The need for significant improvement in the state of OT cybersecurity in critical infrastructures has been broadly acknowledged for almost two decades. Although the subject started to receive significant attention in the early 2000s, the reality is that the protection of operations systems from threats to their integrity and availability has been a concern of asset owners for much longer than that.

Those of us in engineering and technical disciplines are prone to develop our own “language,” consisting of abbreviations, acronyms, and other shorthand forms of expression. This is no different than those in other professions and areas of endeavor, such as attorneys, doctors, or scientists. While the use of such jargon is often seen as a convenient way of describing common terms and concepts, it can also be a barrier to understanding and acceptance, serving to cloud the essential and important concepts necessary for effective collaboration.

Data breaches affect all types of organizations – large and small, popular and little known. Are there any Data Breach Notification Laws?

Yokogawa Electric Corporation announced that it has obtained ISASecure CSA Level 1 certification from the ISA Security Compliance Institute (ISCI) for its ProSafe-RS safety instrumented system, a product in the OpreX Control and Safety System family.

Bayshore is expanding its Modular Industrial Controls Cyber Security Platform by extending the family of NetWall (USG) Unidirectional Security Gateway to now include Bilateral variants.

It is essential that we view improvements in OT cybersecurity as requiring improvements in multiple areas, including people and skills development, governance and process development, and improved technology.

The FIDO Alliance announced the launch of the FIDO Device Onboard (FDO) protocol, a new, open IoT device onboarding standard that reportedly enables devices to simply and securely onboard to cloud and on-premise management platforms.

EDF, Thales, and Ericsson have partnered on CONNECT, a project to bring Secure Private Mobile Networks to all of EDF’s nuclear energy sites in France.

The ISA/IEC 62443 series of standards define requirements and provide guidance for ensuring the cybersecurity of industrial control systems (ICS). The ISA99 committee has added standards and technical reports to the series over the years, working in cooperation with IEC Technical Committee 65 Work Group 10.

From the 2021 ARC Industry Forum: Mark Prince of Entergy talks about how they were able to achieve more efficient and effective OT cybersecurity compliance with NERC CIP, as well as increased reliability in operations. This presentation provides a great overview of the challenges faced by power producers in complying with NERC CIP cybersecurity regulations and provides insight into Entergy's business objectives and supplier selection process for OT cybersecurity. Mark discusses Entergy's implementation of solutions from Verve Industrial to provide a centralized, vendor-agnostic environment and an integrated security platform that encompasses anomaly and breach detection, SIEM, endpoint management, device inventory, and other functions.