Industrial Control Systems Cybersecurity Blog

Industrial Control Systems Cybersecurity Blog

See the latest industrial control systems cybersecurity news and views from the Industrial Defender team.

How to Centralize OT Security Data in a SIEM

Security information and event management, or SIEM, refers to a set of tools which aid detection and response efforts by centralizing security data. Here’s how to incorporate the information from your OT environments to reduce MTTR.

Satellite Cybersecurity Act of 2022 Highlights Growing Importance of Satellite Networks in Critical Infrastructure

The Satellite Cybersecurity Act of 2022 would direct CISA to outline, consolidate, and clarify cybersecurity recommendations for satellite operators and reflects the growing importance satellite networks play in critical infrastructure.

OT Vulnerability Management: A Deep Dive

OT vulnerability management is the process of systematically mitigating exploitable weaknesses within industrial control systems. We explore what that means and strategies to achieve this efficiently.

PHMSA Fines Colonial Pipeline Almost $1 Million, Citing Failure to Adequately Plan for Manual Restart

The US DoT’s Pipeline and Hazardous Materials Safety Administration (PHMSA) issued a Notice of Probable Violation (NOPV) and Proposed Compliance Order to Colonial Pipeline Company for close to $1 million almost exactly one year after crippling ransomware attack.

What Impact Will the Proposed SEC Cybersecurity Rules Have on Public Companies?

In March of 2022, the Securities and Exchange Commission (SEC) proposed rules requiring the reporting of cybersecurity incidents and disclosure of cyber mitigation strategies for public companies.

OT Cybersecurity: The Ultimate Guide

As digital transformation fuses information technology (IT) with operational technology (OT), it has become critical for cybersecurity teams to implement best practices to protect OT systems from cyberattacks.

CISA, DOE, NSA and FBI Release Joint Cybersecurity Advisory on APT Cyber Tools Targeting ICS/SCADA Devices

On April 13, 2022, the DOE, CISA, NSA, and FBI released a joint Cybersecurity Advisory, AA22-103A, warning of an advanced persistent threat (APT) targeting ICS/SCADA devices.

FBI’s Internet Crime Report Discloses 3,700+ Ransomware Attacks in 2021

The FBI’s Internet Crime Complaint Center (IC3) just released their 2021 Internet Crime Report with key ransomware statistics. Here’s what they found.

White House Urges Private Companies to Strengthen Cybersecurity, Citing Intelligence on Escalating Cyberthreats

The Biden White House has warned private sector companies to strengthen their cybersecurity practices, citing intelligence reports indicating that Russia is looking at options for cyberattacks against the United States.

Massive DDoS Attack Hits Israel

Today, Israel was hit with a massive DDoS attack, affecting many government sites. The Health, Interior, and Justice Ministries were targeted specifically, and many are openly speculating that Iran was behind the attack.

If You’re Reading This, You’re at War

There are many proof points that critical infrastructure is the front line for the cyber war. Critical infrastructure is not a soft target, just the most valuable one. The time to be bold about our cyber defenses is now.

Russia Has 400,000 Software Developers – What Does That Mean for the West?

If the Russia-Ukraine conflict continues to escalate and Russia becomes a pariah state, a concerning possibility is that unemployed software talent may turn to one of Russia’s most lucrative exports – ransomware blackmail gangs.

Shields Up: 6 Actions to Fortify Your OT Security

CISA has issued a “Shields Up” alert encouraging organizations increase their cybersecurity focus. Here are 6 actions to take now to prevent or detect a potential cyberattack on your OT systems.

Combining Splunk with Industrial Defender Will Provide You with the Most Comprehensive View into Your NIST CSF Risk Exposure

Sending all your cybersecurity data to a single facility (Splunk) will provide you with the most complete view of OT assets across your company, especially when it comes to NIST CSF.

Why Do Ransomware Gangs Target Private Equity Portfolio Companies?

As ransomware attacks continue to increase against critical infrastructure, private equity firms must evaluate cyber risk for target industrial portfolio companies as part of the standard due diligence process. Here are 3 tips to strengthen the cybersecurity of your assets.

Leveraging Compliance with the ISA/IEC 62443 Standard for ICS

To combat threats like ransomware, organizations must centralize detection and response efforts, but EDR/MDR solutions are not a good fit for operational technology. Learn about an EDR/MDR alternative for OT systems.

CVE-2021-44228 – Industrial Defender update on log4j

Learn about the log4j vulnerability from Industrial Defender’s security and R&D teams, including how to detect it in your own OT environment.

