Webinar: 2026 OT Cyber Threat Report

Watch now - on demand!​

2026 OT threat report webinar

In 2025, 57 cyber attacks caused real-world damage in heavy industry, world-wide. This is a 25% drop from 2024, but that’s the tip of the iceberg

Most of this reduction is because of temporary factors affecting ransomware attacks. Nation-state and hacktivist attacks doubled, with most attacks targeting critical infrastructures. 

This is the only industry report focused exclusively on verified cyber incidents with physical consequences. The data set is public, all the incidents we use are included in the report’s appendix with links to public news reports

Watch it now

Highlighted attacks include:

  • Jaguar / LandRover – the most costly production shutdown in a decade,
  • Colins Aerospace – a crippled software system caused flight cancellations and delays for weeks – highlighting the need for rapid recovery or manual fall-backs for critical systems operated and managed by third parties,
  • Grounded and mis-directed ships – again highlighted the need for multiple independent checks on important external inputs, such as GPS signals, and
  • Polish distributed generation – a near miss because the lights stayed on, an example of the Russian nation state targeting European critical infrastructures, and a cautionary tale about “bricking” control equipment. 

Join Greg Hale of ICS Strive and Andrew Ginter of Waterfall Security as they explore what lies beneath all of 2025's OT breaches with physical consequences.

Key Takeaways:

arrow red right Record-breaking costs of consequences

arrow red right What is behind the drop in ransomware attacks

arrow red right Key defensive developments of 2025, in light of these threats 

About the Speaker

Picture of Waterfall team

Waterfall team

Stream it Now

Share

The post Webinar: 2026 OT Cyber Threat Report appeared first on Waterfall Security Solutions.

]]> Cyber-Informed Engineering Recognized with Cyber Policy Award for Research Impact https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/cyber-informed-engineering-recognized-with-cyber-policy-award-for-research-impact/ Wed, 18 Mar 2026 14:02:45 +0000 https://waterfall-security.com/?p=38923 The recognition of CIE highlights a broader shift in how cyber risk is being understood and managed in industrial environments

The post Cyber-Informed Engineering Recognized with Cyber Policy Award for Research Impact appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterCyber-Informed Engineering Recognized with Cyber Policy Award for Research Impact

Cyber-Informed Engineering Recognized with Cyber Policy Award for Research Impact

Picture of Waterfall team

Waterfall team

Cyber-Informed Engineering Recognized with Cyber Policy Award for Research Impact

The growing importance of Cyber-Informed Engineering (CIE) was recently recognized with a Cyber Policy Award for Research Impact from the Institute for Security and Technology. 

The award honors a team whose work has helped advance CIE as a framework for addressing cyber risk in critical infrastructure. Among those honored were: 
 
Virginia Wright and Benjamin Lampe, leading the development of CIE at Idaho National Laboratory,  
Cheri Caddy of Savannah River National Laboratory who led the development of the CIE strategy and worked in the Whitehouse with the Department of Energy to secure funding for the CIE initiative,  
Andrew Ohrt of West Yost who led the deployment of CIE in the water sector and developed a number of publically-available resources to illustrate how to use CIE in critical infrastructures, and 
• Our own Andrew Ginter, VP Industrial Security at Waterfall Security Solutions, who contributed industry perspectives to the CIE initiative, and whose book, speaking & podcast helped increase awareness of CIE in the OT security community at large. 
 
The recognition of CIE highlights a broader shift in how cyber risk is being understood and managed in industrial environments. 
Cyber Policy Award Winners 2026

What is Cyber Informed Engineering?

Cyber-Informed Engineering is “the big umbrella” – bringing together relevant parts of safety engineering, protection engineering, automation engineering, network engineering, and most of cyber security into a comprehensive body of knowledge for addressing cyber risks to physical operations. The body of knowledge looks at the problem of OT cybersecurity from the engineering perspective:

• Addressing high-consequence risks first, consistent with industrial engineering practices, and addressing high-frequency, low-impact irritants only secondarily,

• Encouraging modest design changes to physical processes to take entire sets of consequences and attack vectors off the table – avoiding / eliminating risk rather than merely mitigating the risk / reducing frequency of high-consequence events,

• Recognizing that the key objective in terms of preventing most truly unacceptable outcomes is preventing sabotage rather than espionage, and recommending strong oversight / control of online and offline communication channels that can transmit attack information into sensitive systems.

In short, CIE is positioned as “a coin with two sides.” One side is cybersecurity – teach engineering teams about cyber threats, about cybersecurity tools, and about the intrinsic limitations of such tools, so that these teams can evaluate residual risks. The other side is engineering – overpressure relief valves, manual fall-backs and other “unhackable” mitigations for all types of risk – including cyber risks. This engineering side of the coin has been under-represented in most OT security advice to date, and represents a big opportunity to dramatically improve OT security outcomes.

Cyber Policy Award winners

“CIE is the most important innovation in OT security in 20 years – bringing the engineering risk-management perspective and powerful engineering tools and approaches to bear on the problem of assuring safe, reliable and efficient physical operations, in an increasingly hostile cyber threat environment.”

Andrew Ginter, VP Industrial Security, Waterfall Security

Waterfall and Cyber Informed Engineering

At Waterfall Security Solutions, we believe in the principles of CIE. Just as the public expects bridges to carry a specified load, in a specified operating environment, for a specified number of decades, with a large margin for error, increasingly society demands that automation systems for physical operations carry a specified threat load, until at least the next opportunity to upgrade our defenses, with a large margin for error. And society generally expects that “carry a specified threat load” means to carry that load deterministically, with a very high degree of confidence.

This philosophy is very compatible with Waterfall’s own Unidirectional Gateways and hardware-enforced solutions. Our solutions are part of the Network Engineering body of knowledge – hardware-enforced / deterministic tools to prevent cyber attacks from pivoting through consequence boundaries: connections between networks with dramatically different worst-case consequences of compromise.

To learn more about Cyber-Informed Engineering and the work of Andrew Ginter, who was recognized with the Cyber Policy Award for Research Impact, you can request a copy of his book, Engineering-Grade OT Security: A Manager’s Guide.

About the author
Picture of Waterfall team

Waterfall team

Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post Cyber-Informed Engineering Recognized with Cyber Policy Award for Research Impact appeared first on Waterfall Security Solutions.

