NERC CIP-007 R2: Why Is Patch Management So Hard & What Can We Do About It
An illustration of why it’s so difficult to comply with the patch management requirements in NERC CIP-007 R2 and what you can do to make it easier. …
Addressing Pipeline Cybersecurity Regulations: Lessons from NERC CIP
The Colonial Pipeline attack reflects weak pipeline cybersecurity. The NERC CIP consequence-driven analysis model provides a model for potential pipeline security regulations. …
A Risk-Based Approach to Cybersecurity Without Cyber Hygiene Is a Fool’s Errand
A risk-based approach to cybersecurity without basic cyber hygiene is a fool’s errand because one cannot exist without the other. …
Creating a Threat-Informed Defense with the MITRE ATT&CK for ICS Matrix
Using a real-life threat scenario, learn how to leverage diverse data collection methods to create a threat-informed defense with the MITRE ATT&CK for ICS Matrix. …
How a Security by Design Approach Might Have Stopped the Florida Water Facility HMI Attack
How using a security by design approach could have lessened the severity of the attack on the Florida water treatment facility or even prevented it altogether. …
Why Passive Network Monitoring Isn’t Truly “Passive”
The reasons why OT passive monitoring solutions are not truly passive and alternative cybersecurity and compliance technologies to consider. …
What Does the SolarWinds’ Sunburst Backdoor Mean for ICS?
While SolarWinds’ Sunburst backdoor is primarily an “IT problem”, what does it mean for ICS and supply chain security? …
A Guide to Preventative and Detective Controls for NERC CIP-013 Compliance
The NERC CIP-013 standard addresses cyber threats to the Bulk Electric System (BES) that come from third party vendors in the supply chain. …
Establishing OT Cybersecurity Fundamentals with the CIS Controls
The CIS Controls help security practitioners build the foundation of a sound OT cybersecurity program. Learn what these controls are and how they can benefit you. …
Making Smarter Risk Management Decisions with OT Endpoint Data
Industrial control system environments pose unique risk management challenges. Having accurate OT endpoint data is critical to make smarter decisions. …