Mitigating Risk and High-Risk Vulnerabilities in Unsupported Operating Systems: BlueKeep Edition
How many times has a vendor released a critical cybersecurity patch for an operating system that is in “end of life” (EOL), or the lifecycle period where the vendor no longer issues patches for bug fixes, operational improvements and cybersecurity fixes free of charge? So if a vendor takes the ... Read More
Lacking Direction to Address your ICS Cybersecurity Issues? Here’s What You Can Do
With more and more automation systems and industrial devices being connected to networks, raw data from every device can be transformed into a treasure chest of valuable information. Granted, this data can help to optimize the process, but with connectivity comes new ICS cybersecurity concerns. Connectivity opens previously air-gapped or ... Read More
To Air-Gap or Not Air-Gap Industrial Control Networks
What is air-gapping, and why do we air-gap networks? What camp are you in? In the camp that believes in air-gaps, or the other set that says they truly do not exist? Air-gap networks are networks that are physically and logically isolated from other networks where communication between these networks ... Read More
Triton, BlackEnergy, WannaCry – Has Your Behavior Changed?
Hopefully the title of this blog has gotten your attention. In one of my prior blogs, ICS Cybersecurity: Visibility, Protective Controls, Continuous Monitoring – Wash, Rinse, Repeat, we talked about how the malicious threat landscape for industrial controls systems is constantly evolving and getting more sophisticated, thereby raising the need ... Read More
Carpet (IT) to Concrete (OT) – The Evolution of Internet-Based Malware
November 2, 2018, marked the 30-year anniversary of the Morris Worm. It seems the more things change, the more things stay the same. It’s a bit ironic that as more and more devices get connected to the Internet (~20 billion+ today versus ~60,000 in 1988), we are still susceptible to ... Read More
ICS Cybersecurity: Visibility, Protective Controls, Continuous Monitoring – Wash, Rinse, Repeat
As we have talked about in prior blogs, industrial cybersecurity is a journey. This is a journey that is never-ending, as control system technology advancements are adopting information technology (IT) and cloud-based solutions at a faster rate than ever before. At the same time, the threat landscape of malicious activity ... Read More
Visibility: An Essential Component of Industrial Cyber Security
As more and more devices are connected to the process control network, there are more and more risks related to potential impacts from industrial cyber security events, some of which may not even be targeted against industrial control systems (ICS). For instance, WannaCry ransomware actually shut down entire plants without ... Read More
