Archive

All entries

Nexus Digest Episode 4 features ICS Advisory Project founder Dan Ricci. Ricci describes the need to distinguish between asset lists and actual asset inventories, what those differences are, and how to make the most of the information made available. Device data such as firmware versions, protocol identification, and more are vital to other aspects of the OT and cyber-physical systems protection program, including exposure management and segmentation initiatives.
Industrial
Operational Resilience
Cyber Resilience

Nexus Digest: Dan Ricci on Turning Visibility into Risk Reduction

Nexus Digest Episode 4 features ICS Advisory Project founder Dan Ricci. Ricci describes the need to distinguish between asset lists and actual asset…
Michael Mimoso
On this episode of the Nexus Podcast, Krista Arndt, Associate Chief Information Security Officer (CISO) at the St. Luke's University Health Network of Pennsylvania and New Jersey, explains how healthcare's rapid adoption of technology has created cybersecurity exposures that must be mitigated. Compensating controls such as microsegmentation have also enabled innovative new procedures that improve patient care.
Healthcare
Cyber Resilience
Operational Resilience

Nexus Podcast: Krista Arndt on Healthcare Cyber Resilience

Michael Mimoso
Internet-facing cyber-physical systems (CPS) are a consequential and structural risk in many modern manufacturing environments, one that can introduce disruption without the need for much sophistication on a threat actor’s part.
Cyber Resilience
Industrial
Operational Resilience

Exposed Manufacturing Assets a Consequential Risk

Jim LaBonty
Swisscom Head of Physical Security, Safety, BCM, Emergency & Crisis Management Thomas Dummermuth writes about the growing mandates to achieve operational resilience—digital and physical—within data centers and critical infrastructure organizations to meet evolving threats.
Operational Resilience
Cyber Resilience

Achieving Cyber and Physical Resilience Across Data Centers, Critical Infrastructure

Thomas Dummermuth
ICS Advisory founder Dan Ricci explains why a list of operational technology (OT) assets is not an asset inventory. Asset inventories must be organized, updated, and physically validated. Only then can this facet of asset management support enterprise-wide risk management and cyber-physical systems protection programs.
Cyber Resilience
Operational Resilience
Operational Technology
Vulnerability Management
Risk Management

From Inventory to Insight: Turning OT Visibility into Concrete Risk Reduction

Dan Ricci
derbyshire.jpg
Cyber Resilience
Industrial
Operational Resilience
Operational Technology
Risk Management
Vulnerability Management

Nexus Podcast: Ric Derbyshire on Living-Off-the-Plant OT Cyberattacks

Michael Mimoso
Jon Holzbauer, OT systems manager at Silgan Containers, is featured in Episode 3 of Claroty Nexus Digest. Jon discusses the skills gap between IT security teams and OT asset operators as these two distinct operational disciplines converge. He also describes the challenges and conflicting priorities that emerge in converged environments, and how to navigate those.
Cyber Resilience
Operational Resilience
Operational Technology
Industrial

Nexus Digest: Jon Holzbauer on CPS Security Skills Gap

Jon Holzbauer, OT systems manager at Silgan Containers, is featured in Episode 3 of Claroty Nexus Digest. Jon discusses the skills gap between IT security…
Michael Mimoso
AJ Eserjose, Regional Director for Operational Technology Information Sharing and Analysis Center (OT-ISAC), writes about how the information shared among members of a hub such as OT-ISAC creates a predictive resilience.  Attack, threat, and risk signals are aggregated from contributions made by different members into comprehensive intelligence that improves overall cyber and operational resilience.
Cyber Resilience
Industrial
Operational Resilience
Operational Technology
Risk Management

How Collective Intelligence Enhances Predictive Resilience

AJ Eserjose
Project Glasswing and the Claude Mythos Preview have caused an upheaval related to vulnerability discovery and exploit development. On Nexus, former NSA Director Adm. Michael S. Rogers introduces some nuance to the discussion. The nuance that isn’t being articulated enough, he says, is that Project Glasswing is largely a defensive effort that does more to level the playing field between threat actors and defenders than we may realize.
Cyber Resilience
Federal
Operational Resilience
Vulnerability Management

Exploring Some Nuance on Project Glasswing

ADM. Michael S. Rogers, USN (Ret.)
OT has a cybersecurity skills gap. Leading organizations, however, are responding by building cross-functional IT/OT security teams, investing in OT-specific training, creating hybrid cybersecurity roles, and leveraging managed OT security services to bridge immediate gaps. They are also prioritizing asset visibility, documentation, and standardized processes to reduce reliance on tribal knowledge.
Operational Technology
Industrial
Operational Resilience
Cyber Resilience

OT Cybersecurity Faces a Skills Gap

Jon Holzbauer
nexus_samir.jpg
Industrial
Cyber Resilience
Operational Resilience
Operational Technology
Risk Management

Nexus Podcast: MITRE on Caldera for OT Adversary Emulation

Michael Mimoso
nexuspod_joe-slowik.jpeg
Operational Resilience
Operational Technology
Internet of Things
Industrial
Healthcare
Cyber Resilience
Risk Management

Nexus Podcast: Joe Slowik on Securing Exposed Internet-Facing Assets

Michael Mimoso
Latest on Nexus Podcast