Security News

Organizations are placing OT cybersecurity responsibility on CISOs
2023-05-31 03:30

"Fortinet's report shows that while OT organizations have improved their overall cybersecurity posture, they also have continued opportunity for improvement. Networking and IT teams are under extraordinary pressure to adapt and become more OT-aware, and organizations are shifting to find and employ solutions that implement security across their entire IT/OT environment to reduce their overall security risk," said John Maddison, EVP Products and CMO at Fortinet. While the number of organizations that did not incur a cybersecurity intrusion improved dramatically YoY, there is still significant room for improvement.

The essence of OT security: A proactive guide to achieving CISA’s Cybersecurity Performance Goals
2023-05-25 04:30

In response to these risks, the US government reinforced critical infrastructure security by introducing Cross-Sector Cybersecurity Performance Goals mandated by the US Cybersecurity Infrastructure & Security Agency. Recently, CISA updated the CPGs to align with NIST's standard cybersecurity framework, establishing each of the five goals as a prioritized subset of IT and OT cybersecurity practices.

Gap between OT security assumptions and reality
2023-05-23 04:00

In the fast-evolving landscape of technology and connectivity, ensuring the security of operational technology systems has become a paramount concern for organizations worldwide. In this Help Net Security video, Daniel Bren, CEO at OTORIO, discusses a significant discrepancy between how companies perceive their OT security posture and the harsh reality they often face.

Industrial Cellular Routers at Risk: 11 New Vulnerabilities Expose OT Networks
2023-05-15 13:24

Several security vulnerabilities have been disclosed in cloud management platforms associated with three industrial cellular router vendors that could expose operational technology networks to external attacks. The 11 vulnerabilities allow "Remote code execution and full control over hundreds of thousands of devices and OT networks - in some cases, even those not actively configured to use the cloud."

Beyond Traditional Security: NDR's Pivotal Role in Safeguarding OT Networks
2023-04-20 11:56

The underlying trend is clear: OT and IoT networks are progressively integrated with traditional IT networks for management and access purposes, leading to increased communication between these devices both internally and externally. Controlling and overseeing supplier access to OT and IoT networks is challenging, as connections between external and internal networks can occur through various means like VPNs, direct mobile connections, and jump hosts.

Honeypot-Factory: The Use of Deception in ICS/OT Environments
2023-02-13 09:59

CryPLH is a low-interactive and virtual Smart-Grid ICS honeypot simulating Siemens Simatic 300 PLC devices. With the development of cybersecurity technology, deception has been applied in various circumstances like the web, databases, mobile apps, and IoT. Deception technology has been embodied in some ICS honeypot applications in the OT field.

Mix of legacy OT and connected technologies creates security gaps
2023-02-01 04:00

While machine-to-machine communication and machine learning have helped industrial firms improve quality, maintenance and machine life, many are now using a complicated mix of legacy OT and connected technologies that is rife with security gaps. Their current OT security solutions often need more visibility into IoT, mobile and wireless assets.

What to consider when budgeting for 2023’s OT cybersecurity needs and wants
2023-01-06 05:00

Regardless of what 2023 holds in store for the economy, your organization's financial commitment to supporting OT cybersecurity efforts is being decided now. From the board's perspective, if 2023's financial outlook seems uncertain, perhaps this is not the best time to invest in the costly modernization of the production lines and the related comprehensive cybersecurity solution.

3 New Vulnerabilities Affect OT Products from German Companies Festo and CODESYS
2022-11-30 07:21

Researchers have disclosed details of three new security vulnerabilities affecting operational technology products from CODESYS and Festo that could lead to source code tampering and denial-of-service. The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of flaws collectively tracked under the name OT:ICEFALL. "These issues exemplify either an insecure-by-design approach - which was usual at the time the products were launched - where manufacturers include dangerous functions that can be accessed with no authentication or a subpar implementation of security controls, such as cryptography," the researchers said.

3 New Vulnerabilities Affect OT Products from German Companies Festo and CODESYS
2022-11-30 07:21

Researchers have disclosed details of three new security vulnerabilities affecting operational technology products from CODESYS and Festo that could lead to source code tampering and denial-of-service. The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of flaws collectively tracked under the name OT:ICEFALL. "These issues exemplify either an insecure-by-design approach - which was usual at the time the products were launched - where manufacturers include dangerous functions that can be accessed with no authentication or a subpar implementation of security controls, such as cryptography," the researchers said.