4 Aug 2025 | A Year In OT Security
Many OT security professionals have busted the airgap myth by asking questions on how software or firmware updates, schedules, recipes, anti-virus signatures, or applications are brought into the OT environment. They often are brought in through the approved OT...
28 Jul 2025 | A Year In OT Security
Your task this week will vary based on the type of system you operate. Asset owners with SCADA have more work this week. SCADA Systems SCADA systems monitoring and controlling geographically dispersed systems, such as pipelines, electric grids, and water delivery,...
21 Jul 2025 | A Year In OT Security
Predictive maintenance, efficiency studies and controls, security monitoring, and other cloud services can offer real benefits to asset owners. This trend of vendors offering, and asset owners using, cloud services is almost certain to increase. The challenge is to...
14 Jul 2025 | A Year In OT Security
Now that your OT remote access is secured, determine if the allowed remote access is necessary. Ideally user interactive remote access to OT for the purpose of performing control or administration should be rare. If this is the case, consider if it’s feasible to have...
7 Jul 2025 | A Year In OT Security
Most of the targeted, OT specific attacks, where the adversary has lived on the OT for many months, began with a compromise of remote access to OT. The limited OT cyber incident data we have clearly shows that multi-factor authentication (MFA) for OT remote access is...
30 Jun 2025 | A Year In OT Security
De-militarized zones (DMZ), semi-trusted zones, are a common electronic security perimeter good practice. The firewall segmenting IT from the Internet will often have one or more DMZ to limit direct Internet to IT network communication. A web server, database...
23 Jun 2025 | A Year In OT Security
Take the information gathered in Week 24 on your OT electronic security perimeters and evaluate the risk related to each communication allowed through the OT electronic security perimeter. This is typically a rule by rule analysis. If you have a well-documented...
16 Jun 2025 | A Year In OT Security
The S4x26 Call For Presentations (CFP) opens this week and runs through August 31st. Information is available at s4xevents.com/cfp. Early submission improves your chances of getting on the S4 stage as we review submissions as they come, rather than waiting until the...
9 Jun 2025 | A Year In OT Security
Last week’s task identified, and initiated steps to remove, all unauthorized or insecure Internet access to OT. The remaining OT network access will come from your IT networks or business partner networks. The first step to evaluating the OT electronic security...
2 Jun 2025 | A Year In OT Security
Hopefully you believe the answer to this question is no. If any person or device on the Internet can access any of your OT environments you need to take immediate action. Note: “any person or device on the Internet” doesn’t include an employee or partner with...