Industrial Control Systems Cybersecurity Blog

Industrial Control Systems Cybersecurity Blog

See the latest industrial control systems cybersecurity news and views from the Industrial Defender team.

Search
Generic filters

How to Establish Defense in Depth for Building Automation Systems

Establishing defense in depth to protect building management systems is critical, but tensions over cybersecurity between IT and Facilities can hinder cooperation.

TAP vs. SPAN in OT Environments

Access points for network visibility in OT environments are SPAN ports or network TAPs. Learn the differences between the two and when to use one over the other.

,

Webinar: What’s Hiding in Your Software? How SBOMs Reduce Supply Chain Risk

Learn how to read and understand a Software Bill of Materials (SBOM) to implement data-driven decisions around supply chain risk reduction.

What’s Behind Weak Smart Building Cybersecurity? People, Process & Technology Challenges

Weak smart building cybersecurity comes from increased connectivity and complex human factors which create a perfect storm of people, process and technology challenges.

The Expanding Cyber Threat Landscape in Smart Buildings

The expanding cyber threat landscape in building management systems makes them vulnerable to attack. This problem is widespread, mission-critical, and demands attention.

A Risk-Based Approach to Cybersecurity Without Cyber Hygiene Is a Fool’s Errand

A risk-based approach to cybersecurity without basic cyber hygiene is a fool’s errand because one cannot exist without the other.

Creating a Threat-Informed Defense with the MITRE ATT&CK for ICS Matrix

Using a real-life threat scenario, learn how to leverage diverse data collection methods to create a threat-informed defense with the MITRE ATT&CK for ICS Matrix.

,

Webinar: Are You Using MITRE ATT&CK for ICS Correctly?

Learn how ICS asset owners can leverage diverse data collection methods to create a threat-informed defense using the MITRE ATT&CK for ICS Matrix.

An Overview of CISA’s ICSA-21-056-03 Advisory for Rockwell Automation Logix Controllers

On February 25, 2021, the Cybersecurity and Infrastructure Security Agency (CISA) released ICS Advisory ICSA-21-056-03 related to vulnerabilities in Rockwell Automation Logix Controllers.

,

Industrial Defender and Technomak Partner to Secure Critical Infrastructure in the Middle East

Organizations in the Middle East will benefit from Industrial Defender’s comprehensive OT security and compliance platform as part of Technomak’s award-winning engineering services.

How a Security by Design Approach Might Have Stopped the Florida Water Facility HMI Attack

How using a security by design approach could have lessened the severity of the attack on the Florida water treatment facility or even prevented it altogether.

Summary of NERC CIP Requirements

A summary of NERC CIP requirements in Haiku poetry format, as an aid to remembering the subject area for each requirement.

Why Passive Network Monitoring Isn’t Truly “Passive”

The reasons why OT passive monitoring solutions are not truly passive and alternative cybersecurity and compliance technologies to consider.

,

Industrial Defender Launches ASM CopilOT Service™ to Address Cybersecurity Talent Shortage for Critical Infrastructure Companies

ASM CopilOT™ provides a specialized team of analysts to summarize security issues and recommend best practices, allowing internal teams to focus on strategic initiatives.

Florida Water Treatment Plant Hit With Cyber Attack

A recent cyber attack on a Florida water treatment plant further reinforces the need for proactive cybersecurity measures at critical infrastructure facilities.

What Is NERC CIP: The Ultimate Guide

An overview of how the National Electric Reliability Council (NERC) came into existence and why CIP requirements have changed over the years

Managing Cybersecurity for Renewable Energy Resources

To address the climate crisis, the Biden Administration launched a major effort to expand renewable energy resources. Cybersecurity for these new additions to the grid will be critical.

How to Approach IoT Cybersecurity for Smart Buildings

IT and facility management teams must consider people, process and technology when addressing cybersecurity risks from the IoT in smart buildings.

,

Industrial Defender Establishes IT-OT Integration Lab to Virtually Research, Develop and Evaluate ICS Cybersecurity Technologies

The IT-OT Integration Lab eliminates traditional physical and economic barriers to experiencing ICS security technologies for Industrial Defender’s end users and trusted partners.

,

Webinar: Prioritizing Risk Mitigations for Renewable Energy Assets

This learning session will teach you how to perform an accurate cost/benefit analysis using OT asset data to prioritize risk remediations for renewable energy projects.

,

Industrial Defender and aDolus Partner to Secure ICS Supply Chain with Independent File Validation

aDolus and Industrial Defender announce a partnership to mitigate the risk of supply chain attacks in ICS environments.