3 Tips for Rail Operators to Get Started with ICS Cybersecurity

To keep passengers and crew safe, transportation organizations must implement preventative cybersecurity measures to avoid cyberattacks. Here are 3 tips to get rail operators started with ICS security.


How to Create an EDR/MDR Alternative for OT Systems

To combat threats like ransomware, organizations must centralize detection and response efforts, but EDR/MDR solutions are not a good fit for operational technology. Learn about an EDR/MDR alternative for OT systems.

NERC CIP-007 R2: Why Is Patch Management So Hard & What Can We Do About It

An illustration of why it’s so difficult to comply with the patch management requirements in NERC CIP-007 R2 and what you can do to make it easier.

NIST Releases Draft of Cybersecurity Framework Profile for Ransomware Risk Management

NIST has released a new draft of the NISTIR 8374 Cybersecurity Framework Profile for Ransomware Risk Management which provides updated guidance for preventing and recovering from ransomware.

Cyber Incident Reporting for Critical Infrastructure Act Signed Into Law

The U.S. House Homeland Security Committee has introduced the Cyber Incident Reporting for Critical Infrastructure Act of 2021, which would require critical infrastructure firms to disclose cybersecurity incidents to CISA within 72 hours of discovery.

An Overview of the Proposed Revisions to NERC CIP-004 and CIP-011

Proposed revisions to two NERC CIP standards have been submitted to the Federal Energy Regulatory Commission (FERC) for consideration. The two affected standards are CIP-004 and CIP-011.

A Guide to NIS Directive Compliance

Learn what the NIS Directive is, who it applies to, potential penalties for non-compliance and best practices for complying with the Directive.

NERC CIP Checklist for Identification and Categorization of BES Cyber Assets

NERC CIP 002-5.1a can be divided into three steps: identify systems, inventory assets, categorize risk. This can serve as a helpful model for approaching and maintaining compliance.

Webinar – Why Hasn’t SOAR Taken Off in OT?

Learn how to enable SOAR in your OT environment and gain access to contextual asset data in this webinar featuring Splunk.

Asset Visibility vs. Asset Management

Combining asset visibility and asset management results in robust asset awareness. Each is a distinct concept but relies upon the other to be effective.

How Contextual Asset Data Makes SOAR Possible in OT Environments

SOAR technologies are used to automate parts of the security investigation process, and access to the right contextual data is vital when using these tools in operational technology (OT) environments.

7 Questions to Ask When Choosing an OT Cybersecurity Solution

Matching individual needs with a specific OT cybersecurity solution is difficult. These seven questions will help inform the search for an OT cybersecurity solution.

How Quality Data Builds the Foundation for Machine Learning in Cybersecurity

Machine learning mimics the way humans make decisions using data and algorithms. Feeding the proper data to ML algorithms can help companies avoid falling victim to cyberattacks.

How to Ask Your CISO for OT Cybersecurity Budget

Tips for how operational technology (OT) engineers can engage with CISOs to make a strong case for their OT cybersecurity budget.

Defending the Industrial Internet of Things

The Industrial Internet of Things is creating a merging of OT and IT systems, leading to an increase in vulnerabilities and a greater need for asset monitoring and threat detection.

Understanding the Importance of Operational Technology Security in the Maritime Industry

Maritime operations are a critical aspect of national and global economies. The maritime sector must start educating themselves about operational technology security to prevent potential impacts from a cyber incident.

How to Navigate Operational Technology (OT) Cybersecurity in Port Environments

Learn how to manage the complexities of connected OT systems and their cybersecurity needs in port and marine environments.

Using the NIST CSF Security Controls to Prevent and Recover from Ransomware

How applying the Five Functions of NIST CSF, Identify, Protect, Detect, Respond, and Recover, can help organizations prevent or recover from a ransomware attack.

Colonial Testimony Highlights Importance of Asset Awareness

Testimony from CEO Joseph Blount shows that limited asset knowledge allowed for the ransomware exploit and constrained the company’s response.

Addressing Pipeline Cybersecurity Regulations: Lessons from NERC CIP

The Colonial Pipeline attack reflects weak pipeline cybersecurity. The NERC CIP consequence-driven analysis model provides a model for potential pipeline security regulations.

Webinar – Breaking Down TSA’s Cybersecurity Requirements for Pipeline Operators: What to Do Now

Learn what pipeline operators should do now to deal with this new Security Directive and satisfy TSA’s Pipeline Security Guidelines.

Meat Packing Giant JBS Hit with Cyberattack

Earlier this week, a targeted cyberattack hit JBS, a global meat processor, which resulted in the closure of several processing plants in the US and Australia.

