Nexus Digest: Dan Ricci on Turning Visibility into Risk Reduction

ICS Advisory Project founder Dan Ricci is the guest for Episode 4 of Nexus Digest guest. Dan discusses a recent article he wrote for Nexus titled “From Inventory to Insight: Turning OT Visibility into Concrete Risk Reduction.” Dan describes the need to distinguish between asset lists and actual asset inventories, what those differences are, and how to make the most of the information made available. Device data such as firmware versions, protocol identification, and more are vital to other aspects of the OT and cyber-physical systems protection program, including exposure management and segmentation initiatives.

Also featured in this episode:
First-time contributor, Swisscom Head of Physical Security, Safety, BCM, Emergency & Crisis Management Thomas Dummermuth, writes about the growing mandates to achieve operational resilience—digital and physical—within data centers and critical infrastructure organizations to meet evolving threats.

Former Pfizer Global Head of Automation Engineering James LaBonty writes about the risks to manufacturing environments from internet-facing cyber-physical assets. These risky exposures are already being leveraged by low-level attackers in compromises. Manufacturing security teams, LaBonty writes, must reduce risk from these connected assets. 

Krista Arndt, Associate Chief Information Security Officer (CISO) at the St. Luke's University Health Network of Pennsylvania and New Jersey, was a recent guest on the Nexus Podcast. She explains how healthcare's rapid adoption of technology has created cybersecurity exposures that must be mitigated.

Finally, Ric Derbyshire, a Principal Security Researcher at Orange Cyberdefense also joined the Nexus Podcast in June to discuss how attackers are able to gain lateral movement across operational technology (OT) assets through a tactic known as Living Off the Plant.