TRITON/TRISIS Emerges from Shadows Once Again

As many are aware, TRITON/TRISIS is back in the news.  Another critical infrastructure organization was infiltrated with the same penetration framework used in the original attack documented in late 2017.  In this most recent case, the framework was found on the IT network and had yet to reach the OT network. The attackers were conducting reconnaissance and were working to penetrate deeper with the goal of... Read more

Operations Risk Management

Operations Risk Management: What is Your Plant Really Doing?

Plant management sees risk control as a top priority. However, the means available are often a hodgepodge of undocumented, disconnected, and problematic methods. The good news is that new approaches and a convergence of technologies, all building on the foundation of alarm management best practices, can enable the real-time visualization and monitoring of operations risk. Now, plant operators, engineers, and managers can... Read more

Camouflage – Why Some New HMI "Improvements" Are a Step Backwards

Process Control HMI improvement continues to be a hot topic. Since PAS wrote The High Performance HMI Handbook in 2009 and the ISA-101 HMI standard was issued in 2015, many companies have revised their HMI practices, many case studies have been published, and many presentations have been given at technical conferences. Many people now “claim” to be experts in HMI design. The reality is very different.  ... Read more

Wrong Conversation

The Wrong Conversation: Passive vs. Active Network Detection for OT Inventory

When it comes to ICS cybersecurity, are you having the wrong conversation? Over the last few years, OT cybersecurity industry professionals have spent countless hours debating active versus passive network detection for OT asset inventory collection. However, this is not the right conversation. Though network detection can provide some visibility into ICS assets, the view provided by network detection tools is limited at... Read more

“Good Enough” Isn’t Good Enough for OT Cybersecurity Inventory

There’s a reason that virtually every vendor in the OT cybersecurity space has adopted some version of the catchphrase “you can’t secure what you can’t see”. After all, textbook risk management methodologies always begin with “identification”. You can’t proceed accurately through the remaining steps of analyzing and prioritizing risks – much less managing, monitoring or... Read more

Displaying results 1-5 (of 44)
 |<  < 1 2 3 4 5 6 7 8 9  >  >| 

This site would like to place a cookie on your browser to help us better deliver relevant and valuable content to you.