DHS Issues Pipeline Cybersecurity Directive

The Department of Homeland Security (DHS) will soon issue cybersecurity regulations for the pipeline industry as a result of the Colonial Pipeline incident.

Industrial Defender Named Hot Company in OT Vulnerability Management by Cyber Defense Magazine in the Global InfoSec Awards

Industrial Defender has received the “Hot Company in Operational Technology Vulnerability Management” award from Cyber Defense Magazine (CDM).

Biden Extends Huawei Ban and Issues New Guidance on Improving Cybersecurity

On May 11, 2021, the Biden Administration issued an Executive Order aimed at strengthening both IT and OT cybersecurity in the United States.

A Tale of Two Buildings: Why Preparation Is Vital When Responding to a Cyber Attack

This theoretical scenario where an HVAC technician accidentally exposes customers’ building automation systems to a cyber attack shows the importance of incident response preparation.

How to Maintain a Cyber Secure Building Infrastructure

Building automation systems include the full scope of operational technology in large buildings. Learn the best practices for maintaining a cyber secure building infrastructure after it has been commissioned.

How to Overcome Vulnerability & Patch Management Challenges in Your OT Environment

OT environments present unique challenges for vulnerability and patch management. Learn more about these challenges and how to overcome them.

What Role Do Vendors Play in Building Automation System Cybersecurity?

Supporting building systems involves a cast of third-party vendors. Each must play a role in improving building automation system cybersecurity.

A Guide to NEI 08-09 Compliance for Nuclear Power Operators

Nuclear operators are subject to NEI 08-09 Cyber Security Plan for Nuclear Power Reactors compliance to protect the public from radiological sabotage resulting from a cyberattack.

Webinar – Squashing Spreadsheets: How to Orchestrate OEM Patch & Vulnerability Management

Learn how to automate your OEM patch & vulnerability monitoring processes to make smarter patching decisions in this webinar featuring FoxGuard Solutions.

Biden Administration Announces Plan for Electric System Cybersecurity

On April 20, 2021, the Biden Administration announced a new approach to address cybersecurity risks to safeguard critical energy infrastructure.

Video: Monitoring Building Management Systems with Industrial Defender and Splunk

Learn how to leverage Splunk and Industrial Defender to give IT teams and SOC analysts visibility into the traditionally hard to reach building management and building automation environments.

How to Establish Defense in Depth for Building Automation Systems

Establishing defense in depth to protect building management systems is critical, but tensions over cybersecurity between IT and Facilities can hinder cooperation.

TAP vs. SPAN in OT Environments

Access points for network visibility in OT environments are SPAN ports or network TAPs. Learn the differences between the two and when to use one over the other.

Webinar: What’s Hiding in Your Software? How SBOMs Reduce Supply Chain Risk

Learn how to read and understand a Software Bill of Materials (SBOM) to implement data-driven decisions around supply chain risk reduction.

What’s Behind Weak Smart Building Cybersecurity? People, Process & Technology Challenges

Weak smart building cybersecurity comes from increased connectivity and complex human factors which create a perfect storm of people, process and technology challenges.

The Expanding Cyber Threat Landscape in Smart Buildings

The expanding cyber threat landscape in building management systems makes them vulnerable to attack. This problem is widespread, mission-critical, and demands attention.

A Risk-Based Approach to Cybersecurity Without Cyber Hygiene Is a Fool’s Errand

A risk-based approach to cybersecurity without basic cyber hygiene is a fool’s errand because one cannot exist without the other.

Creating a Threat-Informed Defense with the MITRE ATT&CK for ICS Matrix

Using a real-life threat scenario, learn how to leverage diverse data collection methods to create a threat-informed defense with the MITRE ATT&CK for ICS Matrix.

Webinar: Are You Using MITRE ATT&CK for ICS Correctly?

Learn how ICS asset owners can leverage diverse data collection methods to create a threat-informed defense using the MITRE ATT&CK for ICS Matrix.

An Overview of CISA’s ICSA-21-056-03 Advisory for Rockwell Automation Logix Controllers

On February 25, 2021, the Cybersecurity and Infrastructure Security Agency (CISA) released ICS Advisory ICSA-21-056-03 related to vulnerabilities in Rockwell Automation Logix Controllers.

Industrial Defender and Technomak Partner to Secure Critical Infrastructure in the Middle East

Organizations in the Middle East will benefit from Industrial Defender’s comprehensive OT security and compliance platform as part of Technomak’s award-winning engineering services.

How a Security by Design Approach Might Have Stopped the Florida Water Facility HMI Attack

How using a security by design approach could have lessened the severity of the attack on the Florida water treatment facility or even prevented it altogether.

