Apply Now to Attend Nexus Conference 2025

Topics:

Rural hospital leaders are scrutinizing every budget dollar and have to find a way to balance patient care and safety with defending against digital cybersecurity threats.

Cyber Resilience

Risk Management

As Medicaid Cuts Take Hold, Rural Healthcare Cybersecurity Hangs by a Thread

George V. Hulme

Threat intelligence for operational technology environments differs from traditional IT threat intelligence. OT threat intelligence requires contextual, situational awareness that identifies vulnerabilities and anomalies, and also which assets, and in what part of the process, are exposed. It must also note what the safety and operational consequences would be if exploited. This context enables security teams to prioritize risk mitigation according to real-world impact rather than theoretical severity.

Vulnerability Management

Risk Management

Operational Technology

Operational Resilience

Cyber Resilience

Why Traditional Threat Intelligence Falls Short For Operational Technology

George V. Hulme

Cyber Resilience

Operational Resilience

Vulnerability Management

Risk Management

Panel: Nation-States Leveraging CPS to Damage Confidence in Resilience, Response

See all in Cyber Resilience See all in Articles

A New Jersey appeals court agreed with an earlier court’s decision that cybersecurity insurance providers could not deny ransomware coverage under a so-called “war exclusion” for a cybersecurity incident Merck & Co. claimed caused $1.4 billion in losses.

Cybersecurity Insurance

Merck Ransomware Insurance Ruling Helps Clear Fog of Cyberwar

George V. Hulme

Navigating cybersecurity insurance in a recession requires diligence about systemic cybersecurity risks that can cause premiums to rise or insurers to consider an organization uninsurable.

Cybersecurity Insurance

Risk Management

Navigating Cyber Insurance in a Recession

George V. Hulme

Avoid these seven pitfalls when seeking cybersecurity liability insurance; ensure you understand policy terms and conditions, conduct due diligence, and involve the proper stakeholders, among other things.

Cybersecurity Insurance

Cybersecurity Liability Insurance Pitfalls to Avoid

George V. Hulme

See all in Cybersecurity Insurance See all in Articles

A diversified operational technology (OT) cybersecurity monitoring platform plays a key role in strengthening the protection of cyber-physical systems by providing clear visibility, real-time threat detection, and proactive risk mitigation. By integrating multiple monitoring tools and technologies, organizations can build a layered security approach that minimizes vulnerabilities, improves response times, and keeps critical systems resilient against cyber threats.

Operational Resilience

Operational Technology

Diversified Monitoring Essential to a Strong OT Cybersecurity Foundation

John Ballentine

Cyber Resilience

Risk Management

Blunting the Risks of Private-Sector Ownership of CI

ADM. Michael S. Rogers, USN (Ret.)

The “Report to the President: Strategy for Cyber-Physical Resilience: Fortifying Our Critical Infrastructure for a Digital World,” reaffirms that cyber-resilience-by-design should be the standard and urges a coalition of government leaders and private sector critical infrastructure asset owners and operators to refocus their energies to build resilient cyber-physical systems (CPS) that are designed to withstand attack.

Cyber Resilience

Risk Management

Applauding A Codified Strategy for CPS Resilience

See all in Federal See all in Articles

Cyberattacks against the food and beverage industry are opportunistic and leverage the growth in digitization to exploit previously unmanaged vulnerabilities to disrupt operations.

Food & Beverage

On the Menu: Cybersecurity Risks in the Food and Beverage Industry

George V. Hulme

See all in Food & Beverage See all in Articles

Rural hospital leaders are scrutinizing every budget dollar and have to find a way to balance patient care and safety with defending against digital cybersecurity threats.

Cyber Resilience

Risk Management

As Medicaid Cuts Take Hold, Rural Healthcare Cybersecurity Hangs by a Thread

George V. Hulme

Mike Ratliff, CISO at Providence, one of the country's largest not-for-profit healthcare providers, writes about his organization's attempt to re-think GRC as Governance, Risk, Attack Surface Management, and Compliance (GRAC). Ratliff describes five areas GRAC improves the overall security program, including the quantification and prioritization of risk, the integration of attack surface management, and an architecture that supports secure-by-design principles.