]]> Waterfall Security Solutions recognized by Gartner® https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/waterfall-security-solutions-recognized-by-gartner/ Mon, 09 Mar 2026 10:07:27 +0000 https://waterfall-security.com/?p=38875 Waterfall Security is pleased to announce our inclusion in Gartner’s recent Market Guide for CPS Secure Remote Access report

The post Waterfall Security Solutions recognized by Gartner® appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterWaterfall Security Solutions recognized by Gartner®

Waterfall Security Solutions recognized by Gartner®

Picture of Waterfall team

Waterfall team

Waterfall Security Solutions recognized by Gartner®

Waterfall Security, the leader in hardware-enforced OT security and remote access for cyber physical systems (“CPS”), is pleased to announce our inclusion in Gartner’s recent Market Guide for CPS Secure Remote Access report.

Gartner points out that “traditional remote access methods, such as VPNs, jump boxes or emerging approaches such as IT remote privileged access management (RPAM) products, lack the granularity and contextual knowledge needed for production or mission-critical environments,” and recommends organizations “replace VPNs and proceed with caution with IT-centric tools”. In the representative vendors section, the report identifies Waterfall for its new HERA (Hardware-Enforced Remote Access) product as a Representative Vendor.

Hardware-Enforced Remote Access

How Does HERA’s “physics” work? The Waterfall HERA product is a pair of a-symmetric cooperating Unidirectional Security Gateways, each physically able to send information in only one direction. The outbound gateway sends encrypted screen images out of the OT network. The inbound gateway sends encrypted keystrokes, mouse and other HERA protocol information into the OT network. The inbound gateway contains a hardware filter that passes only HERA information – all IP packets are discarded. In addition, login/encryption credentials are stored securely in TPM hardware in the remote HERA client computer, as well as TPM hardware in the HERA hardware on the OT side of the HERA – this in addition to conventional software-based multi-factor authentication (MFA) mechanisms.

We are pleased to be recognized in the Gartner Market Guide. Waterfall’s hardware-enforced solutions, including Unidirectional Gateways and HERA are designed to eliminate entire classes of network-borne attack vectors.”
Lior Frenkel, CEO


Modern OT Remote Access

Today’s industrial operations expect remote access products with modern features, including: zero-trust-style granular access, MFA, a guaranteed protocol break, just-in-time session control, and the ability to inspect and terminate existing sessions, especially in NERC CIP and other regulated environments. Waterfall’s HERA provides all of these industry-leading features, in addition to the unique hardware-enforced security measures.

OT remote access is increasingly common and is increasingly seen as a serious threat to the security of industrial operations. The latest advice from CISA, CCCS and other government authorities regarding OT remote access states that the risk of exploiting VPN and other software vulnerabilities can “become detrimental to business operations.” As a result, these authorities recommend that “business owners should consider hardware-enforced solutions.” The era of “physics-based” and hardware-enforced solutions is upon us.

To explore Waterfall’s HERA, download the Waterfall Guide: Rethinking Secure Remote Access for Industrial and OT Networks.

Gartner, Market Guide for CSP Secure Remote Access, Katell Thielemann, Wam Voster, Sumit Rajput, 3 February 2026.

GARTNER is a trademark of Gartner, Inc. and/or its affiliates. Gartner does not endorse any company, vendor, product or service depicted in its publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner publications consist of the opinions of Gartner’s business and technology insights organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this publication, including any warranties of merchantability or fitness for a particular purpose.

About the author
Picture of Waterfall team

Waterfall team

Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post Waterfall Security Solutions recognized by Gartner® appeared first on Waterfall Security Solutions.

]]> Consequential OT Breaches Dropped in 2025 – What Happened? https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/consequential-ot-breaches-dropped-in-2025-what-happened/ Thu, 05 Mar 2026 03:23:36 +0000 https://waterfall-security.com/?p=38857 In 2025, 57 cyber attacks caused real-world damage in heavy industry worldwide - a 25% drop from 2024 and the first drop in 6 years. What happened?

The post Consequential OT Breaches Dropped in 2025 – What Happened? appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterConsequential OT Breaches Dropped in 2025 – What Happened?

Consequential OT Breaches Dropped in 2025 – What Happened?

In 2025, 57 cyber attacks caused real-world damage in heavy industry, world-wide. This is a 25% drop from 2024, and the first drop in this statistic in six years. What happened?
Picture of Andrew Ginter

Andrew Ginter

The OT Data Set

The data set in the Waterfall / ICS STRIVE 2026 OT Cyber Threat Report shows 57 OT attacks with physical consequences world-wide in the industries the report tracks. Most of these attacks were ransomware, and this has been the case since the turn of the decade. Nation-state and hacktivist attacks nearly doubled, but that increase was not enough to make up for the reduction in ransomware attacks. The question of “what happened?” is really “what happened to ransomware attacks?” A definitive answer is not possible – there are a lot of ransomware groups out there, each with different MODUS OPERANDI, motives and circumstances. Speculation is possible however, and there is secondary data available, so let’s speculate a bit.

The Ransomware Data

Ransomware attacks overall seem to have flat-lined or maybe even dropped a little in 2025. There is no such thing as a repository or reliable count of all ransomware world-wide, but there are some indications:

  • FBI data for ransomware incidents reported to them in 2025 is not yet available, but the 2018-2024 data set shows ransomware increasing overall, but having “ups and downs.” 2021 was an “up” year, 2022 was smaller, and then started increasing again.
  • The NCC Group tracks ransomware sites where the criminals list the organizations they claim to have victimized. These are criminals though, should we believe them? Reliable or not, the NCC data shows a spike in February, a sharp reduction through most of the rest of the year, with a bit of an uptick in the last two months, with only a small increase in overall claims since 2024.
  • The German BSI has access to legally-required (confidential) incident disclosures in Germany. Their data shows 2025 nearly flat over 2024.
  • The Microsoft Threat Report claims that ransomware attacks that reached the encryption stage increased only 7% in 2025 over 2024.

Reasons for this phenomenon are varied – the best speculation world-wide seems to include:

What else might be going on?

Analysis

In the report, the authors look at other hypotheses as well:

  • Are fewer attacks being reported in public? The data suggests there might be a some this happening. Owners and operators may have become “gun-shy” about disclosing too much information and being sued if any of that information is later shown to be incorrect. Less disclosure is safer and disclosing the minimum the law requires seems to have become the norm.
  • Have cyber defenses become more capable? But some of the breaches still showed shockingly poor cyber hygiene. Others showed a high degree of sophistication, taking down what we would expect to be well-defended targets.


