See All Nexus 2024 Sessions
Claroty Nexus Logo
Topics:
See all in Cyber Resilience See all in Articles
See all in Videos
See all in Podcasts

Articles

Recent articles

nexus_devops-geo.jpg
Operational Technology

Does DevOps have a place in OT/ICS Development?

George V. Hulme
nexus_sign.jpg
Cyber Resilience
Healthcare
Industrial
Operational Technology
Risk Management

CPS Security Leaders Convene on One Goal: Protect Mission-Critical Infrastructure

Upa Campbell
In OT and ICS cybersecurity, living off the land (LOTL) techniques refer to the practice of attackers using the existing tools and processes in a target system to carry out their malicious activities. This approach is particularly dangerous because it allows the attacker to blend in with everyday activities, making detection significantly more challenging.
Operational Technology
Cyber Resilience
Industrial

How Living-Off-The-Land Techniques Impact OT and ICS

Dan Ricci
If we are indeed at the full outset of Industry 4.0, the fourth industrial revolution, initiatives such as smart manufacturing will not truly succeed without keen awareness of new cybersecurity risks introduced by IT/OT connectivity and advanced technologies.
Cyber Resilience
Internet of Things
Operational Resilience
Operational Technology

Smart Manufacturing Requires Proactive Cybersecurity

Jim LaBonty
Secure remote access for third parties is a growing demand within OT and ICS environments. CISOs must understand and mitigate the risk third-party access introduces by having visibility into these connections, limiting access when appropriate, and applying other mitigations.
Operational Technology

Closing the Door on Third-Party Access Risks

George V. Hulme
nexus_converge-june-4.jpg
Operational Technology
Risk Management

How to Unify Colliding IT/OT Worlds

George V. Hulme
nexus_water-epa.jpg
Operational Technology
Cyber Resilience

EPA Cybersecurity Warning to Water Systems Faces Challenges

George V. Hulme
It’s incumbent upon the enterprise to manage third-party supply-chain relationships with cybersecurity as a foremost priority, in particular locking down access to critical systems and adequately managing and assigning privileged access to third parties.
Operational Technology

Examining Third-Party Supply-Chain Risks Around Secure Access

Jim LaBonty
Expert Don C. Weber writes that safety devices are within scope for cybersecurity risk assessments. This includes conducting high-level risk assessments to assemble documentation for specific Systems-under-Consideration (SuC) of the safety solution, performing a vulnerability assessment of the SuC, feeding the results into the detailed risk assessment to allow the risk management team to identify and address residual risks.
Operational Technology
Operational Resilience
Vulnerability Management

Architecting Safety Using Cybersecurity Requirements and Assessments

Don C. Weber
OT and ICS asset owners must consider non-traditional OT exposures beyond software vulnerabilities—a comprehensive exposure management approach to risk reduction—to understand the multifaceted challenges and the proactive measures necessary to safeguard critical infrastructure.
Cyber Resilience
Operational Technology
Risk Management

Operational Technology Exposure: Beyond Software Vulnerabilities

Dan Ricci
The UK's National Cyber Security Centre (NCSC) reacts to growing cloud implementations for operational technology, SCADA, and industrial control systems. The shift to cloud computing has caused the NCSC to be concerned that organizations aren't properly managing the new connectivity, including security boundaries and access control mechanisms.
Risk Management
Cyber Resilience
Operational Technology

UK NCSC Urges OT/ICS Operators to Secure Cloud Migrations

George V. Hulme
The U.K.'s enhanced Cyber Assessment Framework is designed to help critical infrastructure organizations comprehensively assess and improve their ability to defend against, and respond to, cyberattacks.
Cyber Resilience
Operational Technology
Operational Resilience

UK Critical Infrastructure Sectors Brace for Enhanced Cyber Assessment Framework

George V. Hulme

Latest on Nexus Podcast

See all episodes
The Nexus podcast features conversations with security leaders, researchers, and experts sharing their expertise on cyber-physical systems security.
In this episode of the Nexus Podcast, Alethe Denis, a senior security consultant at Bishop Fox, joins to discuss the ongoing effectiveness of open-source intelligence analysis and social engineering tactics as a precursor to larger intrusions against critical infrastructure.
Cyber Resilience
Healthcare
Industrial
Risk Management

Nexus Podcast: Alethe Denis on Social Engineering, Red-Teaming
On this episode of the Nexus Podcast, Alon Dankner of the Technion Institute in Israel explains his research into the Siemens S7 protocol and PLCs. A vulnerability uncovered during research allows an attacker to expose and steal private cryptographic keys by leveraging a severe vulnerability and configuration error.
Operational Technology

Nexus Podcast: Alon Dankner on Extracting Private Crypto Keys from PLCs
In this episode of the Nexus Podcast, Claroty Team82 researcher Noam Moshe explains the challenges involved in gathering attack forensic artifacts from OT devices, in this case, Unitronics PLCs that were exploited in 2023 in attacks against water facilities in the U.S. and Israel.
Operational Technology
Industrial

Nexus Podcast: Noam Moshe on Extracting Forensic Data from Unitronics PLCs