Blog

Blog

N-Day Vulnerabilities: How They Threaten Your ICS Systems' Security

In the last quarter of 2019, researchers at ClearSky uncovered an attack operation that they dubbed the “Fox Kitten Campaign.” Iranian actors used this offensive to gain persistent access into the networks of dozens of companies operating in Israel and around the world across the IT, telecommunication, oil and gas, aviation, government and security...
Blog

Design & Implementation of OEM ICS Cybersecurity Frameworks: The Good, The Bad, and The Ugly

The cyber threat landscape today continues to pose a myriad of unique challenges. This is especially the case for industrial organizations due to factors such as aging equipment, poor design or implementation, skills gaps and a lack of visibility. These shortcomings are exacerbated by the mean time to breach detection, which continues to hover above...
Blog

Attacks Targeting ICS & OT Assets Grew 2000% Since 2018, Report Reveals

The digital threat landscape is always changing. This year is an excellent (albeit extreme) example. With the help of Dimensional Research, Tripwire found out that 58% of IT security professionals were more concerned about the security of their employees’ home networks than they were before the outbreak of coronavirus 2019 (COVID-19). Slightly fewer...
Blog

Results Speak Louder Than Words: A Guide to Evaluating ICS Security Tools

Why leveraging live environment simulations and putting ICS tools to the test is the best way to evaluate their fitness. Track and field was one of my favorite sports growing up. I didn’t begin competitively participating until I was a teenager, but I was instantly hooked once I started. Why? Because the clock didn’t lie. The tape measure didn’t lie...
Blog

Navigating ICS Security: Having your Action Plan Ready

Trust, respect, understanding. These are all two-way relationships that must be earned over time. Whilst someone being hired in a senior position will likely already have a certain level of each, part of your job is to continuously cultivate all three of these elements with colleagues no matter your grade. When working within a cybersecurity...
Blog

Navigating ICS Security: Best Practices for ICS Decision-Makers

As a security consultant, I’m not going into an environment to design and build an organization’s network from the ground up in most situations. For the majority of the time, I’m working with legacy environments where some old technologies might be phasing out and newer ones joining the mix of solutions. In the case of one environment I went to, for...
Blog

Introducing the New MITRE ATT&CK Framework for Industrial Control Systems

On January 7th, MITRE released ATT&CK for Industrial Control Systems, a taxonomy of real-world cyber adversarial behavior targeting ICS or industrial control systems. These systems operate critical infrastructure in manufacturing and utility industries, and they are popular targets in financial and espionage motivated attacks. Recent high-profile...
Blog

From Good to Great - Building on ICS Security Basics

Most industrial organizations are behind the curve when it comes to cybersecurity, facing mounting complexities like the IIoT, the skills gap and the IT/OT divide. But what about industrial organizations that are already taking steps in the right direction and need to know what awaits them on the horizon? What practical next steps can your...
Blog

Navigating ICS Security: The Value of Frameworks

Since the implementation of the General Data Protection Regulation (GDPR) on 25 May 2018, organizations and even private citizens have globally begun to re-assess what it means to ‘take security seriously’ and to better understand the massive difference between security and privacy. What you may not be familiar with is the Network and Information...
Blog

Navigating ICS Security: The Threat Landscape

Whilst working for a management consultancy, I learned a lot more about industrial control systems (ICS) than I ever imagined I would. In many cases, this wasn’t from working on them directly; it was from simply speaking to the technicians and reading documentation. Oftentimes, we have the false belief that our systems are safe from compromise...
Blog

Navigating ICS Security: Knowing the Basics

As we begin our new decade of the 2020s, we can look back at the last 30 odd years and examine the collaboration between technology and our daily lives. If you think of your day-to-day, it’s easy to see how much our society relies on technology. Consider our smart devices such as mobile phones, watches, even homes. However, what about the technology...
Blog

Lacking Direction to Address your ICS Cybersecurity Issues? Here’s What You Can Do

With more and more automation systems and industrial devices being connected to networks, raw data from every device can be transformed into a treasure chest of valuable information. Granted, this data can help to optimize the process, but with connectivity comes new ICS cybersecurity concerns. Connectivity opens previously air-gapped or physically isolated control networks to the world of cyber...
Blog

Forensics in the Cloud: What You Need to Know

Cloud computing has transformed the IT industry, as services can now be deployed in a fraction of the time that it used to take. Scalable computing solutions have spawned large cloud computing companies such as Amazon Web Services (AWS), Google Cloud and Microsoft Azure. With a click of a button, personnel can create or reset entire infrastructure...
Blog

Ask the Experts: How IT and OT Can Collaborate in the Name of ICS Security

In a recent blog post for the State of Security, we asked security experts what they thought would make the biggest impact on the security of industrial control systems (ICS) in the next 5-10 years. They gave numerous answers, but perhaps the most frequent response was the ongoing IT-OT convergence in industrial organizations. Our experts felt that...
Blog

Ask the Experts: What Will Have the Greatest Impact on ICS Security in the Next 5-10 Years?

As we noted in August 2018, industrial control system (ICS) security has become more complicated since the introduction of the web. Organizations are now bringing together the logical and physical resources of both information technology (IT) and operational technology (OT). This creates various ICS security challenges, including how each team must...
Blog

Using Visibility to Navigate the Evolving Role of ICS Security

The current security state of industrial control systems (ICS) is a perplexing one. On the one hand, Kaspersky Lab found in a recent report that a majority of organizations (75 percent) regard ICS security as a major priority. On the other hand, organizations aren’t implementing the proper safeguards to secure their industrial control systems. The...
Blog

Apple To Add New Security Alerts Following iCloud Hack

In response to the recent debacle that exposed multiple celebrities by hackers breaking into their personal Apple accounts and leaking private images on the web, Apple has stated it plans to launch additional security alerts warning users of possible intrusion.