Archive

All entries

Cyber-informed engineering ensures the design, manufacture, and deployment of new OT and critical infrastructure assets — enough that these assets are reasonably secure from cyberattacks and remain reliable and resilient.
Cyber Resilience
Operational Technology

Cyber-Informed Engineering: A Way Toward More Resilient OT Systems

George V. Hulme
Ransomware may be past its hey-day, and it is a malware threat that will not fade away. But are attackers ready to move past it to more human attack vectors?
Cyber Resilience
Ransomware

Is Ransomware Still Sexy?

John Frushour
Vulnerable physical security components, such as door locks and control cabinets, change at such a slow rate that weaknesses are likely to go undetected or are easily overlooked in industrial and healthcare environments.
Industrial
Operational Resilience

Overlook Physical Security Risks at Your Own Peril

Don C. Weber
Compensating controls are often the only cybersecurity options available to offset risk in operational technology environments still supporting legacy technology or end-of-life industrial control systems or field devices.
Industrial
Cyber Resilience

When Compensating Controls are Your Only Security Option

Dan Ricci
Team82 researcher Noam Moshe describes the eight vulnerabilities found in Teltonika RUT routers and in its cloud management platform, the Teltonika Remote Management System, and three distinct attack vectors that emerged from this research.
Industrial
Operational Technology

Nexus Podcast: Noam Moshe on Teltonika 4G IIoT Router Cybersecurity Research

Michael Mimoso
In part two of Nexus' series on vulnerability remediation and patch management challenges related to industrial automation and control systems, we cover patching challenges, downtime, and the governance and oversight required to reduce risk.
Risk Management
Industrial

IT/OT Convergence Challenges, Part 2: Vulnerability Management Course of Action to Reduce Risk

Juan Piacquadio
Tim Hall
Mandiant Chief Technology Officer Charles Carmakal says the majority of incidents his teams respond to are profit-motivated extortion attempts that involve not only ransomware, but data theft, victim-shaming and harassment.
Healthcare
Operational Resilience

Nexus Podcast: Mandiant’s Charles Carmakal on Real-World Healthcare Cyberattacks

Michael Mimoso
Security leaders newly introduced to OT should have a punch list of things to familiarize themselves with before challenges become overwhelming and insurmountable.
Operational Technology
Risk Management

Cybersecurity Punch List for CISOs Securing Converged IT/OT Environments

ADM. Michael S. Rogers, USN (Ret.)
Juan Piacquadio and Tim Hall explain the need for tailored patch management and vulnerability management processes that cater to the specific requirements of OT systems.
Risk Management
Industrial

IT/OT Convergence Challenges, Part 1: Managing IACS Vulnerabilities

Juan Piacquadio
Tim Hall
A New Jersey appeals court agreed with an earlier court’s decision that cybersecurity insurance providers could not deny ransomware coverage under a so-called “war exclusion” for a cybersecurity incident Merck & Co. claimed caused $1.4 billion in losses.
Cybersecurity Insurance
Ransomware

Merck Ransomware Insurance Ruling Helps Clear Fog of Cyberwar

George V. Hulme
Lorrie Cranor of Carnegie Mellon University's CyLab joins the Nexus podcast to discuss IoT smart device security and privacy labels.
Internet of Things

Nexus Podcast: Lorrie Cranor on IoT Security and Privacy Labels

Michael Mimoso
The E.U.'s NIS2 directive and the U.S.'s National Cybersecurity Strategy have aligned critical infrastructure's focus on cyber resilience.
Cyber Resilience

US, EU Authorities Increase Regulatory Focus on Critical Infrastructure Cybersecurity

George V. Hulme
Latest on Nexus Podcast