Operational Technology – РИСК-АКАДЕМИЯ – АНО ДПО ИСАР

Key OT Cybersecurity Challenges: Availability, Integrity and Confidentiality

riskacademy — Mon, 07 Dec 2020 11:22:06 +0000

Organisations are still underestimating the risks created by insufficiently secured operational technology (OT).

One current example comes from Germany. According to a report by heise.de, external security testers consider it “likely” that a successful serious cyberattack against the publicly owned water company Berliner Wasserbetriebe could lead to a complete failure of the German capital’s waste water management.

The good news, at least for Germany, is that a combination of engineering standards and legal requirements often prevents many worst-case scenarios from happening. One such regulation requires that utility companies must be able to control their grids manually, if necessary. This is not the case in all European countries. If the legally required basic IT protections are in place, and two-factor authentication and other best practices are used, many potentially damaging incidents can be prevented or at least contained. Germany has a number of guidelines and standards that aim to minimise cybersecurity risks, including a law on basic IT security, ISO 27001, IEC62443 standards and a compendium published by the BSI, Germany’s equivalent to the UK’s National…

Claroty Adds Fully Integrated Remote Incident …

riskacademy — Sat, 31 Oct 2020 05:47:48 +0000

Enhanced Secure Remote Access and Continuous Threat Detection enable seamless detection, investigation, and response to OT security incidents across the broadest attack surface area from any location

NEW YORK – October 28, 2020 – Claroty, the global leader in operational technology (OT) security, today announced new enhancements to The Claroty Platform, making it the industry’s first OT security solution to offer remote incident management as a fully integrated capability that spans the entire incident lifecycle. The platform now enables cybersecurity teams to detect, investigate, and respond to security incidents on OT networks across the broadest attack surface area securely and seamlessly from any location.

IT and OT networks were already becoming more interconnected due to digital transformation, and the COVID-19-induced shift to remote work has accelerated their convergence even more. These combined forces have created an acutely expanded attack surface and volume of alerts for cybersecurity teams to manage. According to Gartner, “For those organizations whose cybersecurity operations capabilities are tuned to monitor events from their standard operating…

Industrial cyber

riskacademy — Fri, 21 Aug 2020 12:43:59 +0000

By nature, organisations are risk averse. Investors and stakeholders like to see regular business cycles, cash flow and monthly recurring revenue. An organisation taking on risk usually leads to scrutiny with a cost-benefit analysis for the business as, although some forms of risk may be manageable, others are not. It is down to organisational leaders to determine what is deemed an acceptable level of risk and eliminate and manage it as necessary, writes Marty Edwards, VP of Operational Technology, at the cyber firm Tenable.

For those organisations that provide critical infrastructure services, efficient risk management is vital in ensuring the company’s operational technology (OT) and the fabric of our national security is always thoroughly protected. Some countries have broken down which vertical industries they consider to be critical within their regions. For example, the CPNI in the UK identifies 13 distinct national infrastructure sectors that are of strategic importance.

In recent years, as critical infrastructure organisations have modernised their operations with a sharp rise in automation and IoT technology, the threat landscape has also heightened. In a world where…