Summary of NERC CIP Requirements

A summary of NERC CIP requirements in Haiku poetry format, as an aid to remembering the subject area for each requirement.

Why Passive Network Monitoring Isn’t Truly “Passive”

The reasons why OT passive monitoring solutions are not truly passive and alternative cybersecurity and compliance technologies to consider.

Industrial Defender Launches CopilOT Service™ to Address Cybersecurity Talent Shortage for Critical Infrastructure Companies

CopilOT™ provides a specialized team of analysts to summarize security issues and recommend best practices, allowing internal teams to focus on strategic initiatives.

Florida Water Treatment Plant Hit With Cyber Attack

A recent cyber attack on a Florida water treatment plant further reinforces the need for proactive cybersecurity measures at critical infrastructure facilities.

What Is NERC CIP: The Ultimate Guide

An overview of how the North American Electric Reliability Corporation (NERC) came into existence and why CIP requirements have changed over the years

One Step Forward, Two Steps Back: A History of NERC CIP

An overview of how the National Electric Reliability Council (NERC) came into existence and why CIP requirements have changed over the years

Managing Cybersecurity for Renewable Energy Resources

To address the climate crisis, the Biden Administration launched a major effort to expand renewable energy resources. Cybersecurity for these new additions to the grid will be critical.

How to Approach IoT Cybersecurity for Smart Buildings

IT and facility management teams must consider people, process and technology when addressing cybersecurity risks from the IoT in smart buildings.

Industrial Defender Establishes IT-OT Integration Lab to Virtually Research, Develop and Evaluate ICS Cybersecurity Technologies

The IT-OT Integration Lab eliminates traditional physical and economic barriers to experiencing ICS security technologies for Industrial Defender’s end users and trusted partners.

Industrial Defender and aDolus Partner to Secure ICS Supply Chain with Independent File Validation

aDolus and Industrial Defender announce a partnership to mitigate the risk of supply chain attacks in ICS environments.

What Does the National Maritime Cybersecurity Plan Mean for the MTS?

The National Maritime Cybersecurity Plan highlights the role of the MTS in national security and the supply chain and the need to keep it cyber resilient.

What Does the SolarWinds’ Sunburst Backdoor Mean for ICS?

While SolarWinds’ Sunburst backdoor is primarily an “IT problem”, what does it mean for ICS and supply chain security?

MITRE ATT&CK for ICS Matrix: What It Is and How Its Used

The MITRE ATT&CK for ICS Matrix helps security teams make their overall risk discussion more meaningful. This primer discusses what it is and how it’s used.

Cold Chain Cybersecurity Critical for Effective COVID-19 Vaccine Distribution

With the COVID-19 vaccine distribution right around the corner, it’s critical for stakeholders throughout the cold chain to put cybersecurity protections in place for refrigeration facilities.

Feature Focus: Building Management System (BMS) Security and Risk Monitoring

Preview threat detection features we’ve built into the Industrial Defender for building management systems (BMS), including risk scoring, security monitoring and network analytics.

Industrial Defender and FoxGuard Solutions Team Up to Transform Patch and Vulnerability Management for OT Security Teams

This partnership combines Industrial Defender’s depth and breadth of asset data collection with FoxGuard’s ability to report, acquire, validate and deploy vendor-approved patch and vulnerability information.

A Guide to Preventative and Detective Controls for NERC CIP-013 Compliance

The NERC CIP-013 standard addresses cyber threats to the Bulk Electric System (BES) that come from third party vendors in the supply chain.

Top 5 ICS Security Best Practices

Industrial control systems (ICS) are the heart of our world’s critical infrastructure and must be protected. These are 5 ICS security best practices to consider.

Industrial Defender and Waterfall Security Solutions Partner to Safely Transmit Cybersecurity Data in Operational Technology Environments

This partnership combines Industrial Defender’s deep expertise in operational technology (OT) data collection and normalization with Waterfall’s industry-leading Unidirectional Gateways to secure OT environments.

Feature Focus: Asset Risk Scoring Methodology & Netflow Application

Preview the new asset risk scoring and Netflow features in Industrial Defender 7.3. Each OT endpoint automatically receives an overall asset risk score calculated using threat vectors including security events, compliance status, vulnerabilities and health. The methodology we use is completely transparent and allows users to choose the threat vectors that matter most to them. Our Netflow app lets you drill into asset status and communications at a glance to better understand your passive network monitoring data.

How to Apply the NIST Cybersecurity Framework in ICS

The NIST Cybersecurity Framework is the most popular framework in use today. Learn how to apply the NIST CSF in ICS environments and demonstrate cyber risk reduction.

