Articles

Recent articles

In OT and ICS cybersecurity, living off the land (LOTL) techniques refer to the practice of attackers using the existing tools and processes in a target system to carry out their malicious activities. This approach is particularly dangerous because it allows the attacker to blend in with everyday activities, making detection significantly more challenging.
Operational Technology
Cyber Resilience
Industrial

How Living-Off-The-Land Techniques Impact OT and ICS

Dan Ricci
Typical OT network
Operational Technology
Industrial

The Purdue Model's Risky Blindspot

George V. Hulme
nexus_nsa-ot-sigs.jpg
Operational Technology
Industrial

NSA's ELITEWOLF Signatures Detect Malicious Activity in OT Environments

George V. Hulme
nexus_secure-design.jpg
Operational Technology
Industrial
Operational Resilience

Overcoming Inherent Design and Security Limitations of OT Devices

Juan Piacquadio
Tim Hall
nexus_weber-cloud.jpg
Industrial

Conducting Gap Assessments to Secure Control Environments’ Cloud-based Solutions

Don C. Weber
nexus_poor-visibility.jpg
Operational Technology
Industrial

OT Asset Visibility: A Foundation for Secure Operations

George V. Hulme
The inherent security of new devices and software associated with managing the grid is shipping natively with better code and design quality, cutting down on commodity vulnerabilities.
Industrial
Operational Technology

Bulk Power System Risks Span Complexity, Vulnerabilities, Advanced Actors

George V. Hulme
Vulnerable physical security components, such as door locks and control cabinets, change at such a slow rate that weaknesses are likely to go undetected or are easily overlooked in industrial and healthcare environments.
Industrial
Operational Resilience

Overlook Physical Security Risks at Your Own Peril

Don C. Weber
Compensating controls are often the only cybersecurity options available to offset risk in operational technology environments still supporting legacy technology or end-of-life industrial control systems or field devices.
Industrial
Cyber Resilience

When Compensating Controls are Your Only Security Option

Dan Ricci
In part two of Nexus' series on vulnerability remediation and patch management challenges related to industrial automation and control systems, we cover patching challenges, downtime, and the governance and oversight required to reduce risk.
Risk Management
Industrial

IT/OT Convergence Challenges, Part 2: Vulnerability Management Course of Action to Reduce Risk

Juan Piacquadio
Tim Hall
Juan Piacquadio and Tim Hall explain the need for tailored patch management and vulnerability management processes that cater to the specific requirements of OT systems.
Risk Management
Industrial

IT/OT Convergence Challenges, Part 1: Managing IACS Vulnerabilities

Juan Piacquadio
Tim Hall
Cyberattacks against the food and beverage industry are opportunistic and leverage the growth in digitization to exploit previously unmanaged vulnerabilities to disrupt operations.
Food & Beverage
Industrial

On the Menu: Cybersecurity Risks in the Food and Beverage Industry

George V. Hulme

Latest on Nexus Podcast