The recent CrowdStrike outage highlights the need to shift from reactive risk management to proactive measures in cyber-physical security. Claroty CEO Yaniv Vardi emphasizes the importance of compensating controls, network segmentation and secure remote access in preventing similar incidents.
The deployment of an asset management platform is helping Main Line Health gain deeper visibility and better security over the 100,000-plus medical devices and IoT gear used throughout the group's multiple hospitals and medical facilities, said CISO Aaron Weismann, who discusses the implementation.
Cisco remained atop Forrester's OT security rankings, Palo Alto Networks climbed into the leader space, and Claroty and Tenable fell to strong performer. The transition from a network-centric to an asset- and data-centric security model has introduced challenges, especially with legacy equipment.
Modern security challenges such as increased remote work and interconnected applications demand robust strategies. Todd Beebe, information security officer at Freeport LNG, shared insights on developing cybersecurity programs for OT environments.
Managing security in the oil and gas industry involves unique challenges as firms rely on both legacy systems and modern technologies. Many devices in use were built decades ago without current security guidelines, making them vulnerable to cyberattacks, said Bemi Anjous, CISO at Noble Drilling.
Chuck Markarian, CISO, PACCAR, and Jerry Cochran, deputy CIO, Pacific Northwest National Laboratory, discuss practical approaches to bolstering cyber resilience in manufacturing, including mitigating risks, enhancing preparedness and fostering collaboration across technical and nontechnical teams.
Legacy systems that coexist with modern cloud-based applications complicate the arduous process of implementing cybersecurity measures. "When you get a company that is over 100 years old, you get some things that came along at different eras of the business," said Vaughn Hazen, CISO of CN Rail.
Microsoft has released a new open-source security tool to close gaps in threat analysis for industrial control systems and help address increased nation-state attacks on critical infrastructure. ICSpector, available on GitHub, can scan PLCs, extract information and detect malicious code.
As railways embrace digital transformation, the industry faces unique security challenges. Tom Remberg, CISO of Bane Nor, the agency responsible for Norway’s railway infrastructure, shared strategies to mitigate risks associated with digital change in the rail sector.
Medical device makers submitting products for premarket approval by the Food and Drug Administration often struggle the most with cybersecurity in three major areas - design controls, providing a software bill of materials and testing, according to Nastassia Tamari of the FDA.
In the latest weekly update, ISMG editors discussed key insights on OT security from the Cyber Security for Critical Assets Summit in Houston, the implications of a critical Linux utility found to have a backdoor, and a CISO's perspective on comprehensive cloud security strategy.
Besides not doing cyberthreat modeling at all, some the biggest mistakes medical device manufacturers can make are starting the modeling process too late in the development phase or using it simply as a "paper weight exercise," said threat modeling expert Adam Shostack of Shostack & Associates.
The Energy Department is hoping to catalyze next-generation solutions to cybersecurity vulnerabilities in the energy sector by funding the creation of university-based cyber energy centers nationwide that will bring together private sector partners and the future of U.S. cyber talent.
IT and OT security experts say threats to shipping underscore the need for more stringent regulations for passenger, cargo and high-speed vessels by the International Association of Classification Societies. The new IACS cybersecurity and resilience requirements will go into effect July 1.
The conventional trajectory for tech graduates is diversifying. Industries previously considered peripheral to technology are now actively recruiting tech talent. Employers who bypass the fresh wave of graduates are sidelining strategic advantages that could propel their organizations forward.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ot.today, you agree to our use of cookies.