Establishing OT Cybersecurity Fundamentals with the CIS Controls

The CIS Controls help security practitioners build the foundation of a sound OT cybersecurity program. Learn what these controls are and how they can benefit you.

Making Smarter Risk Management Decisions with OT Endpoint Data

Industrial control system environments pose unique risk management challenges. Having accurate OT endpoint data is critical to make smarter decisions.

4 Benefits of Implementing a Cybersecurity Solution for Building Management Systems

Cyber threats and vulnerabilities in critical building management systems are increasing every year. Learn why you should implement a cybersecurity solution.

Industrial Defender Strengthens OT Asset Anomaly Detection Platform and Assisted Passive Network Monitoring Engine to Automate Risk Quantification and Reporting

Industrial Defender announces enhancements to their ASM product, including automated risk scoring for operational technology (OT) assets, new Assisted Passive Monitoring (APM) technology, and simplified executive-level NIST CSF reporting.

CodeMeter Vulns: Why Complete Software Inventory Data Is Critical for ICS

CodeMeter is a software licensing program that is a critical component to the operation of many ICS. Severe vulnerabilities were recently found in this program.

Join Us for an MTS-ISAC Webinar: Tips for Detecting OT Threats Using SIEM Tools

Join our Principal Solutions Engineer Jeremy Morgan as he discusses challenges in IT/OT convergence for the maritime industry in this webinar with the Maritime Transportation System ISAC, a government sanctioned information sharing security group.

CVE-2020-1350 “Wormable” Flaw in Microsoft Windows Server Could Cause Major Issues for ICS/OT World

Every Microsoft Windows Server OS back to 2003 is impacted by CVE-2020-1350. Even worse, it’s being a called a “wormable” flaw, meaning it can transmit system to system all by itself. No emails, no user interaction, just good old fashioned TCP/IP.

Video: How To Monitor High-Value OT Assets in Microsoft Power BI

Learn how to leverage Microsoft Power BI and Industrial Defender for executive level dashboarding, high-value asset identification and enhanced insight into OT operations.

Video: OT SOC Enablement with Splunk

Learn how Industrial Defender can assist CISOs with their IT/OT convergence and SOC operational strategies, and help SOC Analysts and ICS Engineers quickly diagnose security events.

Video: Deploying Industrial Defender Agents on ICS and SCADA Systems (Part 2)

Learn how Industrial Defender overcomes complex endpoint ICS and SCADA system asset visibility challenges including data diodes, unsupported protocols, and air-gapped operations.

Video: Deploying Industrial Defender Agents on ICS and SCADA Systems (Part 1)

Learn how Industrial Defender’s agents can be deployed on any ICS or SCADA system environment, regardless of endpoint type or granularity of network segmentation, and the steps our experts recommend taking when tackling an OT security improvement project.

Video: Integrating 3rd Party Monitoring Tools with Industrial Defender

Learn how Industrial Defender integrates with 3rd party applications like Splunk, ServiceNow & IBMQRadar in order to share ICS security data with more members of your security team.

Operationalizing Cyber Programs for Industrial Control Systems – 5 Real World Use Cases

Learn how Industrial Defender executes ICS cybersecurity monitoring and compliance programs in the natural gas, electrical distribution and chemical processing industries in these 5 real world use cases.

Podcast: CTO Phil Dunbar Talks About the Return of Industrial Defender on the Waterfall ICS Security Podcast

In this edition of the Waterfall ICS Security podcast, CTO Phil Dunbar talks about the birth and rebirth of Industrial Defender with Andrew Ginter, Waterfall’s VP Industrial Security.

Video: Scanless Vulnerability Monitoring for ICS Environments

Learn how Industrial Defender ASM® protects against ICS vulnerabilities in a new way in this 5-minute demonstration by Peter Lund, Director of Product Management at Industrial Defender.

Teleo Capital Completes Acquisition of Industrial Defender from CapGemini America

Teleo Capital Management announces the acquisition of the Automated System Management (ASM) product platform and related products company Industrial Defender from CapGemini America.

Introducing Industrial Defender ASM 7.1 with New Passive Monitoring Capabilities

Industrial Defender has integrated passive monitoring technology into our already capable Network Intrusion Detection Sensor (NIDS) making ASM the single most comprehensive vendor for active and passive views into your ICS environment.

Critical Infrastructure targeted by Russian Government Cyber Activity

The Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) released a joint Technical Alert (TA) – TA18-074A providing information on Russian government actions targeting U.S. critical infrastructure organizations including energy, nuclear, water, aviation and critical manufacturing sectors.