Risk Management

Cyber Resilience

Operational Resilience

Rebuilding Legacy GRC from the Ground Up

ASL Roma 1’s HOPE (Healthcare Operational Protection & Excellence) project stands as a cutting-edge initiative in healthcare cybersecurity, leveraging advanced technologies and innovative methodologies to strengthen organizational resilience. Here we lay the foundation for explaining how our CMDB becomes a key tool for proactively managing vulnerabilities, especially during waves of CVEs (Common Vulnerabilities and Exposures) that can quickly disrupt complex environments.

Operational Resilience

Cyber Resilience

Vulnerability Management

ASL Roma 1’s HOPE: Innovation and Resilience to Vulnerability Waves

Stefano Scaramuzzino

See all in Healthcare See all in Articles

Current OT cybersecurity budgeting approaches reflect a misalignment of prioritizing surface-level defenses over architectural shortcomings. Instead, CISOs should demand vendors deliver products that are secure by design, and address systemic failures over a reactive approach to the security of cyber-physical systems.

Operational Technology

Risk Management

The Economics of OT Cybersecurity: Are We Investing in the Wrong Priorities?

U.S. critical infrastructure operators are urged to be vigilant in hardening operational technology and ICS cybersecurity in expectation of a retaliatory response from Iran for last week’s missile strikes.

Cyber Resilience

Operational Technology

Internet of Things

Risk Management

Experts: Expect Iran’s Cyber Tactics to be Disruptive

George V. Hulme

shutterstock_1489100678-(3)-(1).jpg

Operational Technology

Vulnerability Management

Managing Serial-to-Ethernet Exposures in Modern OT Networks

See all in Industrial See all in Articles

U.S. critical infrastructure operators are urged to be vigilant in hardening operational technology and ICS cybersecurity in expectation of a retaliatory response from Iran for last week’s missile strikes.

Cyber Resilience

Operational Technology

Internet of Things

Risk Management

Experts: Expect Iran’s Cyber Tactics to be Disruptive

George V. Hulme

If we are indeed at the full outset of Industry 4.0, the fourth industrial revolution, initiatives such as smart manufacturing will not truly succeed without keen awareness of new cybersecurity risks introduced by IT/OT connectivity and advanced technologies.

Cyber Resilience

Internet of Things

Operational Resilience

Operational Technology

Smart Manufacturing Requires Proactive Cybersecurity

See all in Internet of Things See all in Articles

Threat intelligence for operational technology environments differs from traditional IT threat intelligence. OT threat intelligence requires contextual, situational awareness that identifies vulnerabilities and anomalies, and also which assets, and in what part of the process, are exposed. It must also note what the safety and operational consequences would be if exploited. This context enables security teams to prioritize risk mitigation according to real-world impact rather than theoretical severity.

Vulnerability Management

Risk Management

Operational Technology

Operational Resilience

Cyber Resilience

Why Traditional Threat Intelligence Falls Short For Operational Technology

George V. Hulme

Cyber Resilience

Operational Resilience

Vulnerability Management

Risk Management

Panel: Nation-States Leveraging CPS to Damage Confidence in Resilience, Response

Risk Management

Operational Resilience

Operational Technology

Cyber Resilience

Navigating Manufacturing Cybersecurity and the Cloud

See all in Operational Resilience See all in Articles

Threat intelligence for operational technology environments differs from traditional IT threat intelligence. OT threat intelligence requires contextual, situational awareness that identifies vulnerabilities and anomalies, and also which assets, and in what part of the process, are exposed. It must also note what the safety and operational consequences would be if exploited. This context enables security teams to prioritize risk mitigation according to real-world impact rather than theoretical severity.