In addition, the number of zero-days exploited in the wild dropped only a little 2024-2025, and AI-automated attacks started being observed. In short, it seems likely that all of this is in play, with the result that we’ve observed.

Conclusion

None of the effects looked at in the report seem likely to hold attacks constant or declining for any material amount of time:

  • Law-enforcement actions have not eliminated profitable drug-running or other criminal enterprises, and seem unlikely to be able to eliminate ransomware.
  • Ransomware criminals have re-organized to recover from their losses, and seem poised to resume their “normal” attack patterns in 2026.
  • Public disclosures of “material” incidents are increasingly required in many jurisdictions, which should increase disclosure rates. Less than material incidents may no longer be disclosed. But if incidents overall increase in 2026, one would expect to see material incidents and disclosures increase as well. And – in a world interested in cyber attacks, it is increasingly difficult to hide the fact that a factory shut down and laid off the workforce due to a cyber attack.

In short, it is reasonable to believe that the cyber attacks with physical consequences will continue to rise in the years ahead. And it is worth studying the attacks and trends we observe today, because anything that has happened in the past is a credible threat in the years ahead.

Digging Deeper: The authors of the threat report discuss these and many other findings in a webinar that you can stream now.

About the author
Picture of Andrew Ginter

Andrew Ginter

Andrew Ginter is the most widely-read author in the industrial security space, with over 35,000 copies of his three books in print. He is a trusted advisor to the world's most secure industrial enterprises, and contributes regularly to industrial cybersecurity standards and guidance.
Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post Consequential OT Breaches Dropped in 2025 – What Happened? appeared first on Waterfall Security Solutions.

]]> Webinar: 2026 OT Cyber Threat Report https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/webinar-2026-ot-cyber-threat-report/ Wed, 25 Feb 2026 11:01:05 +0000 https://waterfall-security.com/?p=38591 This webinar covers the record-breaking costs of consequences, what is behind the drop in ransomware attacks and the key defensive developments of 2025, in light of these threats

The post Webinar: 2026 OT Cyber Threat Report appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterWebinar: 2026 OT Cyber Threat Report

Webinar: 2026 OT Cyber Threat Report

Watch now - on demand!

2026 OT threat report webinar

In 2025, 57 cyber attacks caused real-world damage in heavy industry, world-wide. This is a 25% drop from 2024, but that’s the tip of the iceberg

Most of this reduction is because of temporary factors affecting ransomware attacks. Nation-state and hacktivist attacks doubled, with most attacks targeting critical infrastructures. 

This is the only industry report focused exclusively on verified cyber incidents with physical consequences. The data set is public, all the incidents we use are included in the report’s appendix with links to public news reports

Watch Now

Highlighted attacks include:

  • Jaguar / LandRover – the most costly production shutdown in a decade,
  • Colins Aerospace – a crippled software system caused flight cancellations and delays for weeks – highlighting the need for rapid recovery or manual fall-backs for critical systems operated and managed by third parties,
  • Grounded and mis-directed ships – again highlighted the need for multiple independent checks on important external inputs, such as GPS signals, and
  • Polish distributed generation – a near miss because the lights stayed on, an example of the Russian nation state targeting European critical infrastructures, and a cautionary tale about “bricking” control equipment. 

Join Greg Hale of ICS Strive and Andrew Ginter of Waterfall Security as they explore what lies beneath all of 2025's OT breaches with physical consequences.

Key Takeaways:

arrow red right Record-breaking costs of consequences

arrow red right What is behind the drop in ransomware attacks

arrow red right Key defensive developments of 2025, in light of these threats 

About the Speaker

Picture of Andrew Ginter

Andrew Ginter

Andrew Ginter is the most widely-read author in the industrial security space, with over 35,000 copies of his three books in print. He is a trusted advisor to the world's most secure industrial enterprises, and contributes regularly to industrial cybersecurity standards and guidance.

Watch Now

Share

The post Webinar: 2026 OT Cyber Threat Report appeared first on Waterfall Security Solutions.

]]> What is OT Cybersecurity? https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/what-is-ot-cyber-security/ Sun, 06 Jul 2025 08:29:45 +0000 https://waterfall-security.com/?p=34112 Learn what OT cybersecurity is, how it protects critical infrastructure, and the key threats, strategies, and standards you need to know.

The post What is OT Cybersecurity? appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterWhat is OT Cybersecurity?

What is OT Cybersecurity?

OT cybersecurity protects the industrial systems that keep critical infrastructure running—from power grids to manufacturing plants. This guide covers what OT cybersecurity is, why it’s different from IT cybersecurity, the biggest threats, and the essential strategies and standards for keeping operations safe, reliable, and resilient.
Picture of Waterfall team

Waterfall team

What is OT cybersecurity

OT protection refers to the cybersecurity measures used to safeguard Operational Technology (OT) systems that control industrial processes and physical equipment. It focuses on preventing unauthorized access, malware, and cyberattacks that could disrupt operations, damage assets, or endanger safety in critical infrastructure environments.

OT (Operational Technology) cybersecurity protects industrial systems like SCADA, ICS, and PLCs from cyber threats. It focuses on securing physical infrastructure such as power plants, factories, and transportation systems by monitoring, detecting, and preventing unauthorized access and disruptions to operations.

Understanding OT Cybersecurity Fundamentals

Operational technology (OT) systems that control critical infrastructure were once isolated from cyber threats. Today’s interconnected industrial landscape has changed that reality, exposing manufacturing plants, power grids, and other essential facilities to sophisticated attacks.

The convergence of OT and IT networks has created new vulnerabilities that traditional cybersecurity approaches can’t address. OT systems prioritize availability over confidentiality, use legacy protocols, and directly control physical processes, requiring specialized security strategies.

This guide covers the fundamentals of OT cybersecurity, from understanding unique threats to implementing effective security frameworks that protect operations without compromising performance.

What Makes OT Cybersecurity Different from Traditional IT Security?

The fundamental difference between OT and IT security lies in their core priorities. While IT security follows the CIA triad—confidentiality, integrity, and availability—OT systems flip this model, prioritizing availability first, then integrity, and finally confidentiality. A manufacturing line that goes down costs thousands of dollars per minute, making system uptime more critical than data protection. This means security measures that might cause system interruptions or latency are often unacceptable in OT environments.

