Some of the highlights we discussed about NIS2:

 From NIS to NIS2: Tracing the journey of how the NIS was transposed into law and highlighting the novelties introduced in NIS2.

NIS2 Deep Dive: We explain the NIS2 Directive’s implications for OT cybersecurity.

Real-World Applications: How to apply NIS2 guidelines in diverse OT scenarios, using IEC63452 and NCCS as examples.

Risk Management Strategies: Examples of effective strategies to mitigate risks in OT environments, ensuring compliance with NIS2.

As 2023 winds down, it’s only natural to take stock of what’s happened and plan to make things better in the next year.

For those of us who live and breathe OT or ICS cybersecurity, what better way to end the year than with an in-depth look at the most novel, notorious and impactful cyber incidents on critical infrastructure, industrial controls systems, and physical operations around the globe.

In this webinar, Rees Machtemes takes us through:

What happened in 2023?

How did this year’s incidents compare with the past?

What does this tell us about what we expect in the near future?

Rees then expands upon and explains some of this past year’s developments in regards to the best ways to prevent such OT/ICS related incidents from happening in 2024 and onward.

Watch Now>>

In this webinar, we announced my new book Engineering-Grade OT Security: A manager’s guide, and got into the details of the question posed in the book:  “How much is enough?” when a cyber attacks that can impact physical operations.

The answer to that question very much depends on consequences – small shoe factories are not at all the same as a passenger rail switching systems.

Some topics of the book we discussed included:

 Engineering-grade protections that are unique to the OT space, mainly drawn from safety engineering,

 Network engineering techniques to prevent attacks from pivoting into safety-critical or reliability-critical systems.

 A new model for cyber risk that makes it easier to answer the question “how much is enough?” for different kinds of systems.

And we finished off by answering that key question head-on. We looked at legal and professional obligations that dictate where engineering-grade and where IT-grade solutions must be used. We walked through how to decide how much engineering-grade, IT-grade and even insurance-type protections are justified for different types of threats – network-based vs. insider vs. supply chain vs. removable media.

We also looked at how to communicate these decisions through layers of management where messages might otherwise get lost or misinterpreted.

Watch Now>>

In the webinar, I introduced network engineering in the context of Cyber-Informed Engineering (CIE) with examples including:

• Consequence boundaries
• The EPRI IIoT methodology
• Analog signalling
• Unidirectional gateways
• IT/OT dependencies
• Data abstraction

Listen in >>

Our Webinar with Andrew Ginter of Waterfall Security Solutions and Bill McEvoy of AVEVA covered many facets of the growing inter-connectivity within the electric utilities industry, and how securing that connectivity is vital for enabling it. 

Some of the main topics discussed throughout the webinar included:

• New tools and approaches for digitization, innovation and cost savings.
• New cyber threats and regulations.
• New engineering-grade solutions for cyber threats to OT systems.
  
  

Listen in >>

We covered many facets of the threat report in the webinar. One key takeaway was the urgent need to separate OT and IT services so that infrastructure and industrial operations can continue to operate even when IT networks might be compromised.