Archive

All entries

Threat intelligence for operational technology environments differs from traditional IT threat intelligence. OT threat intelligence requires contextual, situational awareness that identifies vulnerabilities and anomalies, and also which assets, and in what part of the process, are exposed. It must also note what the safety and operational consequences would be if exploited. This context enables security teams to prioritize risk mitigation according to real-world impact rather than theoretical severity.
Vulnerability Management
Risk Management
Operational Technology
Operational Resilience
Cyber Resilience

Why Traditional Threat Intelligence Falls Short For Operational Technology

George V. Hulme
nexus_labonty-manuf-and-cloud.jpg
Risk Management
Operational Resilience
Operational Technology
Cyber Resilience

Navigating Manufacturing Cybersecurity and the Cloud

Jim LaBonty
The convergence of IT and OT systems, primarily driven by the deployment of IIoT (industrial Internet of Things), cloud computing, and the need for remote monitoring, has fundamentally altered the OT architecture that the Purdue Model was initially designed to help manage.
Zero Trust
Risk Management
Operational Resilience
Operational Technology

Is It Time to Rethink the Purdue Model?

George V. Hulme
OT cybersecurity expert Danielle Jablanski of STV makes her first contribution to Claroty Nexus. She writes about how OT cybersecurity programs should not compromise safety and reliability over the likelihood a vulnerability will be exploited.
Operational Technology
Cyber Resilience
Vulnerability Management
Risk Management

Throw Likelihood to the Wind: OT Cybersecurity is Categorical, Not Mathematical

Danielle Jablanski
Current OT cybersecurity budgeting approaches reflect a misalignment of prioritizing surface-level defenses over architectural shortcomings. Instead, CISOs should demand vendors deliver products that are secure by design, and address systemic failures over a reactive approach to the security of cyber-physical systems.
Industrial
Operational Technology
Risk Management
Technical Debt

The Economics of OT Cybersecurity: Are We Investing in the Wrong Priorities?

Dan Ricci
In this episode of the Nexus Podcast, Pedro Umbelino, Principal Research Scientist at Bitsight Technologies, joins to discuss his team's research into Automatic Tank Gauge (ATG) systems and how they uncovered 11 vulnerabilities in ATGs manufactured by five different vendors. ATG devices have sets of sensors that measure and record fuel levels, condensation, temperature, and volume in storage tanks. They are critical because they can be used to monitor for leaks, and can trigger alerts, sirens, perform emergency shutoff procedures, or allow for ventilation if necessary.
Industrial
Operational Resilience
Operational Technology
Vulnerability Management

Nexus Podcast: Pedro Umbelino on Exploiting ATG Devices in Fuel Storage

Michael Mimoso
A new Information Risk Insights Study by Cyentia Institute puts real data behind the likelihood of attacks against critical infrastructure sectors enabled by digital transformation. CISOs need to understand the expanded attack surfaces and other risks within smart factories, healthcare, and other sectors connected devices online.
Operational Resilience
Cyber Resilience
Operational Technology
Risk Management

Study Warns: Digital Transformation Amps up Cyber Risks in Manufacturing

George V. Hulme
U.S. critical infrastructure operators are urged to be vigilant in hardening operational technology and ICS cybersecurity in expectation of a retaliatory response from Iran for last week’s missile strikes.
Cyber Resilience
Operational Technology
Industrial
Internet of Things
Healthcare
Risk Management

Experts: Expect Iran’s Cyber Tactics to be Disruptive

George V. Hulme
Steven Sim, the chair of the OT ISAC advisory committee, joins the Nexus Podcast for an in-depth conversation about the state of the OT-ISAC, information-sharing, and why organizations are prospering from this channel from not only sharing, but community initiatives, including conferences, and training opportunities for OT engineers and cybersecurity practitioners.
Operational Technology
Operational Resilience
Cyber Resilience
Vulnerability Management

Nexus Podcast: Steven Sim on OT-ISAC and Cybersecurity Information Sharing

Michael Mimoso
new_nexus_podcast.png
Healthcare
Industrial
Operational Technology
Internet of Things
Risk Management

Looking Back at 100 Episodes of the Nexus Podcast

Michael Mimoso
shutterstock_1489100678-(3)-(1).jpg
Industrial
Operational Technology
Vulnerability Management

Managing Serial-to-Ethernet Exposures in Modern OT Networks

Alessio Rosas
nexus_andrew-ohrt.png
Cyber Resilience
Operational Resilience
Operational Technology
Industrial
Risk Management

Nexus Podcast: Andrew Ohrt on Starting Cyber-Informed Engineering Projects

Michael Mimoso
Latest on Nexus Podcast