What Does the National Maritime Cybersecurity Plan Mean for the MTS?

The National Maritime Cybersecurity Plan highlights the role of the MTS in national security and the supply chain and the need to keep it cyber resilient.

What Does the SolarWinds’ Sunburst Backdoor Mean for ICS?

While SolarWinds’ Sunburst backdoor is primarily an “IT problem”, what does it mean for ICS and supply chain security?

MITRE ATT&CK for ICS Matrix: What It Is and How Its Used

The MITRE ATT&CK for ICS Matrix helps security teams make their overall risk discussion more meaningful. This primer discusses what it is and how it’s used.

Cold Chain Cybersecurity Critical for Effective COVID-19 Vaccine Distribution

With the COVID-19 vaccine distribution right around the corner, it’s critical for stakeholders throughout the cold chain to put cybersecurity protections in place for refrigeration facilities.

Feature Focus: Building Management System (BMS) Security and Risk Monitoring

Preview threat detection features we’ve built into the ASM for building management systems (BMS), including risk scoring, security monitoring and network analytics.

,

Industrial Defender and FoxGuard Solutions Team Up to Transform Patch and Vulnerability Management for OT Security Teams

This partnership combines Industrial Defender’s depth and breadth of asset data collection with FoxGuard’s ability to report, acquire, validate and deploy vendor-approved patch and vulnerability information.

A Guide to Preventative and Detective Controls for NERC CIP-013 Compliance

The NERC CIP-013 standard addresses cyber threats to the Bulk Electric System (BES) that come from third party vendors in the supply chain.

Top 5 ICS Security Best Practices

Industrial control systems (ICS) are the heart of our world’s critical infrastructure and must be protected. These are 5 ICS security best practices to consider.

,

Industrial Defender and Waterfall Security Solutions Partner to Safely Transmit Cybersecurity Data in Operational Technology Environments

This partnership combines Industrial Defender’s deep expertise in operational technology (OT) data collection and normalization with Waterfall’s industry-leading Unidirectional Gateways to secure OT environments.

Feature Focus: Asset Risk Scoring Methodology & Netflow Application

Preview the new asset risk scoring and Netflow features in Industrial Defender ASM 7.3. Each OT endpoint automatically receives an overall asset risk score calculated using threat vectors including security events, compliance status, vulnerabilities and health. The methodology we use is completely transparent and allows users to choose the threat vectors that matter most to them. Our Netflow app lets you drill into asset status and communications at a glance to better understand your passive network monitoring data.

How to Apply the NIST Cybersecurity Framework in ICS

The NIST Cybersecurity Framework is the most popular framework in use today. Learn how to apply the NIST CSF in ICS environments and demonstrate cyber risk reduction.

Establishing OT Cybersecurity Fundamentals with the 20 CIS Controls

The 20 CIS Controls help security practitioners build the foundation of a sound OT cybersecurity program. Learn what these controls are and how they can benefit you.

Making Smarter Risk Management Decisions with OT Endpoint Data

Industrial control system environments pose unique risk management challenges. Having accurate OT endpoint data is critical to make smarter decisions.

4 Benefits of Implementing a Cybersecurity Solution for Building Management Systems

Cyber threats and vulnerabilities in critical building management systems are increasing every year. Learn why you should implement a cybersecurity solution.

,

Industrial Defender Strengthens OT Asset Anomaly Detection Platform and Assisted Passive Network Monitoring Engine to Automate Risk Quantification and Reporting

Industrial Defender announces enhancements to their ASM product, including automated risk scoring for operational technology (OT) assets, new Assisted Passive Monitoring (APM) technology, and simplified executive-level NIST CSF reporting.

CodeMeter Vulns: Why Complete Software Inventory Data Is Critical for ICS

CodeMeter is a software licensing program that is a critical component to the operation of many ICS. Severe vulnerabilities were recently found in this program.

,

Industrial Defender Announces Strategic Partnership with DeNexus

Industrial Defender and DeNexus announce a strategic partnership to mitigate cybersecurity risk in mission-critical networks across the world.

CVE-2020-1350 “Wormable” Flaw in Microsoft Windows Server Could Cause Major Issues for ICS/OT World

Every Microsoft Windows Server OS back to 2003 is impacted by CVE-2020-1350. Even worse, it’s being a called a “wormable” flaw, meaning it can transmit system to system all by itself. No emails, no user interaction, just good old fashioned TCP/IP.

Video: How To Monitor High-Value OT Assets in Microsoft Power BI

Learn how to leverage Microsoft Power BI and Industrial Defender for executive level dashboarding, high-value asset identification and enhanced insight into OT operations.