In today’s interconnected industrial landscape, where Operational Technology (OT) systems converge with digital networks, the potential for cyber threats looms large. Without a clear understanding of the likelihood and impact of these threats, it becomes challenging to allocate resources effectively and prioritize security investments. By quantifying Industrial Control System (ICS) risk, organizations can transform vague […]
Read more →
In the contemporary digital landscape, the security of supply chains has ascended to the forefront of concerns for industrial control systems (ICS). Cassie Crossley, Vice President for Supply Chain Security at Schneider Electric, sheds light on the comprehensive strategies and initiatives deployed to safeguard the supply chain against cyber threats. With an intricate web of […]
Read more →
The shift towards zero trust in industrial control systems (ICS) is driven by the increasing complexity and interconnectedness of these systems, as well as the growing threat of cyber attacks on critical infrastructure. Historically, trust has been assumed in ICS, with the long-term use of these assets and the presumption that the asset owners and […]
Read more →
Defending critical infrastructure environments requires 360-degree visibility into asset and network vulnerabilities Vulnerability management teams often face difficulties in patching all of their systems on a timely basis. This is true for traditional OT devices such as HMIs, PLCs, etc. But it is also very true in sensitive IT-like environments such as pharmaceutical labs or […]
Read more →
From a deadly pandemic to a World Expo, this month certainly experienced its fair share of world-shifting events. Here is a list — and timeline — of the major events that happens in October around the globe and what’s in it for the Industrial IoT & ICS Cybersecurity community across manufacturing, infrastructure & Energy. UAE, […]
Read more →
The NTIA (National Telecommunications and Information Administration) recently published the minimum elements for a Software Bill of Materials (more commonly known as SBOM). The document can be viewed HERE. What is an SBOM? – Definition of an SBOM An SBOM (Software Bill of Materials) is a formal record containing the details and supply chain relationships of […]
Read more →
Joe Saunders, CEO of RunSafe Security, recently hosted a panel discussion on Monitoring Open Source Software in SAAS Infrastructure. His panel included business leaders in the software, technology, and security sectors: Jonathan B Fishbeck, Founder and CEO of EstateSpace, LLC, a Managed Security Services Provider (MSSP) that helps people reduce risk, retain property assets, and protect […]
Read more →
In September 2016, the Mirai malware cyberattack shook the IoT world with a DDoS attack model that infected over 600,000 IoT devices. Such attacks on network-attached devices and IoT devices continue to increase exponentially. With the IDC predicting that there will be 41.6 billion connected IoT devices, generating 79.4 zettabytes (ZB) of data by 2025, the […]
Read more →
Vulnerability Management in OT or ICS cyber security is a challenge, but with an actionable strategy and existing IT/ OT cyber security tools, we can make a significant difference. What is OT/ICS vulnerability management? Vulnerability management in OT/ICS security is the process of identifying, evaluating, treating and monitoring/reporting on software insecurities and misconfigurations of endpoints. […]
Read more →
Recently, the Russia-based hacking group REvil, attacked the Florida-based software company Kaseya Ltd. If you’re not familiar with Kaseya, they provide network and security management services for small to medium-sized businesses (SMBs), not unlike what SolarWinds offers for large businesses. So this is yet another attack taking advantage of poor software security at companies that […]
Read more →
A SolarWinds-style cyberattack happened back in in 2013-14 that affected big government agencies and thousands of companies. What should we have learned from the Dragonfly/HAVEX attack? Software Infiltration A cyberattack group called Dragonfly attacked power plants and industrial sites, employing a very similar tactic to SolarWinds. “The technique of injecting into a supply chain is […]
Read more →
All critical infrastructure is under cyber attack, all the time. The attack on the Oldsmar, FL water supply is a good example. And it’s getting worse; vulnerability to cyber attack is increasing as the embedded devices controlling these critical infrastructures become more connected. The DevOps approach to software development offers an antidote—an opportunity to embed run-time […]
Read more →Virtual Conference with Regeneron & HighByte | Nov 5 • 10 AM ET