Apply Now to Attend Nexus Conference 2025

Topics:

The NSA's Cybersecurity Technical Report on securing smart OT controllers champions secure-by-design and cyber-informed engineering, stating they prioritize “engineering controls to mitigate the worst consequences of cyberattacks”-like physical damage or loss of life. CIE moves cybersecurity from a design afterthought to a core engineering discipline. Traditional OT security often relied on air-gapping or retrofitting defenses, but CIE mandates designing systems that inherently resist attacks.

Cyber Resilience

Operational Resilience

Operational Technology

Risk Management

How Cyber-Informed Engineering Shapes NSA’s Blueprint for OT Cyber Resilience

George V. Hulme

Cyber Resilience

Operational Technology

Operational Resilience

Risk Management

An Operational Checklist for Securing the IT/OT Ecosystem

Vulnerability Management

Risk Management

Cyber Resilience

Secure by Default: The Necessary Prescription for Secure Healthcare Delivery

George V. Hulme

See all in Cyber Resilience See all in Articles

A New Jersey appeals court agreed with an earlier court’s decision that cybersecurity insurance providers could not deny ransomware coverage under a so-called “war exclusion” for a cybersecurity incident Merck & Co. claimed caused $1.4 billion in losses.

Cybersecurity Insurance

Merck Ransomware Insurance Ruling Helps Clear Fog of Cyberwar

George V. Hulme

Navigating cybersecurity insurance in a recession requires diligence about systemic cybersecurity risks that can cause premiums to rise or insurers to consider an organization uninsurable.

Cybersecurity Insurance

Risk Management

Navigating Cyber Insurance in a Recession

George V. Hulme

Avoid these seven pitfalls when seeking cybersecurity liability insurance; ensure you understand policy terms and conditions, conduct due diligence, and involve the proper stakeholders, among other things.

Cybersecurity Insurance

Cybersecurity Liability Insurance Pitfalls to Avoid

George V. Hulme

See all in Cybersecurity Insurance See all in Articles

A diversified operational technology (OT) cybersecurity monitoring platform plays a key role in strengthening the protection of cyber-physical systems by providing clear visibility, real-time threat detection, and proactive risk mitigation. By integrating multiple monitoring tools and technologies, organizations can build a layered security approach that minimizes vulnerabilities, improves response times, and keeps critical systems resilient against cyber threats.

Operational Resilience

Operational Technology

Diversified Monitoring Essential to a Strong OT Cybersecurity Foundation

John Ballentine

Cyber Resilience

Risk Management

Blunting the Risks of Private-Sector Ownership of CI

ADM. Michael S. Rogers, USN (Ret.)

The “Report to the President: Strategy for Cyber-Physical Resilience: Fortifying Our Critical Infrastructure for a Digital World,” reaffirms that cyber-resilience-by-design should be the standard and urges a coalition of government leaders and private sector critical infrastructure asset owners and operators to refocus their energies to build resilient cyber-physical systems (CPS) that are designed to withstand attack.

Cyber Resilience

Risk Management

Applauding A Codified Strategy for CPS Resilience

See all in Federal See all in Articles

Cyberattacks against the food and beverage industry are opportunistic and leverage the growth in digitization to exploit previously unmanaged vulnerabilities to disrupt operations.

Food & Beverage

On the Menu: Cybersecurity Risks in the Food and Beverage Industry

George V. Hulme

See all in Food & Beverage See all in Articles

Vulnerability Management

Risk Management

Cyber Resilience

Secure by Default: The Necessary Prescription for Secure Healthcare Delivery

George V. Hulme

Cyber Resilience

Risk Management

ASL Roma 1: From HyperSOC to H.O.P.E.

Stefano Scaramuzzino

The European Union Agency for Cybersecurity (ENISA)'s NIS360 report identifies gaps in the current state of NIS2 compliance readiness and provides recommendations to lawmakers and affected industry verticals on what they need to do to become NIS2 compliant.

Cyber Resilience

Operational Resilience

Operational Technology

ENISA Attempts to Move NIS2 Forward with NIS360 Findings

George V. Hulme

See all in Healthcare See all in Articles

The NSA's Cybersecurity Technical Report on securing smart OT controllers champions secure-by-design and cyber-informed engineering, stating they prioritize “engineering controls to mitigate the worst consequences of cyberattacks”-like physical damage or loss of life. CIE moves cybersecurity from a design afterthought to a core engineering discipline. Traditional OT security often relied on air-gapping or retrofitting defenses, but CIE mandates designing systems that inherently resist attacks.