OT systems also operate on different technological foundations than traditional IT networks. Many industrial control systems run on decades-old protocols like Modbus, DNP3, and proprietary communication standards that were designed for reliability and performance, not security. These legacy systems often lack basic security features like encryption or authentication, and they can’t be easily updated or patched without significant operational disruption. Additionally, OT networks include specialized hardware like programmable logic controllers (PLCs), human-machine interfaces (HMIs), and supervisory control and data acquisition (SCADA) systems that require unique security approaches tailored to their specific functions and constraints.

Why OT Network Security Has Become Critical

The digital transformation of industrial operations has eliminated the air gaps that once protected OT systems from cyber threats. Organizations are increasingly connecting their operational technology to corporate networks and the internet to enable remote monitoring, predictive maintenance, and data analytics. This connectivity, combined with the rise of Industrial Internet of Things (IIoT) devices, has created multiple entry points for cybercriminals and nation-state actors to access critical infrastructure.

Recent attacks have demonstrated the real-world consequences of inadequate OT security. The Colonial Pipeline ransomware incident in 2021 shut down the largest fuel pipeline in the United States for six days, causing widespread fuel shortages and economic disruption. Similarly, attacks on manufacturing facilities, water treatment plants, and power grids have shown that OT security breaches don’t just compromise data—they can halt operations, endanger public safety, and cause millions in damages. As regulatory bodies respond with stricter compliance requirements and as cyber threats continue to evolve, organizations can no longer treat OT security as an afterthought.

The OT Cybersecurity Threat Landscape

Common Threats Targeting Operational Technology Systems

Ransomware has emerged as one of the most disruptive threats to OT environments, with attackers specifically targeting industrial systems to maximize impact and ransom payments. Unlike traditional IT ransomware that focuses on data encryption, OT-targeted variants often aim to disrupt operations directly, knowing that downtime costs can quickly exceed ransom demands. Advanced persistent threats (APTs) represent another significant category, with nation-state actors conducting long-term espionage campaigns to steal intellectual property, sabotage operations, or establish persistent access for future attacks.

Insider threats pose unique risks in OT environments due to the specialized knowledge required to operate industrial systems. Malicious insiders with legitimate access can bypass many security controls and cause significant damage with minimal detection. Additionally, the proliferation of connected devices has introduced new attack vectors through unsecured IoT sensors, wireless networks, and remote access tools. These entry points are often overlooked in traditional security assessments but can provide attackers with pathways to critical control systems. Social engineering attacks targeting OT personnel are also increasing, as attackers recognize that human vulnerabilities often provide easier access than technical exploits in well-secured industrial networks.

How Attackers Target OT Network Cyber Security

Attackers typically begin by compromising the IT network through traditional methods like phishing emails, compromised credentials, or software vulnerabilities, then pivot laterally to reach OT systems through network connections. This “living off the land” approach allows them to use legitimate administrative tools and protocols to move undetected through corporate networks before accessing industrial control systems. Once they identify the OT network boundary, attackers often exploit weak segmentation, shared credentials between IT and OT systems, or remote access solutions that bridge both environments.

The attack methodology in OT environments focuses on reconnaissance and persistence rather than immediate disruption. Attackers spend significant time mapping industrial networks, identifying critical systems, and understanding operational processes before taking action. They exploit the lack of visibility in many OT networks, where traditional security monitoring tools are often absent or limited. Common techniques include exploiting unpatched vulnerabilities in industrial software, abusing legitimate OT protocols like Modbus or DNP3 that lack authentication, and targeting engineering workstations that serve as bridges between IT and OT networks. The goal is often to establish a foothold that allows them to monitor operations, steal proprietary information, or position themselves for future sabotage when the timing serves their objectives.

Core Components of OT Network Security

Industrial Control Systems (ICS) Security Fundamentals

Industrial Control Systems form the backbone of operational technology environments, encompassing SCADA systems, distributed control systems (DCS), and programmable logic controllers (PLCs) that directly manage physical processes. Securing these systems requires understanding their unique architecture and operational constraints. ICS security fundamentals begin with asset inventory and network mapping, as many organizations lack complete visibility into their industrial infrastructure. This includes identifying all connected devices, understanding communication flows between systems, and documenting the relationships between control logic and physical processes.

The security approach for ICS must balance protection with operational requirements. Key principles include implementing defense-in-depth strategies that layer security controls without disrupting real-time operations, establishing secure communication channels between control components, and ensuring that safety systems remain functional even during security incidents. Access control becomes critical, requiring role-based permissions that align with operational responsibilities while preventing unauthorized changes to control logic. Regular security assessments must account for the inability to frequently patch or update ICS components, making compensating controls like network segmentation and monitoring essential elements of any ICS security strategy.

OT-IT Network Convergence Security Challenges

The convergence of OT and IT networks creates complex security challenges that neither traditional IT nor OT teams are fully equipped to handle alone. Different patch management cycles, security policies, and operational priorities often clash when these networks connect. IT security teams may push for rapid updates and aggressive security controls that could destabilize OT operations, while OT teams may resist security measures that could impact system availability or performance. This organizational divide creates gaps in security coverage and inconsistent policy enforcement across converged networks.

Technical challenges arise from the fundamental differences in network protocols, device capabilities, and security architectures. IT security tools designed for standard TCP/IP networks may not function properly with industrial protocols, while OT-specific security solutions may lack integration with enterprise security management platforms. The shared infrastructure often becomes the weakest link, with engineering workstations, historians, and remote access solutions serving as bridges that inherit vulnerabilities from both domains. Successful convergence security requires unified governance frameworks, integrated monitoring solutions that can interpret both IT and OT traffic, and security architectures that maintain operational integrity while providing comprehensive threat visibility across the entire infrastructure.

Essential OT Cybersecurity Frameworks and Standards

Implementing effective OT cyber security requires structured approaches that address the unique challenges of industrial environments. Unlike traditional IT security frameworks, OT cyber security standards must account for operational continuity, safety requirements, and the integration of legacy systems with modern security controls. Several established frameworks provide organizations with proven methodologies for developing comprehensive OT cyber security programs that balance protection with operational performance.

NIST Cybersecurity Framework for Operational Technology

The NIST Cybersecurity Framework has become a cornerstone of OT cyber security strategy, offering a flexible approach that organizations can adapt to their specific industrial environments. The framework’s five core functions—Identify, Protect, Detect, Respond, and Recover—provide a comprehensive structure for managing OT cyber security risks. The “Identify” function focuses on asset management and risk assessment within OT environments, requiring organizations to catalog their industrial control systems, understand interdependencies, and assess vulnerabilities specific to operational technology.

