Articles

Recent articles

Converged IT/OT operations often run into decision-making gridlock when it comes to exposure management and vulnerability management of OT. Without clearly established governance, organizations are experiencing prolonged periods of time exposed to attacks.
Cyber Resilience
Industrial
Operational Technology
Operational Resilience
Risk Management

Bridging the Divide: Overcoming Security Deadlocks in IT/OT Convergence

George V. Hulme
Vulnerability scoring models such as CVSS 3.1 and CVSS 4.0 must evolve to include contextual information that helps network and systems analysts and security teams better prioritize remediation, mitigation, and patching processes.
Vulnerability Management
Risk Management
Operational Technology
Cyber Resilience

CVSS Scores No Longer Enough: The Move to Context-Driven Vulnerability Management

George V. Hulme
Claroty Nexus contributor Megan Stifel, Chief Strategy Officer of the Institute for Security and Technology, writes about the upcoming expiration of the Cybersecurity Information Sharing Act of 2015 (CISA '15). She urges Congress to reauthorize CISA '15 because failing to do so will put national security and personal privacy at risk, and threaten innovation.
Risk Management
Cyber Resilience
Healthcare
Industrial

Reauthorization of CISA ’15: 10 Years Later, New Threats, Exigent Urgency

Megan Stifel
Experts weigh in on the recent Cybersecurity and Infrastructure Security Agency (CISA) guidance aimed at addressing the risks associated with the convergence of OT/IT in modern industrial organizations. CISA recommends enhanced asset inventories and taxonomies as foundational cybersecurity pieces of an OT security program.
Operational Technology
Vulnerability Management
Risk Management

Asset Management Key to Mitigating OT/IT Convergence Cybersecurity Risks

George V. Hulme
Rural hospital leaders are scrutinizing every budget dollar and have to find a way to balance patient care and safety with defending against digital cybersecurity threats.
Healthcare
Cyber Resilience
Risk Management

As Medicaid Cuts Take Hold, Rural Healthcare Cybersecurity Hangs by a Thread

George V. Hulme
Threat intelligence for operational technology environments differs from traditional IT threat intelligence. OT threat intelligence requires contextual, situational awareness that identifies vulnerabilities and anomalies, and also which assets, and in what part of the process, are exposed. It must also note what the safety and operational consequences would be if exploited. This context enables security teams to prioritize risk mitigation according to real-world impact rather than theoretical severity.
Vulnerability Management
Risk Management
Operational Technology
Operational Resilience
Cyber Resilience

Why Traditional Threat Intelligence Falls Short For Operational Technology

George V. Hulme
black-hat-media-panel-1.jpeg
Cyber Resilience
Operational Resilience
Vulnerability Management
Risk Management

Panel: Nation-States Leveraging CPS to Damage Confidence in Resilience, Response

Michael Mimoso
nexus_labonty-manuf-and-cloud.jpg
Risk Management
Operational Resilience
Operational Technology
Cyber Resilience

Navigating Manufacturing Cybersecurity and the Cloud

Jim LaBonty
With Federal policy changes pushing more cybersecurity and AI regulation to the state level, CISOs should prepare for even more fragmentation of cybersecurity laws and more jurisdictions to contend with, writes Cristin Flynn Goodwin.
Risk Management
Cyber Resilience
Operational Resilience

50 States of Cybersecurity Complexity

Cristin Flynn Goodwin
The convergence of IT and OT systems, primarily driven by the deployment of IIoT (industrial Internet of Things), cloud computing, and the need for remote monitoring, has fundamentally altered the OT architecture that the Purdue Model was initially designed to help manage.
Zero Trust
Risk Management
Operational Resilience
Operational Technology

Is It Time to Rethink the Purdue Model?

George V. Hulme
OT cybersecurity expert Danielle Jablanski of STV makes her first contribution to Claroty Nexus. She writes about how OT cybersecurity programs should not compromise safety and reliability over the likelihood a vulnerability will be exploited.
Operational Technology
Cyber Resilience
Vulnerability Management
Risk Management

Throw Likelihood to the Wind: OT Cybersecurity is Categorical, Not Mathematical

Danielle Jablanski
Mike Ratliff, CISO at Providence, one of the country's largest not-for-profit healthcare providers, writes about his organization's attempt to re-think GRC as Governance, Risk, Attack Surface Management, and Compliance (GRAC). Ratliff describes five areas GRAC improves the overall security program, including the quantification and prioritization of risk, the integration of attack surface management, and an architecture that supports secure-by-design principles.
Healthcare
Risk Management
Cyber Resilience
Operational Resilience

Rebuilding Legacy GRC from the Ground Up

Mike Ratliff
Latest on Nexus Podcast