Cyber Resilience

Operational Resilience

Operational Technology

Risk Management

How Cyber-Informed Engineering Shapes NSA’s Blueprint for OT Cyber Resilience

George V. Hulme

Cyber Resilience

Operational Technology

Operational Resilience

Risk Management

An Operational Checklist for Securing the IT/OT Ecosystem

Operational Technology

Operational Resilience

Has IT/OT Convergence Improved Critical Infrastructure Cybersecurity?

ADM. Michael S. Rogers, USN (Ret.)

See all in Industrial See all in Articles

If we are indeed at the full outset of Industry 4.0, the fourth industrial revolution, initiatives such as smart manufacturing will not truly succeed without keen awareness of new cybersecurity risks introduced by IT/OT connectivity and advanced technologies.

Cyber Resilience

Internet of Things

Operational Resilience

Operational Technology

Smart Manufacturing Requires Proactive Cybersecurity

See all in Internet of Things See all in Articles

The NSA's Cybersecurity Technical Report on securing smart OT controllers champions secure-by-design and cyber-informed engineering, stating they prioritize “engineering controls to mitigate the worst consequences of cyberattacks”-like physical damage or loss of life. CIE moves cybersecurity from a design afterthought to a core engineering discipline. Traditional OT security often relied on air-gapping or retrofitting defenses, but CIE mandates designing systems that inherently resist attacks.

Cyber Resilience

Operational Resilience

Operational Technology

Risk Management

How Cyber-Informed Engineering Shapes NSA’s Blueprint for OT Cyber Resilience

George V. Hulme

Cyber Resilience

Operational Technology

Operational Resilience

Risk Management

An Operational Checklist for Securing the IT/OT Ecosystem

Operational Technology

Operational Resilience

Has IT/OT Convergence Improved Critical Infrastructure Cybersecurity?

ADM. Michael S. Rogers, USN (Ret.)

See all in Operational Resilience See all in Articles

The NSA's Cybersecurity Technical Report on securing smart OT controllers champions secure-by-design and cyber-informed engineering, stating they prioritize “engineering controls to mitigate the worst consequences of cyberattacks”-like physical damage or loss of life. CIE moves cybersecurity from a design afterthought to a core engineering discipline. Traditional OT security often relied on air-gapping or retrofitting defenses, but CIE mandates designing systems that inherently resist attacks.

Cyber Resilience

Operational Resilience

Operational Technology

Risk Management

How Cyber-Informed Engineering Shapes NSA’s Blueprint for OT Cyber Resilience

George V. Hulme

Cyber Resilience

Operational Technology

Operational Resilience

Risk Management

An Operational Checklist for Securing the IT/OT Ecosystem

Operational Technology

Operational Resilience

Has IT/OT Convergence Improved Critical Infrastructure Cybersecurity?

ADM. Michael S. Rogers, USN (Ret.)

See all in Operational Technology See all in Articles

The HHS Office for Civil Rights proposes substantial rule changes to the long-standing Health Insurance Portability and Accountability Act (HIPAA) Security Rule. While details on the proposed rule changes remain unclear, HHS plans to issue a Notice of Proposed Rulemaking (NPRM) by the end of the year. These changes are believed to be the most substantial changes since the HIPAA Security rule went into effect in 2003

Significant Changes to HIPAA Security Rule on the Way

George V. Hulme

Mike Ratliff, AVP Security Engineering and Operations at Providence, writes about five steps healthcare delivery organizations should take to mitigate the risk of ransomware and extortion-based attacks.

Cyber Resilience

5 Things Hospitals Can Do to Mitigate Threats of Ransomware

Resilience, Recovery Strategies to Combat Ransomware and Extortion

ADM. Michael S. Rogers, USN (Ret.)

See all in Ransomware See all in Articles

The NSA's Cybersecurity Technical Report on securing smart OT controllers champions secure-by-design and cyber-informed engineering, stating they prioritize “engineering controls to mitigate the worst consequences of cyberattacks”-like physical damage or loss of life. CIE moves cybersecurity from a design afterthought to a core engineering discipline. Traditional OT security often relied on air-gapping or retrofitting defenses, but CIE mandates designing systems that inherently resist attacks.