The framework’s strength in OT cybersecurity lies in its risk-based approach that prioritizes critical assets and processes. For operational technology environments, this means focusing protection efforts on systems that directly impact safety, production, or regulatory compliance. The “Protect” function emphasizes access control, data security, and protective technology implementation tailored to OT constraints, while “Detect” addresses the unique monitoring challenges in industrial networks where traditional security tools may not function effectively. The framework’s emphasis on incident response and recovery planning is particularly valuable for OT cyber security, as it helps organizations maintain operational continuity during security incidents while ensuring safe system restoration.

Industry-Specific Compliance Requirements

Different industries face varying regulatory pressures that shape their OT cyber security implementations. The electric power sector must comply with NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection) standards, which mandate specific cybersecurity controls for bulk electric systems. These requirements include stringent access controls, system monitoring, and incident reporting procedures that directly impact how utilities design and operate their OT cybersecurity programs.

Manufacturing and chemical industries often fall under regulations like the Chemical Facility Anti-Terrorism Standards (CFATS) or state-level cybersecurity requirements that focus on protecting high-risk facilities. Water and wastewater systems face increasing scrutiny under EPA guidance and state regulations that emphasize both cybersecurity and physical security measures. Healthcare facilities with operational technology components must navigate HIPAA requirements alongside emerging medical device security standards. 

Each regulatory framework brings specific documentation, reporting, and technical requirements that organizations must integrate into their broader OT cybersecurity strategy, often requiring specialized expertise to ensure both compliance and operational effectiveness.

Building an Effective OT Network Security Strategy

Developing a comprehensive OT cyber security strategy requires a systematic approach that balances operational requirements with security objectives. Unlike traditional IT security strategies, OT network security must prioritize system availability and safety while implementing protective measures that don’t disrupt critical industrial processes. The foundation of any effective strategy lies in thorough risk assessment and strategic network design that creates defensible architectures.

Risk Assessment for Operational Technology Systems

Risk assessment in OT environments goes beyond traditional vulnerability scanning to include operational impact analysis and safety considerations. Organizations must identify critical assets based on their role in production processes, safety systems, and regulatory compliance rather than just data sensitivity. This includes mapping dependencies between systems, understanding the potential consequences of system failures, and evaluating the business impact of various attack scenarios. OT risk assessments must also consider the unique threat landscape facing industrial systems, including nation-state actors, insider threats, and the potential for cascading failures across interconnected systems.

Network Segmentation and Monitoring Best Practices

Network segmentation forms the cornerstone of effective OT cyber security, creating defensive boundaries that limit attack propagation and unauthorized access. Best practices include implementing the Purdue Model or similar hierarchical network architectures that establish clear zones of control with appropriate security controls at each level. This involves deploying firewalls, network access control systems, and secure remote access solutions specifically designed for industrial environments.

Emerging Technologies in OT Network Cyber Security

The OT cyber security landscape is rapidly evolving as new technologies emerge to address the unique challenges of protecting industrial systems. These innovations are reshaping how organizations approach operational technology security, offering enhanced visibility, automated threat detection, and more granular access controls. As industrial environments become increasingly connected and complex, these emerging technologies provide new opportunities to strengthen security postures while maintaining the operational integrity that OT systems demand.

Monitoring OT networks requires specialized tools and approaches that can interpret industrial protocols without disrupting operations. Effective monitoring strategies combine passive network monitoring with asset discovery tools that can identify unauthorized devices or unusual communication patterns. Organizations should implement both network-based and host-based monitoring solutions that provide visibility into control system activities while maintaining the real-time performance requirements of operational technology.

It’s important to note that these are brief overviews of complex topics. Network segmentation and monitoring in OT environments involve numerous technical considerations, vendor-specific implementations, and operational constraints that require detailed planning and specialized expertise to implement effectively.

Zero Trust Architecture for Operational Technology

Zero Trust architecture is gaining traction in OT environments as organizations seek to move beyond perimeter-based security models that assume internal network traffic is trustworthy. In operational technology contexts, Zero Trust focuses on continuous verification of device identity, user access, and communication integrity at every interaction point. This approach is particularly valuable for OT cyber security because it addresses the challenge of legacy systems that may lack built-in security features by wrapping them in protective authentication and authorization layers.

Implementing Zero Trust in OT networks requires careful consideration of operational constraints and real-time requirements. Solutions must provide microsegmentation capabilities that can isolate critical control systems while maintaining the low-latency communication necessary for industrial processes. Modern Zero Trust platforms designed for operational technology include features like device behavioral analysis, protocol-aware inspection, and automated policy enforcement that can adapt to the unique communication patterns found in industrial control systems.

AI and Machine Learning Applications

Artificial intelligence and machine learning are transforming OT cyber security by enabling automated threat detection and behavioral analysis that would be impossible with traditional rule-based systems. Machine learning algorithms can establish baseline behaviors for industrial devices and processes, then identify anomalies that may indicate security incidents or operational issues. This capability is particularly valuable in OT environments where normal operations follow predictable patterns, making deviations more easily detectable than in dynamic IT environments.

AI-powered security solutions for operational technology can analyze vast amounts of protocol data, device communications, and operational parameters to identify sophisticated attacks that might evade traditional signature-based detection systems. These systems can correlate security events with operational data to provide context about potential impacts on production or safety systems. Advanced implementations include predictive analytics that can forecast potential security risks based on historical patterns and current system states, enabling proactive security measures that align with operational planning cycles.

Getting Started with OT Cybersecurity

Beginning an OT cyber security journey can seem overwhelming given the complexity of industrial systems and the critical nature of operational continuity. However, a structured approach that prioritizes assessment, planning, and capability building provides a clear path forward. Organizations must balance the urgency of addressing security gaps with the methodical approach required to avoid disrupting critical operations.

Initial Assessment and Planning

The first step in any OT cyber security initiative is conducting a comprehensive assessment of existing infrastructure, security posture, and operational requirements. This includes inventorying all connected devices, mapping network architectures, and identifying critical assets that require the highest levels of protection. Organizations should evaluate current security controls, document regulatory requirements, and assess the maturity of existing OT security practices. This baseline assessment becomes the foundation for developing a realistic implementation roadmap that aligns security improvements with operational schedules and budget constraints.

