As OT systems become more interconnected, traditional air gaps disappear, creating new risks, said Joseph Carson, chief security scientist and advisory CISO at Delinea. The convergence of IT and OT environments requires a stronger focus on protecting digital identities and access controls.
Organizations mistakenly believe their operational technology systems are air-gapped and immune to cyberthreats. Dawn Cappelli, director of OT-CERT at Dragos, discusses why these assumptions are dangerous security gaps and why organizations need to rethink their approach to OT security.
Dennis Giese, a security researcher and engineer, built his first computer at around age 8 using spare parts. Years later, he hacked his first robotic vacuum cleaner. Giese reflects on his journey as a researcher and ethical hacker during HardPwn, a hardware hackathon hosted by Hardwear.io in Amsterdam.
A "road map to resilience" approach helps organizations balance immediate, low-cost security improvements with complex, long-term risk reduction initiatives in industrial control systems, said Mex Martinot, vice president and global head of industrial cybersecurity at Siemens Energy.
ISMG's Cybersecurity Pulse Report: ManuSec USA 2024 Edition is an essential resource for senior cybersecurity leaders and marketers navigating the complex landscape of operational technology security in manufacturing. This exclusive report distills critical insights from 61 industry pioneers.
Armis has closed a $200 million Series D funding round on a $4.2 billion valuation to drive growth in cyber exposure management with a focus on acquisitions and federal expansion. CEO Yevgeny Dibrov says the funds will accelerate Armis' work in operational technology and medical device security.
Researchers demonstrated that multiple brands of EV charging stations have vulnerabilities due to manufacturers often leaving open and unsecured SSH and HTTP ports. The risks of these vulnerabilities range from an expanded attack surface to a launching pad for assaults on the power grid.
While ransomware attacks against medical devices don't happen often, disruptive cyber incidents that affect the availability of the IT systems that medical devices rely on are a big concern that needs the industry's critical attention, said Jessica Wilkerson of the FDA.
Medical device makers have become more proactive in trying to meet higher cybersecurity expectations of regulators, but many still need to better understand the importance of life cycle security risk management and related issues, said Axel Wirth of Medcrypt and Christopher Gates of Velentium.
The oil and gas industry has high levels of cyber awareness and low levels of cyber insurance, says a sectoral assessment from credit rating agency Moody's. The sector has experienced a clutch of high-profile attacks including a high-profile 2021 incident at Colonial Pipeline.
As digital transformation continues to reshape industries, the convergence of operational technology and cybersecurity has emerged as a critical area of focus. But there's a noticeable gap in the workforce. Professionals who truly understand both OT and cybersecurity are in short supply.
Don't pull data from an operational technology network: OT networks should push data out. Segment critical OT networks. Don't introduce cybersecurity systems into an OT network unless administrators can guarantee they won't hinder a restart after a complete loss of electricity.
Dragos' acquisition of Network Perception will enrich its real-time network monitoring with robust visualization and configuration analysis tools. This transaction aims to bolster the security of operational technology networks and support customers in building more defensible architectures.
Industrial control systems made by different manufacturers for monitoring fuel storage tanks including those used in everyday gas stations contain critical zero-days that could convert them into targets for cyberattacks that cause physical damage.
A severe vulnerability in Rockwell Automation software used to configure programmable logic controllers could allow attackers to remotely execute malicious code. The vulnerability is rated 8.8 on the CVSS v4 scale. The U.S. Cybersecurity and Infrastructure Security Agency advised immediate patching.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing devicesecurity.io, you agree to our use of cookies.