Cyber Resilience

Operational Resilience

Operational Technology

Risk Management

How Cyber-Informed Engineering Shapes NSA’s Blueprint for OT Cyber Resilience

George V. Hulme

Cyber Resilience

Operational Technology

Operational Resilience

Risk Management

An Operational Checklist for Securing the IT/OT Ecosystem

Vulnerability Management

Risk Management

Cyber Resilience

Secure by Default: The Necessary Prescription for Secure Healthcare Delivery

George V. Hulme

See all in Risk Management See all in Articles

Enterprises often are blind to the use of open source software in commercial and homegrown software development. Vulnerabilities and other weaknesses in OSS deployments are significant exposures that must be managed and mitigated.

Vulnerability Management

Risk Management

Visibility, Governance Key to Managing Open Source Risk

George V. Hulme

Technical debt in OT leads to increased operations costs as teams fight to maintain outdated systems, and security teams struggle to keep those same systems secure, often through compensating controls.

Operational Technology

Getting Strategic Against Technical Debt in OT

George V. Hulme

Technical debt broadly refers to having old technology in place that causes problems later on, such as increased maintenance, lower productivity, and software or system reliability.

Operational Technology

Technical Debt in OT Environments: How It's Different and Why it Matters

George V. Hulme

See all in Technical Debt See all in Articles

Vulnerability Management

Risk Management

Cyber Resilience

Secure by Default: The Necessary Prescription for Secure Healthcare Delivery

George V. Hulme

Enterprises often are blind to the use of open source software in commercial and homegrown software development. Vulnerabilities and other weaknesses in OSS deployments are significant exposures that must be managed and mitigated.

Vulnerability Management

Risk Management

Visibility, Governance Key to Managing Open Source Risk

George V. Hulme

Building management or automation systems are increasingly being connected online. Each connection to the internet introduces a new risk. Attackers looking for an entry point onto an internal network or to disrupt operations within a building could target a vulnerability in an internet-facing system and put the physical safety of occupants—or patients at a hospital, for example—at risk.

Vulnerability Management

Risk Management

Operational Resilience

Operational Technology

Reducing the Cybersecurity Risks of Connected BMS

See all in Vulnerability Management See all in Articles

Operational Resilience

Operational Technology

Poor Visibility Still a Drag on Secure Third-Party Remote Access

George V. Hulme

The European Union Agency for Cybersecurity (ENISA)'s NIS360 report identifies gaps in the current state of NIS2 compliance readiness and provides recommendations to lawmakers and affected industry verticals on what they need to do to become NIS2 compliant.

Cyber Resilience

Operational Resilience

Operational Technology

ENISA Attempts to Move NIS2 Forward with NIS360 Findings

George V. Hulme

As shop floors and factories get smarter, there is an unprecedented surge in, and demand for, remote access to manufacturing systems. Former Pfizer global head of automation engineering Jim LaBonty writes for Claroty Nexus about the need to secure remote access to manufacturing environments to reduce risk and improve efficiency.

Cyber Resilience

Operational Technology

Secure Remote Access for Smart Factory Environments

See all in Zero Trust See all in Articles

screenshot-2024-11-07-at-4.43.18-pm.png

Nexus Conference

Rodnei Gripp da Petrobras Fortalece a Conexão entre Segurança de Infraestruturas Críticas e Negócio

Saiba como a Claroty colaborou com o time de segurança cibernética da Petrobras, gerando benefícios estratégicos para a equipe responsável pelas plataformas de…

screenshot-2024-11-07-at-4.40.51-pm.png

José Carlos Hererra de Sigma, la Importancia de la Visibilidad y la Simplicidad

José Carlos Herrera, CISO de Sigma Europa, nos habla de la importancia de tener un inventario claro y una herramienta amigable como base para desarrollar una…

Nexus Conference

Felipe Bonomo Destaca os Desafios Relacionados à Proteção de Infraestruturas Críticas

Felipe Bonomo, CISO da Alpargatas, empresa responsável pela icônica marca Havaianas, compartilha os desafios e benefícios de sua parceria com a Claroty na…

See all in Videos

Joe Slowik, threat intelligence and detections lead at Gigamon, joins the Nexus podcast to discuss a Virus Bulletin paper and presentation he gave recently on XENOTIME.

