By Stefan Liversidge Cyberattacks have been making the headlines daily, and the heat is on for critical infrastructure and other industrial organizations to do something about it. Building cyber resiliency at any speed puts a lot of pressure on an orga …
When you email a friend, you don’t have to worry about whether they use Gmail, Outlook, Yahoo or some other email provider. You just enter their email address, write your message and hit send. The reason this works is because there are layers of standardized protocols all email clients have adopted so messages can seamlessly fly between users regardless of which client they choose.
It’s no surprise that due to the nature of their industry, manufacturing facility leaders have invested a significant amount in the equipment necessary to accomplish streamlined operations and achieve their goals.
How does your company’s perception of ICS risk compare to that of other organizations? How are other asset owners defining the boundaries between OT systems and external systems? How do your ICS security roadblocks compare to others? Where does your company rank in terms of managing OT/IT convergence?
An attacker’s next point of entry to your corporate network just might be the Internet-connected smart TV in the boardroom, or a connected HVAC device accessed remotely by a third-party service technician. Once inside your network, the attacker can find a way to pivot to the OT network and compromise plant operations and safety. In the plant itself, an unmanaged weak point could be an unpatched Internet-facing VPN router or even a wireless access point.
When a cyberattack on an industrial facility succeeds, the highest level of concern is for safety. Making sure that process or manufacturing systems don’t endanger lives, or the environment, is paramount. The next level of concern is business continuit …
Traditionally, the OT environment is built with a “set it and forget it” mentality. But, once the network is connected to the outside world, that model is no longer optimal. The network becomes dynamic, ever-changing and in constant interaction — most changes are legitimate, some are accidental and some, unfortunately, are nefarious.
When it comes to compliance, it’s all too easy for businesses to fall into the trap of obeying the letter rather than the spirit of the law. Distilling regulatory requirements down to a checklist of things that must be done is a fine and well-practiced art, but it perhaps misses the point of why the legislation exists in the first place.
At the CME (Canadian Manufacturers & Exporters) “Dare to Compete” event in Winnipeg, Canada, likeminded people come together to share their experiences and ideasfor the greater good of manufacturing.
Although there may be something charming about manually operated tools for both domestic and commercial purposes, not many people could argue with the opinion that modern-day technology has benefited us in many ways.
Manufacturing is a very competitive market to be in. It has undergone several evolutions in recent years, each with the aim of optimizing production processes and increasing agility to meet customer demands, while also reducing production costs.
In order to fully understand data passing through an industrial network, one needs to take a deep dive and analyze the data itself. In other words, when we have data moving from controllers to I/O blocks, how do we actually know it’s the right data? To …
It’s important for those defending critical and industrial infrastructure to share knowledge and stay up-to-date on malware tradecraft. With that in mind, when the GreyEnergy Advanced Persistent Threat (APT) ended up unveiled by ESET last year, I put m …
Previous discussions have looked at how to define and implement cybersecurity programs based on guidance and requirements available from standards, guidelines, frameworks, and other sources. However, implementation is just the beginning since responding to constantly evolving cybersecurity risks is not a project, but a process. As with any management process it must include provisions for continuous improvement, including metrics definition and performance assessment.
With the responsibility to keep their companies ahead of all enterprise-wide threats, CIOs or CISOs certainly feel the increased pressure. Oftentimes these security leaders “grow up” in IT-centered roles, leaving them to feel they’ve got threat detection and response under control. But, what about the operational technology (OT) side of the company?
One of the biggest challenges for companies that operate industrial facilities — factories, manufacturers, warehouses, loading bays — is the fact activity isn’t confined to a single location: The supply chain is extensive and complex. As goods are transferred between facilities, each individual location creates an additional area of exposure and risk.
Manufacturing networks today are massive and pass quite a bit of unutilized data. These networks also have a lot of equipment on them that, from time to time, is moved around where the plant floor is re-optimized to make people and machinery more efficient. Plant floor re-optimization can save large amounts of money, while automating the movement of equipment, or at least the network supporting manufacturing, can save additional money.
The City of Raleigh needed an industrial security solution that could detect attacks, identify threats and implement compliance and change control policies using a combination of anomaly detection, policy-based rules and device integrity checks. The project’s goal was to maintain the safety and availability of the city’s water and other utilities, while protecting public health, the local economy and the environment from cyber threats.