Category Archives: Cybersecurity

Stop Downplaying Threats to Critical Infrastructure

It has been an incredibly busy three months in the world of Industrial Control Systems/Critical Infrastructure cybersecurity. A drop in the bucket for what we've become used to in the world of IT security - but incredibly noisy for this space – and an alarming precursor for what will come. Yes, we chose “will” come…
Read more

Industrial Cyber Security: Why IT & OT collaboration is no longer an option but a necessity

Since the mid-1990s, many industrial companies have interconnected their industrial control systems (ICSs) to improve productivity, maintenance, and safety in the operational environment. Some of this interconnectivity was to  the Internet.  While, this connectivity helped to improved the efficiency, security was at best a minimal consideration. The lack of adequate security planning has resulted in…
Read more

Thoughts on the on-going global cyber attacks as they affect ICSs

For many years, there have been warnings about the cyber vulnerability of multiple infrastructures world-wide. Yet, those warnings are still not being adequately addressed.  In 2004, the Idaho National Laboratory (INL) provided a glimpse of what we’re seeing today with CrashOverride, etc. As a demonstration for the 2004 ICS Cyber Security Conference, the white hat…
Read more

How will ICS cybersecurity standards be impacted by IIoT?

There has been quite a bit of discussion and speculation about the potential impact of the Industrial Internet of Things (IIoT) on the development, deployment, and operation of industrial control systems (ICS). Predictions have ranged from “Nothing changes” to “It will turn everything that we do on its head.” As is usual in situations like…
Read more

Securing Industrial IoT: There is no simple answer

There are lots of terms thrown around these days, such as: Internet of Things (IoT), Industrial Controls Systems (ICS), Operational Technology (OT). What this means is that there are billions of interconnected consumer devices and industrial systems, not running a traditional computer operating system. This number dwarfs the number of traditional computer systems and it…
Read more

Addressing the Threat of Ransomware

Recently there was a global ransomware cyberattack as never seen before. This single attack affected more than 200 000 computers and wreaked havoc on financial institutions, healthcare organizations and transportation to name just a few. This is the kind of attack that utilities and other critical infrastructure operators must guard against. "To put the problem…
Read more

The Industrial Internet of Things & Network Security: A Desperate Need for Standards

Just about everything is connected: from cell phones and wearable devices to cars, refrigerators and industrial equipment. IT experts have long recognized this global connectivity will only continue to skyrocket. Connectivity adds convenience to our jobs. It is almost expected that employees will use BYOD devices such as laptops, smart phones and tablets to communicate. But…
Read more

CEO Insights: Four major challenges in protecting ICS from cyber attacks

As part of the CEO Insights Series, IIoT World's Managing Editor, Lucian Fogoros, interviews Indegy's CEO, Barak Perelman, about the major challenges in protecting ICS from cyber attacks and the best defenses against cyber threats in Industrial Internet of Things era. Lucian Fogoros: What are the major challenges in protecting ICS from cyber attacks? Barak…
Read more

The impact of WannaCry on industrial control systems (ICS)

As the WannaCry ransomware (MS17-010) has spread globally in the last 24 hours and severely impacted the National Health System and locked hospital workers out of critical healthcare patient data,  Brad Hegrat, IOActive’s Director of Advisory Services, explains the impact of WannaCry on industrial control systems (ICS).   A few weeks ago back in mid-March (2017), Microsoft…
Read more

Using DNS to Defend Against IoT Botnets

Sometimes cyberattacks come from a direction you weren’t really expecting. We all know about threats from ransomware, nation-state actors, industrial espionage, or hacker collectives looking for personally-identifiable information (particularly for credit cards). But we probably weren’t expecting our sites and services to be collateral damage in a small but nasty war in the world of…
Read more

2017 – the “silence before the storm” when it comes to ICS breaches

Cyberespionage is now the most common type of attack seen in manufacturing, the public sector and now education, warns the Verizon 2017 Data Breach Investigations Report, which was published a week ago. Much of this is due to the high proliferation of propriety research, prototypes, and confidential personal data, which are hot-ticket items for cybercriminals.…
Read more

CEO IIoT Insights: How can you secure what you cannot see in an industrial enterprise?

As part of the CEO IIoT Insights Series, IIoT World's Managing Editor, Lucian Fogoros, interviews the CEO of PAS, Eddie Habibi, about cybersecurity risks facing industrial companies in IIoT era. Lucian Fogoros: How would you characterize the extent of the cybersecurity and technological risks currently facing industrial companies? Eddie Habibi: Companies are flying blind when…
Read more

Two Reasons for the ICS Cybersecurity Deficiency

When it comes to industrial cybersecurity; governments know they need to improve it, industry knows it needs to better understand it, and system integrators/automation vendors know they need to offer it. If you fall within any of these categories, ask yourself “What’s your industrial cybersecurity strategy for 2017?” The truth is that while the need…
Read more

A solution to keep water clean from cyber attacks

The primary source for cyber risks in water and waste management facilities comes from the use of wide-area-networks (WANs) for monitoring and the collection of data. A typical water site has two primary WAN connections: One to the corporate network, and through that network to the Internet, and customers, partners and vendors. The other WAN is connected…
Read more

ICS Security Lags In U.S. Oil And Gas Industry

A research from the Ponemon Institute finds digitalization in U.S. Oil and Gas operations is seriously outpacing cybersecurity measures and that’s creating an undeniable risk to operational security. In “The State of Cybersecurity in the Oil & Gas Industry: United States,” released in March, 68% of those surveyed said their operations have had at least one security…
Read more

$40 Million Investment for ICS Cybersecurity

PAS, the leading provider of industrial control system (ICS) cybersecurity, process safety, and asset reliability solutions for the energy, power, and process industries, today announced a $40 million growth investment by Tinicum, L.P. and certain affiliated funds managed by Tinicum Incorporated (“Tinicum”). This funding round will expand PAS sales and marketing across its global offices…
Read more