Risk Management

Cyber Resilience

Operational Resilience

Nexus Podcast: Joe Slowik on Identifying Truly ‘Critical’ Infrastructure

Cyber Resilience

Operational Resilience

Operational Technology

Risk Management

Nexus Podcast: Danielle Jablanski on Critical Infrastructure Protection

Cyber Resilience

Operational Resilience

Vulnerability Management

Risk Management

Nexus Podcast: Cassie Crossley on Hardware Security, HBOMs

See all in Podcasts

Articles

Recent articles

The NSA's Cybersecurity Technical Report on securing smart OT controllers champions secure-by-design and cyber-informed engineering, stating they prioritize “engineering controls to mitigate the worst consequences of cyberattacks”-like physical damage or loss of life. CIE moves cybersecurity from a design afterthought to a core engineering discipline. Traditional OT security often relied on air-gapping or retrofitting defenses, but CIE mandates designing systems that inherently resist attacks.

Cyber Resilience

Operational Resilience

Operational Technology

Risk Management

How Cyber-Informed Engineering Shapes NSA’s Blueprint for OT Cyber Resilience

George V. Hulme

Cyber Resilience

Operational Technology

Operational Resilience

Risk Management

An Operational Checklist for Securing the IT/OT Ecosystem

Vulnerability Management

Risk Management

Cyber Resilience

Secure by Default: The Necessary Prescription for Secure Healthcare Delivery

George V. Hulme

Operational Resilience

Cyber Resilience

Risk Management

The Power of Complete OT Asset Visibility: Transforming Security and Efficiency

Cyber Resilience

Risk Management

ASL Roma 1: From HyperSOC to H.O.P.E.

Stefano Scaramuzzino

Cyber Resilience

Operational Resilience

Risk Management

The Quantum Compliance Leap: Preparing for Q-Day

Cristin Flynn Goodwin

Reactive cybersecurity programs are destined for a fate similar to the story of the boiling frog, one that doesn’t know it’s in trouble until it’s too late. Proactive and predictive approaches to cybersecurity are a must because they act as early warning systems that alert organizations before disaster strikes.

Risk Management

‘The Boiled Frog’: A Cybersecurity Lesson for Organizations

Francesco Terlizzi

Enterprises often are blind to the use of open source software in commercial and homegrown software development. Vulnerabilities and other weaknesses in OSS deployments are significant exposures that must be managed and mitigated.

Vulnerability Management

Risk Management

Visibility, Governance Key to Managing Open Source Risk

George V. Hulme

Building management or automation systems are increasingly being connected online. Each connection to the internet introduces a new risk. Attackers looking for an entry point onto an internal network or to disrupt operations within a building could target a vulnerability in an internet-facing system and put the physical safety of occupants—or patients at a hospital, for example—at risk.

Vulnerability Management

Risk Management

Operational Resilience

Operational Technology

Reducing the Cybersecurity Risks of Connected BMS

Identifying and classifying the riskiest devices in operational technology (OT)-heavy environments is crucial for maintaining operational integrity and security. Expert Dan Ricci provides an extensive checklist for doing so that includes internal stakeholders and technical advice.

Operational Technology

Vulnerability Management

Risk Management

Identifying, Classifying Riskiest Devices in OT-Heavy Environments

EU software and IoT device manufacturers must begin their efforts to come into compliance with the EU's Cyber Resilience Act (CRA). The CRA aims to protect consumers and businesses buying software or hardware products with a digital component from vulnerabilities and improve secure software development practices.

Cyber Resilience

Operational Resilience

Risk Management

Software Security is Aim of EU Cyber Resilience Act Compliance

George V. Hulme

Former NSA Director Adm. Michael S. Rogers shares three priorities the Trump Administration should pursue with regard to cybersecurity and critical infrastructure protection. Those include resuming the Cybersecurity Review Board, urging enterprises to focus on basic security hygiene, and exert its influence on vendors to secure their products.

Cyber Resilience

Risk Management

3 Cybersecurity Priorities for the New Administration

ADM. Michael S. Rogers, USN (Ret.)

1

Latest on Nexus Podcast

See all episodes

The Nexus podcast features conversations with security leaders, researchers, and experts sharing their expertise on cyber-physical systems security.

See all episodes

Joe Slowik, threat intelligence and detections lead at Gigamon, joins the Nexus podcast to discuss a Virus Bulletin paper and presentation he gave recently on XENOTIME.

Risk Management

Cyber Resilience

Operational Resilience

Nexus Podcast: Joe Slowik on Identifying Truly ‘Critical’ Infrastructure

Cyber Resilience

Operational Resilience

Operational Technology

Risk Management

Nexus Podcast: Danielle Jablanski on Critical Infrastructure Protection

Cyber Resilience

Operational Resilience

Vulnerability Management

Risk Management

Nexus Podcast: Cassie Crossley on Hardware Security, HBOMs