Vulnerability Management

Risk Management

Operational Technology

Operational Resilience

Cyber Resilience

Why Traditional Threat Intelligence Falls Short For Operational Technology

George V. Hulme

Risk Management

Operational Resilience

Operational Technology

Cyber Resilience

Navigating Manufacturing Cybersecurity and the Cloud

The convergence of IT and OT systems, primarily driven by the deployment of IIoT (industrial Internet of Things), cloud computing, and the need for remote monitoring, has fundamentally altered the OT architecture that the Purdue Model was initially designed to help manage.

Risk Management

Operational Resilience

Operational Technology

Is It Time to Rethink the Purdue Model?

George V. Hulme

See all in Operational Technology See all in Articles

The HHS Office for Civil Rights proposes substantial rule changes to the long-standing Health Insurance Portability and Accountability Act (HIPAA) Security Rule. While details on the proposed rule changes remain unclear, HHS plans to issue a Notice of Proposed Rulemaking (NPRM) by the end of the year. These changes are believed to be the most substantial changes since the HIPAA Security rule went into effect in 2003

Significant Changes to HIPAA Security Rule on the Way

George V. Hulme

Mike Ratliff, AVP Security Engineering and Operations at Providence, writes about five steps healthcare delivery organizations should take to mitigate the risk of ransomware and extortion-based attacks.

Cyber Resilience

5 Things Hospitals Can Do to Mitigate Threats of Ransomware

Resilience, Recovery Strategies to Combat Ransomware and Extortion

ADM. Michael S. Rogers, USN (Ret.)

See all in Ransomware See all in Articles

Rural hospital leaders are scrutinizing every budget dollar and have to find a way to balance patient care and safety with defending against digital cybersecurity threats.

Cyber Resilience

Risk Management

As Medicaid Cuts Take Hold, Rural Healthcare Cybersecurity Hangs by a Thread

George V. Hulme

Threat intelligence for operational technology environments differs from traditional IT threat intelligence. OT threat intelligence requires contextual, situational awareness that identifies vulnerabilities and anomalies, and also which assets, and in what part of the process, are exposed. It must also note what the safety and operational consequences would be if exploited. This context enables security teams to prioritize risk mitigation according to real-world impact rather than theoretical severity.

Vulnerability Management

Risk Management

Operational Technology

Operational Resilience

Cyber Resilience

Why Traditional Threat Intelligence Falls Short For Operational Technology

George V. Hulme

Cyber Resilience

Operational Resilience

Vulnerability Management

Risk Management

Panel: Nation-States Leveraging CPS to Damage Confidence in Resilience, Response

See all in Risk Management See all in Articles

Current OT cybersecurity budgeting approaches reflect a misalignment of prioritizing surface-level defenses over architectural shortcomings. Instead, CISOs should demand vendors deliver products that are secure by design, and address systemic failures over a reactive approach to the security of cyber-physical systems.

Operational Technology

Risk Management

The Economics of OT Cybersecurity: Are We Investing in the Wrong Priorities?

Enterprises often are blind to the use of open source software in commercial and homegrown software development. Vulnerabilities and other weaknesses in OSS deployments are significant exposures that must be managed and mitigated.

Vulnerability Management

Risk Management

Visibility, Governance Key to Managing Open Source Risk

George V. Hulme

Technical debt in OT leads to increased operations costs as teams fight to maintain outdated systems, and security teams struggle to keep those same systems secure, often through compensating controls.

Operational Technology

Getting Strategic Against Technical Debt in OT

George V. Hulme

See all in Technical Debt See all in Articles

Threat intelligence for operational technology environments differs from traditional IT threat intelligence. OT threat intelligence requires contextual, situational awareness that identifies vulnerabilities and anomalies, and also which assets, and in what part of the process, are exposed. It must also note what the safety and operational consequences would be if exploited. This context enables security teams to prioritize risk mitigation according to real-world impact rather than theoretical severity.

Vulnerability Management

Risk Management

Operational Technology

Operational Resilience

Cyber Resilience

Why Traditional Threat Intelligence Falls Short For Operational Technology

George V. Hulme

Cyber Resilience

Operational Resilience

Vulnerability Management

Risk Management

Panel: Nation-States Leveraging CPS to Damage Confidence in Resilience, Response

OT cybersecurity expert Danielle Jablanski of STV makes her first contribution to Claroty Nexus. She writes about how OT cybersecurity programs should not compromise safety and reliability over the likelihood a vulnerability will be exploited.

