Offense is what paces innovation in cybersecurity since threat actors constantly look for new ways to compromise systems, said AllegisCyber Capital's Bob Ackerman. Many offensive cyber capabilities developed by the national intelligence community make their way into the wild and become exploitable.
Many infrastructures have both OT and IT systems, making data and device transfer between the two systems difficult. Also, some OT devices are outdated while IT systems use modern cloud devices. And the shortage of training is another important hurdle, said OPSWAT CEO Benny Czarny.
OT attacks have doubled. Mark Cristiano, global commercial director of cybersecurity services at Rockwell Automation, discusses how organizations can develop a strategic approach to OT security that aligns with their risk profile, cyber maturity and ability to absorb change.
A new Food and Drug Administration policy to "refuse to accept" premarket submissions for new medical devices if they lack of cybersecurity details will help substantially improve the state of legacy devices in the future, said the FDA's Dr. Suzanne Schwartz. Here's a look at the new requirements.
Europe's cybersecurity agency predicts hackers will take advantage of the growing overlap between information and operational technologies in the transport sector and disrupt OT processes in a targeted attack. Ransomware will become a tool wielded for political and financial motivations, says ENISA.
Cybersecurity will take its place alongside chemical contaminant removal as an element the U.S. Environmental Protection Agency says public water systems must mitigate. "Cyberattacks that are targeting water systems are real and a significant threat," said an EPA official.
The Biden administration has unveiled its new national cybersecurity strategy, detailing top challenges facing the U.S. and plans for addressing them. Goals include minimum security requirements for critical infrastructure sector organizations and liability for poor software development practices.
Accenture has bought Morphus to get more intelligence around fraud and other cybercrimes Brazilian criminals are perpetuating in the digital world. The Morphus acquisition will help Accenture customers take on financially motivated cyber fraud and insider threats that are pervasive in Brazil.
Fortinet has blunted the impact of the economic downturn by helping customers consolidate their security footprint and add protection in areas like OT, WiFi and SD-WAN. CEO Ken Xie says Fortinet's ASIC chip allows the company to take market share from rivals while delivering superior performance.
Executives underestimated the security risk associated with operational technology based on the erroneous belief that OT networks are highly segmented or air gapped. But COVID-19 made executives realize their OT networks are more connected than they previously thought, says Dragos CEO Robert M. Lee.
Tenable has debuted a $25 million corporate investment program to support prevention-focused startups focused on technologies such as cloud, OT and identity. The Baltimore-area exposure management vendor says Tenable Ventures plans to scour Israel and the United States for startups.
The increased physical connectivity of digital assets has expanded the attack surface and added complexity for engineers in industrial environments, says Dragos CEO Robert Lee. More industrial automation and new systems have made it tougher for plant operators to conduct root cause analysis.
Determining which asset vulnerabilities should be prioritized for remediation is one of the biggest challenges for virtually every CISO and CSO, says Armis co-founder and CEO Yevgeny Dibrov. Dibrov says CVE and CVSS scores aren't an effective way to prioritize which vulnerabilities to fix first.
Industrial control vendors such as Honeywell are increasingly adopting Nozomi Networks within their security portfolio, says CEO Edgard Capdevielle. Firms such as Siemens can actually run Nozomi's products inside their platform, while others have incorporated its tool into a managed service bundle.
Software vulnerabilities installed by luxury car manufacturers including Ferrari, BMW, Rolls Royce and Porsche that could allow remote attackers to control vehicles and steal owners' personal details have been fixed. Cybersecurity researchers uncovered the vulnerabilities while vacationing.