Effective planning requires collaboration between IT security teams, OT operations personnel, and executive leadership to ensure that security initiatives support business objectives while maintaining operational integrity. The planning phase should establish clear priorities, define success metrics, and create implementation timelines that account for the unique constraints of industrial environments, including maintenance windows, regulatory compliance deadlines, and operational dependencies.

Building Internal Expertise

Developing internal OT cyber security expertise is crucial for long-term success, as the specialized nature of industrial systems requires knowledge that spans both cybersecurity and operational technology domains. Organizations should invest in training existing IT security professionals on industrial protocols, control systems, and operational requirements, while also educating OT personnel on cybersecurity principles and threat awareness. This cross-training approach helps bridge the traditional divide between IT and OT teams.

Building expertise also involves establishing relationships with specialized vendors, consultants, and industry organizations that can provide guidance on best practices and emerging threats. Many organizations benefit from participating in industry working groups, attending OT security conferences, and engaging with Information Sharing and Analysis Centers (ISACs) relevant to their sector to stay current with evolving threats and regulatory requirements.

Note: the fundamentals covered in this guide provide a foundation for understanding OT cybersecurity, but successful implementation requires ongoing learning and adaptation. As industrial systems continue to evolve and new threats emerge, staying informed about the latest developments in operational technology security becomes increasingly critical. Continue exploring advanced topics, industry-specific guidance, and detailed implementation strategies to build a comprehensive OT cybersecurity program that protects your critical operations while enabling business growth.

About the author
Picture of Waterfall team

Waterfall team

FAQs About OT Cybersecurity

OT cybersecurity is the practice of protecting operational technology — the systems that control physical processes in industries like manufacturing, energy, and transportation. These include pumps, motors, valves, and sensors, all of which must operate safely, reliably, and without disruption.

Unlike traditional IT security, OT cybersecurity prioritizes uptime and operational safety over data confidentiality.

Key frameworks and tools include:

  • NIS2 Directive (EU) – Sets strict cybersecurity requirements for critical infrastructure.

  • MITRE ATT&CK for ICS – Helps map and detect attacker behaviors in industrial systems.

  • ISO/IEC 27001 & 27019 – Support risk-based information security programs tailored to OT.

OT cybersecurity starts with understanding and securing Industrial Control Systems (ICS), including:

  • SCADA (Supervisory Control and Data Acquisition)

  • DCS (Distributed Control Systems)

  • PLCs (Programmable Logic Controllers)

Foundational steps include:

  • Asset inventory – Identifying all connected devices in your OT network

  • Network mapping – Documenting how data flows between systems

  • Process visibility – Understanding how control logic interacts with physical operations

Some of the most widely adopted and essential frameworks include:

  • IEC 62443 – The global standard for securing OT systems across their lifecycle

  • NERC CIP – Mandatory standards for the bulk electric system in North America

  • NIST SP 800-82 – U.S. guidelines for securing ICS networks and reducing cyber risk

These frameworks provide structure, terminology, and technical requirements to help organizations safeguard industrial environments from modern cyber threats.

Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post What is OT Cybersecurity? appeared first on Waterfall Security Solutions.

]]> Where does IT Security END and OT Security BEGIN? https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/where-does-it-security-end-and-ot-security-begin/ Thu, 26 Dec 2024 15:06:48 +0000 https://waterfall-security.com/?p=29897 The standard answer to this questions is "The Consequence Boundary"...but which kind of consequences are we talking about? And aren't there different levels of consequence? We help define these to answer the question.

The post Where does IT Security END and OT Security BEGIN? appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterWhere does IT Security END and OT Security BEGIN?

Where does IT Security END and OT Security BEGIN?

Where does the consequence boundary between IT and OT actually rest? Where is the line in the sand that separates what is needed to secure OT, an what is needed to secure IT? Lets have a look...
Picture of Waterfall team

Waterfall team

OT Security vs IT Security

OT IT Security Boundary Where does IT end and OT begin? Our research team frequently gets asked this question and the answer has grown technically more complex over the years, but the basic principles that guide the answer to this question have remained the same. It all has to do with first answering: “What is your risk tolerance? What is your risk appetite?”

With today’s complex and interconnected world, the lines between Information Technology (IT) and Operational Technology (OT) are increasingly blurred. While both IT and OT rely on digital systems to function, their purposes, priorities, and security challenges differ drastically. Understanding these distinctions is critical for crafting effective security strategies.

…the basic principles that guide the answer to this question have remained the same. It all has to do with first answering: “What is your risk tolerance? What is your risk appetite?

So, Where does IT end and OT begin?

In Andrew Ginter’s book Engineering-grade OT Security, he explains that OT begins at the consequence boundary. This boundary will differ for different operations, but the idea is that the IT/OT boundary rests somewhere around where the consequences of the risks actually happening become unacceptable.

Industrial pipesSome common unacceptable risks across most industries include any loss of human life, bodily harm, damage to machinery or equipment, and then we have unscheduled downtime. The duration of what is acceptable unscheduled downtime can vary greatly between each industry. For a power plant, it would be unacceptable to shut down operations for a half hour, but for a shoe factory, it might not be as dramatic of an issue. Wherever that acceptable/unacceptable risk boundary lies, that is its IT/OT boundary for that business.

OT takes over from IT where the consequences of something going wrong become unacceptable.

The Purpose of IT Vs the Purpose of OT

IT systems manage data and support business processes, such as communication, record-keeping, and analytics. Think of email servers, financial systems, and cloud applications. In contrast, OT systems control physical processes and equipment, often in industries like manufacturing, energy, and transportation. Some classic examples of OT include robotic assembly lines, power generation, nuclear power plants, offshore oil platforms, and railway signaling systems.

Key Difference: IT security focuses on protecting data and business processes, while OT security focuses on protecting physical systems and ensuring operational continuity.

IT Priorities Vs OT Priorities

The core objectives of IT and OT security reflect their drastically different operational priorities.

The CIA TriadAnyone who has casually walked by an ongoing cybersecurity classroom has most likely heard about the CIA Triad. This C-I-A concept formed the basis of cybersecurity when it first came out. It has grown partially outdated, as data Integrity hasn’t really become that great a threat, but Confidentiality (i.e. data exfiltration) and Availability (i.e. ransomware) have remained very relevant. The triad for OT security differs as it prioritizes safety and availability as well as operational integrity. When securing OT, the concern for data going into the machines far exceeds the concern for someone accessing outbound operational data from the machinery.

