Archive

All entries

Mike Ratliff, CISO at Providence, one of the country's largest not-for-profit healthcare providers, writes about his organization's attempt to re-think GRC as Governance, Risk, Attack Surface Management, and Compliance (GRAC). Ratliff describes five areas GRAC improves the overall security program, including the quantification and prioritization of risk, the integration of attack surface management, and an architecture that supports secure-by-design principles.
Healthcare
Risk Management
Cyber Resilience
Operational Resilience

Rebuilding Legacy GRC from the Ground Up

Mike Ratliff
Current OT cybersecurity budgeting approaches reflect a misalignment of prioritizing surface-level defenses over architectural shortcomings. Instead, CISOs should demand vendors deliver products that are secure by design, and address systemic failures over a reactive approach to the security of cyber-physical systems.
Industrial
Operational Technology
Risk Management
Technical Debt

The Economics of OT Cybersecurity: Are We Investing in the Wrong Priorities?

Dan Ricci
ASL Roma 1’s HOPE (Healthcare Operational Protection & Excellence) project stands as a cutting-edge initiative in healthcare cybersecurity, leveraging advanced technologies and innovative methodologies to strengthen organizational resilience. Here we lay the foundation for explaining how our CMDB becomes a key tool for proactively managing vulnerabilities, especially during waves of CVEs (Common Vulnerabilities and Exposures) that can quickly disrupt complex environments.
Healthcare
Operational Resilience
Cyber Resilience
Vulnerability Management

ASL Roma 1’s HOPE: Innovation and Resilience to Vulnerability Waves

Stefano Scaramuzzino
Fabio Battelli
Gentry Lane, founder of Nemesis Global, joins the Nexus Podcast to discuss how a Cold War tactic known as Salami Cuts is being used against U.S. critical infrastructure. Adversaries who cannot operate on equal footing on a kinetic battlefield, are finding cyberspace to be a level playing field. The use of salami tactics is a strategy of gradually degrading an opposition's dominance by instilling distrust in institutions, utilities, or the government's ability to protect us.
Cyber Resilience
Risk Management
Industrial
Healthcare

Nexus Podcast: Gentry Lane on the Use of 'Salami Cuts' in Cyber Conflict

Michael Mimoso
In this episode of the Nexus Podcast, Pedro Umbelino, Principal Research Scientist at Bitsight Technologies, joins to discuss his team's research into Automatic Tank Gauge (ATG) systems and how they uncovered 11 vulnerabilities in ATGs manufactured by five different vendors. ATG devices have sets of sensors that measure and record fuel levels, condensation, temperature, and volume in storage tanks. They are critical because they can be used to monitor for leaks, and can trigger alerts, sirens, perform emergency shutoff procedures, or allow for ventilation if necessary.
Industrial
Operational Resilience
Operational Technology
Vulnerability Management

Nexus Podcast: Pedro Umbelino on Exploiting ATG Devices in Fuel Storage

Michael Mimoso
A new Information Risk Insights Study by Cyentia Institute puts real data behind the likelihood of attacks against critical infrastructure sectors enabled by digital transformation. CISOs need to understand the expanded attack surfaces and other risks within smart factories, healthcare, and other sectors connected devices online.
Operational Resilience
Cyber Resilience
Operational Technology
Risk Management

Study Warns: Digital Transformation Amps up Cyber Risks in Manufacturing

George V. Hulme
U.S. critical infrastructure operators are urged to be vigilant in hardening operational technology and ICS cybersecurity in expectation of a retaliatory response from Iran for last week’s missile strikes.
Cyber Resilience
Operational Technology
Industrial
Internet of Things
Healthcare
Risk Management

Experts: Expect Iran’s Cyber Tactics to be Disruptive

George V. Hulme
Steven Sim, the chair of the OT ISAC advisory committee, joins the Nexus Podcast for an in-depth conversation about the state of the OT-ISAC, information-sharing, and why organizations are prospering from this channel from not only sharing, but community initiatives, including conferences, and training opportunities for OT engineers and cybersecurity practitioners.
Operational Technology
Operational Resilience
Cyber Resilience
Vulnerability Management

Nexus Podcast: Steven Sim on OT-ISAC and Cybersecurity Information Sharing

Michael Mimoso
nexus_underfunded-healthcare.jpg
Healthcare
Risk Management
Vulnerability Management
Cyber Resilience

Bridging the Cybersecurity Gap Among America's Underfunded Healthcare Providers

George V. Hulme
nexus_fabela-ur-e26.jpg
Cyber Resilience
Risk Management

E26: More Than Just a Maritime Cybersecurity Regulation—It's a Fundamental Shift

Ron Fabela
Sarah Fluchs revisits the progress and adoption of the Top 20 Secure PLC Coding Practices list.
Cyber Resilience
Risk Management
Vulnerability Management

Nexus Podcast Episode 100: Sarah Fluchs on the Cyber Resilience Act

Michael Mimoso
new_nexus_podcast.png
Healthcare
Industrial
Operational Technology
Internet of Things
Risk Management

Looking Back at 100 Episodes of the Nexus Podcast

Michael Mimoso
Latest on Nexus Podcast