Archive

All entries

Ron Fabela joins the Nexus podcast to discuss his research into low-skilled threat actors targeting operational technology and industrial control systems. Many of these groups operate as hacktivists and carry out less sophisticated defacements and intrusions. While less of a risk, these incidents are still a drain on human resources required to investigate them and decided on mitigation strategies.
Industrial
Vulnerability Management
Risk Management
Operational Technology

Nexus Podcast: Ron Fabela on Low-Skilled OT/ICS Threat Actors

Michael Mimoso
Identifying and classifying the riskiest devices in operational technology (OT)-heavy environments is crucial for maintaining operational integrity and security. Expert Dan Ricci provides an extensive checklist for doing so that includes internal stakeholders and technical advice.
Industrial
Operational Technology
Vulnerability Management
Risk Management

Identifying, Classifying Riskiest Devices in OT-Heavy Environments

Dan Ricci
On the latest episode of the Claroty Nexus Podcast, Munish Walther-Puri, adjunct professor at the Center Global Affairs at New York University, describes a homegrown scale OT cybersecurity incidents called the Infrastructure Cyber Incident Scale, which takes into account an incident's magnitude, intensity, and duration.
Industrial
Operational Resilience
Operational Technology
Risk Management

Nexus Podcast: Munish Walther-Puri on Developing a Scale for OT Cybersecurity Incidents

Michael Mimoso
EU software and IoT device manufacturers must begin their efforts to come into compliance with the EU's Cyber Resilience Act (CRA). The CRA aims to protect consumers and businesses buying software or hardware products with a digital component from vulnerabilities and improve secure software development practices.
Cyber Resilience
Operational Resilience
Industrial
Healthcare
Risk Management

Software Security is Aim of EU Cyber Resilience Act Compliance

George V. Hulme
Brian Foster, senior advisor for grid security at Southern California Edison, joins the Nexus Podcast to discuss his presentation delivered at the S4 Conference on the risks of a hyperconnected grid. Adding a Wi-Fi connection to vulnerable smart meters that are enrolled by customers on a massive scale may allow attackers able to compromise centralized command and control of these devices to issue commands at scale that could result in catastrophic damage.
Industrial
Internet of Things
Operational Technology
Cyber Resilience

Nexus Podcast: Brian Foster on the Risks of a Hyperconnected Power Grid

Michael Mimoso
As shop floors and factories get smarter, there is an unprecedented surge in, and demand for, remote access to manufacturing systems. Former Pfizer global head of automation engineering Jim LaBonty writes for Claroty Nexus about the need to secure remote access to manufacturing environments to reduce risk and improve efficiency.
Cyber Resilience
Operational Technology
Zero Trust

Secure Remote Access for Smart Factory Environments

Jim LaBonty
Former NSA Director Adm. Michael S. Rogers shares three priorities the Trump Administration should pursue with regard to cybersecurity and critical infrastructure protection. Those include resuming the Cybersecurity Review Board, urging enterprises to focus on basic security hygiene, and exert its influence on vendors to secure their products.
Cyber Resilience
Risk Management
Industrial
Healthcare

3 Cybersecurity Priorities for the New Administration

ADM. Michael S. Rogers, USN (Ret.)
Exploitable cybersecurity vulnerabilities in Contec's CMS8000 patient monitors may be an insecure design choice rather than a backdoor as labeled by CISA. But regardless, the risk of leaked patients' protected health information (PHI) and remote code execution remains a real possibility.
Healthcare
Risk Management
Vulnerability Management
Cyber Resilience

Insecure Design Choice Puts Patient Safety, Data at Risk

George V. Hulme
Exploitable cybersecurity vulnerabilities in Contec's CMS8000 patient monitors may be an insecure design choice rather than a backdoor as labeled by CISA. But regardless, the risk of leaked patients' protected health information (PHI) and remote code execution remains a real possibility.
Risk Management
Operational Resilience
Cyber Resilience

Outgoing Biden EO Takes Aim at Improved Software Security

George V. Hulme
IT cybersecurity team members bring a fresh set of experience and perspective to the protection of cyber-physical systems and industrial and automation control system production environments.
Industrial
Operational Technology
Cyber Resilience

Accelerating IACS/OT Cybersecurity Improvements

Don C. Weber
In this episode of the Nexus Podcast, CISA ICS Cybersecurity Lead Matthew Rogers discusses new guidance from the agency on the use of security operational technology (OT) protocols, titled “Barriers to Secure OT Communication: Why Johnny Can’t Authenticate.” The paper advocates for the use of secure versions of legacy OT protocols, or the adoption of open standards by OEMs, in order to bring authentication and integrity to OT protocol communication.
Cyber Resilience
Operational Technology
Industrial

Nexus Podcast: CISA on Secure-by-Demand for OT

Michael Mimoso
The U.S. Department of Health and Human Services (HHS) hopes to strengthen the security of electronic protected health information (ePHI) with the most significant proposed update to the Health Insurance Portability and Accountability Act (HIPAA) Security Rule in more than a decade.
Healthcare
Risk Management

HIPAA Security Rule Update Aims to Strengthen Medical Device, Data Protections

George V. Hulme
Latest on Nexus Podcast