IT Security Priorities:

  • Confidentiality – Protecting sensitive data from unauthorized access.

  • Data Integrity – Ensuring the accuracy and reliability of data.

  • Availability – Maintaining access to IT systems and data when needed.

OT Security Priorities:

  • Availability – Keeping physical systems running and avoiding downtime.

  • Safety – Ensuring the well-being of workers and preventing accidents.

  • Operational Integrity – Guaranteeing the correct operation of equipment and processes.

Key Difference: IT prioritizes confidentiality first, while OT prioritizes safety

The IT Threat Landscape Vs OT Threat Landscape

Security Cameras as OT systemIT systems face threats such as malware, phishing, and data breaches. The goal of IT attackers is often to steal or encrypt important data, usually for financial gain some sort of business disruption.

OT systems, however, are exposed to threats where the attacker will try and cause some kind of physical consequence such as machinery malfunctioning and causing downtime.

  • Cyber-physical Attacks – Manipulating equipment to cause damage or outages.

    Ransomware – Encrypting and shutting down critical systems to extort money.

  • Insider Threats – Human errors or malicious insiders impacting physical operations.

Key Difference: OT threats can directly impact physical infrastructure and human safety, making them potentially far more catastrophic than IT threats.

System Lifespan and Upgrades

IT systems typically have shorter lifespans and are often upgraded or replaced within 3-5 years to keep pace with technology. OT systems, on the other hand, may operate for decades without significant changes.

Additionally, many critical OT systems are prohibitively expensive to upgrade, with price tags in the tens of millions of dollars. Furthermore, the lead time on such an upgrade can exceed into months or even years, during which production must continue uninterrupted.

This longevity of OT systems creates 2 distinct challenges:

  • Older OT systems may lack built-in security features, as they were designed before such threats needed to be considered

  • Patching and updates can be difficult, as downtime impacts operations. Even minor patches pose the risk of ruining operations if the patch corrupts some file or dependency.

Key Difference: OT systems are much more likely to rely on outdated, unsupported technology. This outdated/unsupported technology can’t be updated or replaced without drastically risking impacting operations. Meanwhile, IT can typically roll out patches and updates fairly quickly. Even simple common IT fixes such as “turning it off and on again” are far more complex when it comes to OT

Interconnectivity and Access

IT environments are designed from the ground up for high interconnectivity, with users and devices accessing networks remotely and frequently. OT environments were traditionally isolated (“air-gapped”) to reduce exposure to external threats. However, the recent rise of Industrial IoT (IIoT) and the need for endless remote monitoring has increased OT interconnectivity, expanding the available attack surface.

Key Difference: OT systems are transitioning from isolated to interconnected, introducing new security challenges, while IT systems have always been high-interconnected.

Incident Response

In IT, incident response often involves detecting and isolating compromised systems to prevent data loss. In OT, response plans must consider the impact on physical operations, human safety, and regulatory compliance. A poorly managed response could disrupt critical infrastructure or even endanger lives.

Key Difference: OT incident response requires a multidisciplinary approach involving engineering, safety, and IT teams working together.

Cyber-Informed Engineering for OT Security

Engineering FriendsAs IT and OT systems grew more integrated over the years, organizations tried to adopt some sort of unified security strategies that address both IT and OT. This included joint risk assessments, robust monitoring of OT/IT environments, and even some cross team collaborations. These efforts proved to be ineffective at fully stopping the threats and risks.

A more centralized effort was needed. In 2022, the US Department of Energy released the National Cyber-informed Engineering Strategy.

The principles of Cyber-informed Engineering strongly recommend building resilience into industrial systems from the ground up. Cyber-informed engineering focuses on designing and operating systems with cybersecurity as a foundational element, rather than an afterthought.

Some of the main recommendations of CIE:

  • Incorporate Cybersecurity Early in Design – Embed security considerations into the design phase of OT systems to mitigate vulnerabilities before deployment.

  • Understand the Mission Impact – Analyze how cyber threats could impact physical operations and engineer systems to minimize those risks.

  • Integrate Safety and Security – Develop solutions that address both operational safety and cybersecurity simultaneously, ensuring one does not compromise the other.

  • Leverage Threat Modeling – Use threat modeling techniques to anticipate potential attack vectors and implement defenses tailored to OT environments.

  • Collaborate Across Disciplines – Bring together engineers, IT professionals, and security experts to foster a holistic approach to protecting systems.

By adopting cyber-informed engineering, organizations can proactively address the unique challenges of OT security and enhance the resilience of their critical systems.

Wrapping it up

So, to summarize, OT begins at the consequence boundary. The place along the entire network where the consequences of the risks become unacceptable. That is where IT solutions are no longer sufficient, and OT security takes over. And furthermore, by having IT and OT teams work together, as outlined with Cyber-informed Engineering, a higher and more resilient network can be achieved for the entire business or organization. Securing both IT and OT. When IT and OT work together, everyone is happier.

Want to protect your OT network? Book a consultation >>

About the author
Picture of Waterfall team

Waterfall team

Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post Where does IT Security END and OT Security BEGIN? appeared first on Waterfall Security Solutions.

]]> OT Cybersecurity: Can the Government Save Us? https://waterfall-security.com/ot-insights-center/government-and-defense/ot-cybersecurity-can-the-government-save-us/ Thu, 21 Mar 2024 13:19:35 +0000 https://waterfall-security.com/?p=21098 Governments play an important role in OT security: they educate, they share threat information, they vet our employees and other trusted insiders, and from time to time they legislate cybersecurity defenses that the most consequential industrial enterprises must implement.

The post OT Cybersecurity: Can the Government Save Us? appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterGovernment and DefenseOT Cybersecurity: Can the Government Save Us?

OT Cybersecurity: Can the Government Save Us?

Governments play an important role in OT security: they educate, they share threat information, they vet our employees and other trusted insiders, and from time to time they legislate cybersecurity defenses that the most consequential industrial enterprises must implement.
Picture of Andrew Ginter

Andrew Ginter

Can Government Save OT Security

Why do we need to do any kind of robust OT cybersecurity at all? After all, in the physical domain, we expect individual citizens to take reasonable measures to protect themselves from petty burglars and car thieves, and not from a squadron of tanks rolling down the street blowing holes in buildings. We expect our governments and militaries to protect us from the most capable and consequential adversaries and attacks. Should the same not be true in the cyber world?

