Securing BSEE Real-Time Monitoring for Offshore Oil & Gas Operations
What do HHS’s latest cybersecurity guidelines mean for healthcare organizations?
April 29, 2019
In the wake of the Deepwater Horizon disaster in 2010, the U.S. Department of the Interior launched a series of aggressive reforms in improve safety in offshore well operations. Among them, the Bureau of Safety and Environmental Enforcement (BSEE) final Well Control Rule, which goes live on April 29, 2019, introduced Real-Time Monitoring (RTM) requirements for well operations, including subsea BOPs, surface BOPs on floating platforms, and high-pressure and high-temperature (>15,000 psi, 350oF) environments.
Medical Device Cybersecurity: Risk, Patching & Plutonium
April 9, 2019
These guidelines are the result of a collaboration between HHS and its industry partners, called the 405(d) Task Group (also known as Task Group-1F) within the Health Sector Coordinating Council’s Cyber Working Group. The HSS and the Task Group engaged with more than 150 healthcare and cybersecurity experts, as well as HHS government partners to gather feedback and generate and prioritize a set of cybersecurity recommendations for healthcare organizations.
Would You Trust Your Vendors to Protect You From a Cyberattack?
March 19, 2019
This February I was at HIMMS Global Conference and Exhibition, one of the largest healthcare IT conferences in the US. My focus there was to see the latest on cyber in healthcare, particularly around how hospitals have been managing and securing their medical devices. While it seems hospitals and manufacturers still have some way to go to improve medical device cybersecurity, recent guidelines and some vendors I met with at HIMSS are improving the situation.
The Importance of Routine System Updates
January 18, 2019
The marketing agency we use to design our cool promotional t-shirts is fun to work with – they have a totally hip workspace and even have a resident dog in their office. But do I trust them with the security of our business networks? Not a barking chance.
Systems, networks, and businesses are becoming more interconnected every day, and as that web of connections expands, so does the risk of cyberattack via a third party. Each time another device or network connection is added, a new threat vector is created. So, for those organizations that aren’t thinking about the potential threats created by those third-party connections, it is time to wake up that sleeping dog.
America’s Water Infrastructure Act (AWIA) of 2018 – Prioritizing Cybersecurity Risk and Operational Resiliency
January 10, 2019
Raise your hand if you’ve ever felt a pang of guilt when your doctor reminded you to eat healthier and exercise more at your annual check-up. My hand is up. Of course, no one wants to lead an unhealthy lifestyle, but alas, life gets in the way and the ever-growing list of things to do keeps getting longer. So you tell yourself you’ll start tomorrow – and tomorrow goes on for months.
Threats to Small Defense Businesses Can Have an Outsized Impact
December 5, 2018
The recently signed America’s Water Infrastructure Act of 2018 is widely viewed as the most significant water infrastructure bill in decades. This comprehensive legislation was designed to authorize $6B in funds to address current water infrastructure projects, scrap $4B in existing development projects deemed unfeasible or no longer viable, and incentivize businesses to buy and use American products, while creating jobs and reducing regulation.
How Data Diode Cybersecurity is Being Used to Protect Critical Infrastructure in the Middle East
October 22, 2018
Defense Industrial Base (DIB) manufacturers in the United States thoroughly understand the concepts of regulation and compliance. Almost no aspect of their business is outside the reach of some state-level or federal oversight agency or law. As some of the most sensitive organizations in existence, they are also no stranger to risk.
How Digital Transformation is Changing Water and Wastewater Cybersecurity
October 11, 2018
In late 2012, there was a severe, targeted malware cyber-attack on a number of oil & gas facilities using what became known as the Shamoon virus. This Windows-based malware differed from other types of attacks, which typically involved attempting to steal money or information, in that it was designed to aggressively seek paths across networks, seizing any hard disks it might find, wiping out all information, and rendering the hardware useless.
What Is Data Diode Technology & How Does It Work?
August 9, 2018
Industries that once had their IT and OT (operational technology) networks siloed are realizing the growing pains of the connected, digital world. Present day OT networks have a growing reliance on SCADA networks, HMIs (Human-Machine Interfaces), SIEM, alarms, events, and analytical software for their environments.
ReCon: A New Chapter | Embrace the Value of Secure Two-way Communication
June 25, 2018
Today's business environment is increasingly digital, and more vulnerable than ever to cyberattack. Because of this, various network security technologies have been developed to protect organizational data and infrastructures. One of the most effective of these modern technologies is the data diode. Although it is one of the most effective network security tools available, you may not have heard of this technology and know little of what it does. Below, you'll find a description of what data diode technology is and how it works.
Implementing DHS Best Practices to Secure Industrial Control Systems
June 8, 2018
I recently attended the DistribuTECH and OSIsoft PI World, as an exhibitor and a speaker, and I had a number of great conversations with attendees about cybersecurity in the industrial, commercial, and critical infrastructure verticals. These conversations ranged from the theoretical down to the specific technologies, such as Owl data diode solutions, and hit upon the varied requirements and challenges these particular industries face every day.
One-Way Data Flow, Secured by Design
May 25, 2018
Modern advancements in industrial control systems (ICS) enable marked improvements in efficiency, production, reliability, and safety, all through increased use of “smart” assets and digital communications. However, this has led to a dependency on communication technology that is seemingly at odds with the ever-increasing pressure to enhance cybersecurity in ICS networks.
March 30, 2018
We thought long and hard on what to write about for our first blog post. It’s a special milestone! But it was inevitable that we address the current news headlines around cyber-attacks, the risks and the strategies to fight these threats. The New York Times recently published an article announcing the Russia hacking of utilities and critical infrastructure. Though some infiltration did occur, this was solely and specifically on the network side, operations were untouched. This is thanks to a hardware-enforced security technology called a data diode.