Resources

Blog

Industrial Cybersecurity and the Florida Water Supply Attack with Dale Peterson

Through the lens of the Florida water supply hack, Dale Peterson teaches how events like these remind us to take the necessary steps to maintain our cybersecurity. Founder and chair of S4 Events, Dale has been helping security professionals effectively and efficiently manage risk to their critical assets for over 15 years. https://open.spotify.com...
Blog

Steps for PCI DSS Gap Analysis

Complying with Standards drawn by the Payment Card Industry Security Standards Council can be complicated and time-consuming. But, with a PCI DSS Gap Analysis, the process becomes a lot easier, streamlined, and less exhaustive. PCI Gap Analysis is the first step towards the Compliance process. The assessment provides details on your current security...
Blog

N-Day Vulnerabilities: How They Threaten Your ICS Systems' Security

In the last quarter of 2019, researchers at ClearSky uncovered an attack operation that they dubbed the “Fox Kitten Campaign.” Iranian actors used this offensive to gain persistent access into the networks of dozens of companies operating in Israel and around the world across the IT, telecommunication, oil and gas, aviation, government and security...
Blog

Design & Implementation of OEM ICS Cybersecurity Frameworks: The Good, The Bad, and The Ugly

The cyber threat landscape today continues to pose a myriad of unique challenges. This is especially the case for industrial organizations due to factors such as aging equipment, poor design or implementation, skills gaps and a lack of visibility. These shortcomings are exacerbated by the mean time to breach detection, which continues to hover above...
Blog

A Checklist for Preparing for Your Organization's Next PCI Audit

Organizations cannot afford to neglect their PCI compliance obligations. According to its website, PCI could punish offending organizations with a monetary penalty ranging in value from $5,000 to $100,000 per month. These fines could spell the end for a small business. Acknowledging those consequences, organizations need to make sure they’re PCI...
Blog

Attacks Targeting ICS & OT Assets Grew 2000% Since 2018, Report Reveals

The digital threat landscape is always changing. This year is an excellent (albeit extreme) example. With the help of Dimensional Research, Tripwire found out that 58% of IT security professionals were more concerned about the security of their employees’ home networks than they were before the outbreak of coronavirus 2019 (COVID-19). Slightly fewer...
Blog

The Perimeter Really Is Gone - CIS Controls and COVID-19 with Tony Sager

Tony Sager, Senior Vice President and Chief Evangelist at CIS (Center for Internet Security) joins us to discuss the best approaches to the changing security landscape in the wake of COVID-19. Tony is a lifelong defender, with more than 44 years of experience. He spent most of his career at the NSA and now leads the development of the CIS Controls,...
Blog

Cybersecurity in Education (K-12) with the CIS Controls

Why is cybersecurity important to Education? Acknowledging recent reports of ransomware targeting educational institutions, it is no wonder that there have also been articles that attempt to lure in readers with “free” tools. What is disappointing is that these “free” tools are little more than marketing pieces that direct you to click on readily...
Blog

Results Speak Louder Than Words: A Guide to Evaluating ICS Security Tools

Why leveraging live environment simulations and putting ICS tools to the test is the best way to evaluate their fitness. Track and field was one of my favorite sports growing up. I didn’t begin competitively participating until I was a teenager, but I was instantly hooked once I started. Why? Because the clock didn’t lie. The tape measure didn’t lie...
Blog

Navigating ICS Security: Having your Action Plan Ready

Trust, respect, understanding. These are all two-way relationships that must be earned over time. Whilst someone being hired in a senior position will likely already have a certain level of each, part of your job is to continuously cultivate all three of these elements with colleagues no matter your grade. When working within a cybersecurity...
Blog

Navigating ICS Security: Best Practices for ICS Decision-Makers

As a security consultant, I’m not going into an environment to design and build an organization’s network from the ground up in most situations. For the majority of the time, I’m working with legacy environments where some old technologies might be phasing out and newer ones joining the mix of solutions. In the case of one environment I went to, for...
Blog

Introducing the New MITRE ATT&CK Framework for Industrial Control Systems

On January 7th, MITRE released ATT&CK for Industrial Control Systems, a taxonomy of real-world cyber adversarial behavior targeting ICS or industrial control systems. These systems operate critical infrastructure in manufacturing and utility industries, and they are popular targets in financial and espionage motivated attacks. Recent high-profile...
Blog

From Good to Great - Building on ICS Security Basics

Most industrial organizations are behind the curve when it comes to cybersecurity, facing mounting complexities like the IIoT, the skills gap and the IT/OT divide. But what about industrial organizations that are already taking steps in the right direction and need to know what awaits them on the horizon? What practical next steps can your...
Blog

Navigating ICS Security: The Value of Frameworks

Since the implementation of the General Data Protection Regulation (GDPR) on 25 May 2018, organizations and even private citizens have globally begun to re-assess what it means to ‘take security seriously’ and to better understand the massive difference between security and privacy. What you may not be familiar with is the Network and Information...
Blog

Navigating ICS Security: The Threat Landscape

Whilst working for a management consultancy, I learned a lot more about industrial control systems (ICS) than I ever imagined I would. In many cases, this wasn’t from working on them directly; it was from simply speaking to the technicians and reading documentation. Oftentimes, we have the false belief that our systems are safe from compromise...
Blog

Navigating ICS Security: Knowing the Basics

As we begin our new decade of the 2020s, we can look back at the last 30 odd years and examine the collaboration between technology and our daily lives. If you think of your day-to-day, it’s easy to see how much our society relies on technology. Consider our smart devices such as mobile phones, watches, even homes. However, what about the technology...
Blog

Verizon’s 2019 Payment Security Report – Not Just for PCI

If you are responsible for cybersecurity or data protection in your organization, stop what you are doing and read this report. Actually, first, go patch your servers and applications and then read this report. Much like Verizon’s Data Breach Investigations Report (DBIR), the Payment Security Report (PSR) is a must-read for security professionals. While it focuses on the PCI DSS standard and...
Blog

Lacking Direction to Address your ICS Cybersecurity Issues? Here’s What You Can Do

With more and more automation systems and industrial devices being connected to networks, raw data from every device can be transformed into a treasure chest of valuable information. Granted, this data can help to optimize the process, but with connectivity comes new ICS cybersecurity concerns. Connectivity opens previously air-gapped or physically isolated control networks to the world of cyber...
Blog

Strong Customer Authentication: A Vehicle for PCI-DSS Compliance

Payment services that operate electronically should adopt technologies that guarantees the safe authentication of the user and reduces, to the maximum extent possible, the risk of fraud. In order to achieve this, the European Union in 2007 passed the Payment Services Directive (PSD). The aim of this legislation is to regulate payment services and...
Blog

Ask the Experts: How IT and OT Can Collaborate in the Name of ICS Security

In a recent blog post for the State of Security, we asked security experts what they thought would make the biggest impact on the security of industrial control systems (ICS) in the next 5-10 years. They gave numerous answers, but perhaps the most frequent response was the ongoing IT-OT convergence in industrial organizations. Our experts felt that...