For example, some governments have declared that significant cyber attacks on critical infrastructures shall constitute acts of war. But – significant attacks on critical infrastructures have occurred, with neither physical retaliation nor declarations of war by those same governments. Why? Well, in part this is because reliable attribution of cyber attacks can be made arbitrarily difficult by attackers – after the attack, we do not know who to declare war against. In part the problem is that the consequences of launching an all-out physical war are truly monstrous and are widely seen as a disproportionate response to a cyber attack, even an attack on critical infrastructures.

“We expect our governments and militaries to protect us from the most capable and consequential adversaries and attacks. Should the same not be true in the cyber world?”

Real Time Response

government computerMany governments have invested heavily in protective measures for their infrastructures: establishing threat information sharing systems, providing classified threat briefings, establishing national cyber emergency response teams, imposing cybersecurity regulations and sometimes even mandating central government security and incident monitoring systems. Most governments also have powerful systems in place to ferret out spies, terrorist conspiracies, sleeper cells and even have systems to identify trustworthy employees who are becoming susceptible to compromise or blackmail because of gambling debts, extra-marital relationships, and other aspects of their personal lives.

While these measures have enormous value, they tend to be slow-moving. Ransomware and other attacks have gone from initial compromise to fully-encrypted and extorting payment in only 45 minutes – faster than any government can respond. Another example – I was talking a couple of years ago to an expert who was called in to carry out a post-mortem on a hacktivist attack that took down a number of water treatment systems. His conclusion: the attacks succeeded because the water utilities failed to implement the defenses the government had ordered them to implement. The lesson? Some kinds of attacks can be defeated only by the targets of those attacks – this is why there are government cybersecurity regulations for the most consequential of critical infrastructures.

Role of Government

Government definedGovernments play an important role in OT security: they educate, they share threat information, they vet our employees and other trusted insiders, and from time to time they legislate cybersecurity defenses that the most consequential industrial enterprises must implement. Why? Because there are some kinds of attacks that only the industrial targets can mount credible defenses against.

To read more about defenses against ransomware, hacktivists and even nation-states, click here to request your free copy of the author’s new book: Engineering-Grade OT Security: A manager’s guide.

Get your complimentary copy now
About the author
Picture of Andrew Ginter

Andrew Ginter

Andrew Ginter is the most widely-read author in the industrial security space, with over 35,000 copies of his three books in print. He is a trusted advisor to the world's most secure industrial enterprises, and contributes regularly to industrial cybersecurity standards and guidance.
Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post OT Cybersecurity: Can the Government Save Us? appeared first on Waterfall Security Solutions.

]]> Recorded Webinar: The NIS2 Directive: A Guide for OT Professionals https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/recorded-webinar-the-nis2-directive-a-guide-for-ot-professionals/ Thu, 18 Jan 2024 12:16:08 +0000 https://waterfall-security.com/?p=18007 Dr Jesus Molina takes us on an in-depth 2 on the European NIS2 Directive, it's timeline, what it will entail, and who needs to comply.

The post Recorded Webinar: The NIS2 Directive: A Guide for OT Professionals appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterOT security standardsRecorded Webinar: The NIS2 Directive: A Guide for OT Professionals

Recorded Webinar: The NIS2 Directive: A Guide for OT Professionals

In this recorded webinar, we take an in-depth look at the European NIS2 Directive and help explain the timeline for its rollout, who needs to comply, and what compliance with the directive will most likely look like.
Picture of Waterfall team

Waterfall team

NIS2 Recorded Webinar

Some of the highlights we discussed about NIS2:

arrow red right  From NIS to NIS2: Tracing the journey of how the NIS was transposed into law and highlighting the novelties introduced in NIS2.

arrow red right NIS2 Deep Dive: We explain the NIS2 Directive’s implications for OT cybersecurity.

arrow red right Real-World Applications: How to apply NIS2 guidelines in diverse OT scenarios, using IEC63452 and NCCS as examples.

arrow red right Risk Management Strategies: Examples of effective strategies to mitigate risks in OT environments, ensuring compliance with NIS2.

 

Dr. Molina also discussed the timelines of the NIS2 Directive’s rollout, and what needs to be completed by each deadline in order to be compliant.NIS2 Directive timeline

Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post Recorded Webinar: The NIS2 Directive: A Guide for OT Professionals appeared first on Waterfall Security Solutions.

]]> UAE Based Oil & Gas Refinery  https://waterfall-security.com/ot-insights-center/oil-gas/case-study-uae-based-oil-gas-refinery/ Tue, 09 Jan 2024 10:13:20 +0000 https://waterfall-security.com/?p=17367 How a UAE-based refinery was able to protect their legacy system to the extent it could safely be connected to the internet, IT networks, and the Cloud.

The post UAE Based Oil & Gas Refinery  appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterOil and GasUAE Based Oil & Gas Refinery 

UAE Based Oil & Gas Refinery 

Defending a refinery's legacy OT systems

UAE based oil and gas refinery
The Challenge icon
Customer:

arrow red right A Leading Oil & Gas refinery in Dubai, United Arab Emirates

The Challenge icon
Challenge:

arrow red right The refinery needed to maintain secure access to plant data while facing increased cyber threats on their ICS

arrow red right Their legacy Wonderware Historian (AVEVA System Platform) was out-of-support, requiring a Unidirectional Gateway solution that integrated seamlessly without modifications.

Waterfall solution - icon
Waterfall’s Unidirectional Security Gateway Solution:

arrow red right Offered native integration with Wonderware AVEVA System Platform.

arrow red right Waterfall’s R&D team customized the integration connector to work flawlessly with the out-of-support legacy system, avoiding any modifications.

arrow red right Provided a continuously updated replica of the Historian server on the commercial IT network, ensuring the actual production server remained isolated and data flowed one-way (From OT to IT).

Unidirectional security gateway instead of a data diode for a legacy wonderware historian server for OT

Click to enlarge
Results and benefits - icon
Results & benefits

arrow red right100% Secure OT Network: Unbreachable by remote cyber threats.

arrow red rightReal-time Data Visibility: Full and secure access to real-time production data.

arrow red rightLegacy System Unaltered: No modifications required to the customer’s legacy systems.

arrow red rightScalability: The refinery’s success led to them ordering additional Waterfall Unidirectional Security Gateways for further applications.

Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post UAE Based Oil & Gas Refinery  appeared first on Waterfall Security Solutions.

]]>