Securing the Path Between IT and OT Environments
07.30.25Utilities are under increasing pressure to secure the path between their IT and OT environments and keep attackers out of both.
07.30.2507.30.25Category: IoT, OT, & SCADA Security
07.30.25
Cyber Due Diligence in the M&A Process
07.23.25Why Cybersecurity in Mergers and Acquisitions Can be a Dealmaker – or a Deal Breaker It’s not uncommon for companies that are approaching a merger or acquisition process to focus on financials, company culture, and operational structure, casting cyber due diligence to the wayside. If cybersecurity isn’t a key component in a company’s M&A process,… Read more »
Tales From the Road: Establishing a Common Language Using NIST
03.25.25Getting a wastewater utility’s OT and IT departments on the same page to address vulnerabilities they didn’t know they had. Wastewater utilities are among some of the most targeted industries for cyber attacks, and the implications can be devastating as operational interruptions or shut-downs could directly affect public health. The Environmental Protection Agency (EPA) does… Read more »
Water Utilities Under Siege: Why Basic Cybersecurity is Still Lacking
10.03.24Last Wednesday, CISA issued an advisory two days after Arkansas City, Kansas, revealed that a Sunday morning cyberattack forced it to switch its water treatment facility to manual operations. In the alert, CISA urged OT/ICS operators in critical infrastructure sectors to apply the recommendations listed in Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity to… Read more »
Dissecting the Latest EPA Alert: What it Means for Drinking Water Utilities
05.23.24On Monday, the U.S. Environmental Protection Agency (EPA) issued an enforcement alert outlining the cybersecurity threats and vulnerabilities facing community drinking water systems. It details the necessary steps these systems must take to comply with the Safe Drinking Water Act (SDWA). The EPA issued this alert due to the rising frequency and severity of threats… Read more »
Tales From the Road: If Your Networks Can Talk to Each Other, You’ve Got Gaps
05.07.24Industrial control systems have a big job to do for a single facility’s OT environment – but if you’re operating multiple facilities spread across the U.S. or the world, those systems have a far larger workload, and the security risks inherent in their function get larger too. What no critical infrastructure or industrial corporation wants… Read more »
Tales From the Road: OT Security Assessment of Water Utility Illuminates the Path for Widespread Industry Improvement
10.16.23Our recent OT security assessment at a private water utility illustrates how no industry is safe from security threats. Regardless of sector, all industries, from education, to finance, to water treatment, are susceptible to bad actors taking advantage of their internally-overlooked vulnerabilities. While water utilities have historically lagged behind other industries in OT security, the… Read more »
Detecting Hardware Vulnerabilities with IoT Penetration Testing
08.24.23Welcome to a new series of DirectDefense blog posts about hardware and IoT penetration testing! The goal of this 101 series is to shed light on common hardware I/O interfaces, associated protocols, and the multitude of vulnerabilities that can arise when they are left unprotected. While hardware reconnaissance will be briefly discussed, this particular article… Read more »
Tales From the Road: When it comes to your SCADA Network: Segment. Segment. Segment.
06.13.23How DirectDefense uncovered weaknesses in a municipality’s SCADA systems and a need for SCADA network segmentation A large municipality enlisted the services of DirectDefense to perform a Critical Infrastructure Assessment of the SCADA network controlling their water and electric services. During the SCADA assessments, our team identified several weaknesses that demonstrated the need for SCADA… Read more »
Is This Thing On? Privacy and Your Smartphone Sensors
03.08.23Smartphone Snooping Without Microphone Access Can your smartphone sensors still enable apps to eavesdrop on your conversations even after the app has been denied microphone access? It does seem possible. We dug into this question based on two research papers, “AccEar: Accelerometer Acoustic Eavesdropping with Unconstrained Vocabulary”, and “Side Eye: Characterizing the Limits of POV… Read more »