Operational Technology

Cyber Resilience

Vulnerability Management

Risk Management

Throw Likelihood to the Wind: OT Cybersecurity is Categorical, Not Mathematical

Danielle Jablanski

See all in Vulnerability Management See all in Articles

The convergence of IT and OT systems, primarily driven by the deployment of IIoT (industrial Internet of Things), cloud computing, and the need for remote monitoring, has fundamentally altered the OT architecture that the Purdue Model was initially designed to help manage.

Risk Management

Operational Resilience

Operational Technology

Is It Time to Rethink the Purdue Model?

George V. Hulme

Operational Resilience

Operational Technology

Poor Visibility Still a Drag on Secure Third-Party Remote Access

George V. Hulme

The European Union Agency for Cybersecurity (ENISA)'s NIS360 report identifies gaps in the current state of NIS2 compliance readiness and provides recommendations to lawmakers and affected industry verticals on what they need to do to become NIS2 compliant.

Cyber Resilience

Operational Resilience

Operational Technology

ENISA Attempts to Move NIS2 Forward with NIS360 Findings

George V. Hulme

See all in Zero Trust See all in Articles

Cyber Resilience

Leandro Ribeiro, Sobre la Segurança Cibernética no Setor de Saúde

Leandro Ribeiro, CISO do Hospital Sírio-Libanês, compartilha sua experiência no Nexus 24 em Boston, discutindo segurança cibernética no setor de saúde e o…

Vulnerability Management

Cyber Resilience

Arthur Paixao Sobre los Principais Riscos Cibernéticos no Setor de Saúde

Entrevista com Arthur Paixão, Head de Cybersecurity do Hospital Albert Einstein, sobre os principais riscos cibernéticos no setor de saúde. Arthur destaca que…

screenshot-2024-11-07-at-4.43.18-pm.png

Nexus Conference

Rodnei Gripp da Petrobras Fortalece a Conexão entre Segurança de Infraestruturas Críticas e Negócio

Saiba como a Claroty colaborou com o time de segurança cibernética da Petrobras, gerando benefícios estratégicos para a equipe responsável pelas plataformas de…

See all in Videos

Rui Adaite, Managing Security Consultant at GuidePoint Security, joined the Nexus Podcast recently to discuss the nuances of ransomware negotiations, how negotiations work, and the ins and outs of interacting with ransomware gangs.

Cyber Resilience

Nexus Podcast: Rui Ataide on Ransomware Negotiations and Recovery

Trend Micro Senior Threat Researcher Salvatore Gariuolo joined the Nexus Podcast, calling int question whether the ISO 15188 standard is sufficient enough to protect EV charging—the cybersecurity of charging stations in particular.

Internet of Things

Vulnerability Management

Risk Management

Nexus Podcast: Salvatore Gariuolo on ISO 15118, Safe EV Charging

Internet of Things

Vulnerability Management

Risk Management

Nexus Podcast: Noam Moshe on Hacking Video Surveillance

See all in Podcasts

Archive

All entries

Rui Adaite, Managing Security Consultant at GuidePoint Security, joined the Nexus Podcast recently to discuss the nuances of ransomware negotiations, how negotiations work, and the ins and outs of interacting with ransomware gangs.

Cyber Resilience

Nexus Podcast: Rui Ataide on Ransomware Negotiations and Recovery

Current OT cybersecurity budgeting approaches reflect a misalignment of prioritizing surface-level defenses over architectural shortcomings. Instead, CISOs should demand vendors deliver products that are secure by design, and address systemic failures over a reactive approach to the security of cyber-physical systems.

Operational Technology

Risk Management

The Economics of OT Cybersecurity: Are We Investing in the Wrong Priorities?

