7 Jul 2025 | A Year In OT Security
Most of the targeted, OT specific attacks, where the adversary has lived on the OT for many months, began with a compromise of remote access to OT. The limited OT cyber incident data we have clearly shows that multi-factor authentication (MFA) for OT remote access is...
30 Jun 2025 | A Year In OT Security
De-militarized zones (DMZ), semi-trusted zones, are a common electronic security perimeter good practice. The firewall segmenting IT from the Internet will often have one or more DMZ to limit direct Internet to IT network communication. A web server, database...
23 Jun 2025 | A Year In OT Security
Take the information gathered in Week 24 on your OT electronic security perimeters and evaluate the risk related to each communication allowed through the OT electronic security perimeter. This is typically a rule by rule analysis. If you have a well-documented...
16 Jun 2025 | A Year In OT Security
The S4x26 Call For Presentations (CFP) opens this week and runs through August 31st. Information is available at s4xevents.com/cfp. Early submission improves your chances of getting on the S4 stage as we review submissions as they come, rather than waiting until the...
9 Jun 2025 | A Year In OT Security
Last week’s task identified, and initiated steps to remove, all unauthorized or insecure Internet access to OT. The remaining OT network access will come from your IT networks or business partner networks. The first step to evaluating the OT electronic security...
2 Jun 2025 | A Year In OT Security
Hopefully you believe the answer to this question is no. If any person or device on the Internet can access any of your OT environments you need to take immediate action. Note: “any person or device on the Internet” doesn’t include an employee or partner with...
26 May 2025 | A Year In OT Security
In Week 21 you identified the recovery time objective (RTO). Your task this week is to evaluate, at a high level via interview and inspection, if that RTO can be credibly met. Assume a scenario where everything with an IP address in IT and OT has been compromised and...
19 May 2025 | A Year In OT Security
Your manufacturing line is down. How fast do you need to have it back in operation to avoid a high or catastrophic consequence that you identified in Weeks 11 – 12? The same “how fast do you need it back in operation to avoid a high or catastrophic consequence”...
12 May 2025 | A Year In OT Security
Your IT network has been compromised. Your OT network seems to be working fine, but you’re worried that the compromise will spread to OT. What do you do? Colonial Pipeline faced this situation in 2021 when ransomware infected their IT network. Their response? Shut...
5 May 2025 | A Year In OT Security
The most frequent category of a cyber attack caused outage in OT and Operations, is ransomware infecting systems on the IT network, also called the corporate or enterprise network. Stated another way, most cyber incidents causing an outage in Operations never reach...
