December 5, 2024 at 10:28AM The rise of IoT and OT devices in critical sectors introduces unique security challenges due to their diversity, limited patching options, operational disruptions, inadequate security protocols, and limited visibility. Tailored strategies, such as risk-based approaches, strict access controls, and specialized monitoring tools, are essential for effective vulnerability management in these … Read more
November 21, 2024 at 06:11AM New research reveals over 145,000 internet-exposed Industrial Control Systems (ICS) in 175 countries, with the U.S. having the highest exposure. Key protocols used are outdated, increasing vulnerability. Cyber attacks targeting ICS are rare but rising, necessitating enhanced security measures. The analysis underscores the importance of monitoring and securing critical infrastructure. … Read more
November 12, 2024 at 07:05AM The SANS State of ICS/OT Cybersecurity 2024 report reveals insights from 530 professionals on current and planned technologies in critical infrastructure. Key current technologies include access controls and backup tools, while future focus areas include ICS-specific training and metrics. Increasing investment in less-deployed technologies like SBOM and SOAR is noted. … Read more
November 6, 2024 at 08:06AM The SANS 2024 report reveals a rise in attacks on industrial control systems, with 74.4% of incidents being non-ransomware related. Key attack vectors include remote services and supply chain compromises. While ransomware incidents are relatively low (12%), their impact on ICS/OT environments remains severe, affecting reliability and safety. **Meeting Takeaways: … Read more
October 22, 2024 at 05:30AM Palo Alto Networks has enhanced its OT Security solution by incorporating new capabilities for remote access, virtual patching, and firewall functionality. **Meeting Takeaways:** 1. **New Capabilities Added**: Palo Alto Networks has enhanced its OT Security solution. 2. **Specific Enhancements**: – New remote access features – Virtual patching capabilities – Improved … Read more
October 2, 2024 at 07:10PM The National Security Agency and international cybersecurity agencies released “Principles of Operational Technology Cyber Security,” outlining six principles to safeguard critical infrastructure. These principles stress the paramount importance of safety, knowledge of the business, protecting OT data, segmenting OT networks, securing the supply chain, and ensuring a skilled cybersecurity workforce. … Read more
October 2, 2024 at 09:54AM New guidance has been released by the US and its allies, offering advice on establishing and preserving a secure operational technology (OT) environment. This information was shared on SecurityWeek. It looks like the meeting notes are about the release of new guidance for securing operational technology environments by the US … Read more
October 1, 2024 at 08:51AM Dragos has acquired Network Perception to enhance its platform’s visibility, segmentation, and compliance capabilities, boosting its security capabilities. This acquisition aligns with Dragos’ goal to strengthen its security platform. Based on the meeting notes, it looks like OT security firm Dragos has acquired Network Perception in order to enhance its … Read more
September 11, 2024 at 10:04AM The exploding demand for remote access has created a vulnerable attack surface for industrial control systems, with many using multiple inadequate remote access tools. Critical infrastructure sectors are at risk, and cyberattackers have already exploited such tools in high-profile breaches. The report emphasizes the need for better management, security standards, … Read more
September 10, 2024 at 10:27AM Cyber-physical systems security firm Claroty warns that excessive use of remote access tools in operational technology (OT) environments can heighten cybersecurity risks. Their analysis reveals that 55% of organizations use four or more remote access tools, with some relying on 15-16, many lacking essential security features. This poses serious security … Read more