Gentry Lane, founder of Nemesis Global, joins the Nexus Podcast to discuss how a Cold War tactic known as Salami Cuts is being used against U.S. critical infrastructure. Adversaries who cannot operate on equal footing on a kinetic battlefield, are finding cyberspace to be a level playing field. The use of salami tactics is a strategy of gradually degrading an opposition's dominance by instilling distrust in institutions, utilities, or the government's ability to protect us.

Cyber Resilience

Risk Management

Nexus Podcast: Gentry Lane on the Use of 'Salami Cuts' in Cyber Conflict

In this episode of the Nexus Podcast, Pedro Umbelino, Principal Research Scientist at Bitsight Technologies, joins to discuss his team's research into Automatic Tank Gauge (ATG) systems and how they uncovered 11 vulnerabilities in ATGs manufactured by five different vendors. ATG devices have sets of sensors that measure and record fuel levels, condensation, temperature, and volume in storage tanks. They are critical because they can be used to monitor for leaks, and can trigger alerts, sirens, perform emergency shutoff procedures, or allow for ventilation if necessary.

Operational Resilience

Operational Technology

Vulnerability Management

Nexus Podcast: Pedro Umbelino on Exploiting ATG Devices in Fuel Storage

U.S. critical infrastructure operators are urged to be vigilant in hardening operational technology and ICS cybersecurity in expectation of a retaliatory response from Iran for last week’s missile strikes.

Cyber Resilience

Operational Technology

Internet of Things

Risk Management

Experts: Expect Iran’s Cyber Tactics to be Disruptive

George V. Hulme

Operational Technology

Internet of Things

Risk Management

Looking Back at 100 Episodes of the Nexus Podcast

shutterstock_1489100678-(3)-(1).jpg

Operational Technology

Vulnerability Management

Managing Serial-to-Ethernet Exposures in Modern OT Networks

Cyber Resilience

Operational Resilience

Operational Technology

Risk Management

Nexus Podcast: Andrew Ohrt on Starting Cyber-Informed Engineering Projects

Cyber Resilience

Operational Technology

Risk Management

Vulnerability Management

Cloud's Double-Edged Sword: Transforming OT Exposure Management

George V. Hulme

The NSA's Cybersecurity Technical Report on securing smart OT controllers champions secure-by-design and cyber-informed engineering, stating they prioritize “engineering controls to mitigate the worst consequences of cyberattacks”-like physical damage or loss of life. CIE moves cybersecurity from a design afterthought to a core engineering discipline. Traditional OT security often relied on air-gapping or retrofitting defenses, but CIE mandates designing systems that inherently resist attacks.

Cyber Resilience

Operational Resilience

Operational Technology

Risk Management

How Cyber-Informed Engineering Shapes NSA’s Blueprint for OT Cyber Resilience

George V. Hulme

Cyber Resilience

Operational Technology

Operational Resilience

Risk Management

An Operational Checklist for Securing the IT/OT Ecosystem

Operational Technology

Operational Resilience

Has IT/OT Convergence Improved Critical Infrastructure Cybersecurity?

ADM. Michael S. Rogers, USN (Ret.)

1

Latest on Nexus Podcast

See all episodes

The Nexus podcast features conversations with security leaders, researchers, and experts sharing their expertise on cyber-physical systems security.

See all episodes

Rui Adaite, Managing Security Consultant at GuidePoint Security, joined the Nexus Podcast recently to discuss the nuances of ransomware negotiations, how negotiations work, and the ins and outs of interacting with ransomware gangs.

Cyber Resilience

Nexus Podcast: Rui Ataide on Ransomware Negotiations and Recovery

Trend Micro Senior Threat Researcher Salvatore Gariuolo joined the Nexus Podcast, calling int question whether the ISO 15188 standard is sufficient enough to protect EV charging—the cybersecurity of charging stations in particular.

Internet of Things

Vulnerability Management

Risk Management

Nexus Podcast: Salvatore Gariuolo on ISO 15118, Safe EV Charging

Internet of Things

Vulnerability Management

Risk Management

Nexus Podcast: Noam Moshe on Hacking Video Surveillance