Resource Center
Filter
AI
SBOMS
Webinar
Video
Zero trust for OT
IoT/IIoT
IT/OT
Product, Solutions & Services
Market Updates
Industry Focus
Threats and vulnerabilities
Vendor
Govt & Regulations
Guides & frameworks
Clear Filters
Guides & frameworks
Building a Culture of Cyber Resilience in Manufacturing (WEF)
The manufacturing sector operates within a complex ecosystem, characterized by a variety of sites, extensive supply chains and interlinked networks. The playbook suggested in this paper serves as a pragmatic framework to enable businesses to navigate strategic, organizational, operational, technical and regulatory challenges – and will foster a robust culture of cyber resilience that can effectively counteract both current and future threats.
AI
MITIGATING AI RISK- Safety and Security Guidelines for Critical Infrastructure Owners and
The guidelines specifically address risks to safety and security, which are uniquely consequential to critical infrastructure. NIST defines “safety” as a property of a system such that it does not, under defined conditions, lead to a state in which human life, health, property, or the environment is endangered; safety involves reducing both the probability of expected harms and the possibility of unexpected harms. Because AI risks to critical infrastructure are highly contextual, critical infrastructure owners and operators who use AI-systems should account for their specific circumstances as they use these guidelines.
Govt & Regulations
AI for Energy – Opportunities for a Modern Grid and Clean Energy Economy (DoE)
This report was prepared pursuant to the Executive Order (E.O.) on the Safe, Secure, and Trustworthy Development and Use of AI (14110), issued October 30, 2023. Priority use cases have been identified in four broad areas where AI can be immediately deployed to improve the grid while achieving the Administration’s goals for reducing emissions and providing affordable and reliable electricity to all Americans: grid planning, permitting and siting, operations and reliability, and resilience.
Threats and vulnerabilities
Forescout
Better Safe than Sorry: Internet-Exposed OT/ICS Devices (Forescout)
This research examines the evolution of exposed OT/ICS data from 2017 to 2024, identifying regions and device types where exposure remains a risk despite reductions. It analyzes three recent incidents, the Unitronics attack wave, the exposure of Schneider Electric Modicon and Wago 750 PLCs. Additionally, it explores the exposure of devices using the Nucleus NET and NicheStack TCP/IP stacks
Govt & Regulations
2023 Cyber Trends and Insights in The Marine Environment (CGCYBER)
This report summarizes U.S. Coast Guard Cyber Command’s (CGCYBER) findings from calendar year 2023 and the associated mitigation recommendations. CGCYBER continues to expand its presence and navigate an increasingly interconnected marine environment. As we witness a surge in technological advancements, the organizations that facilitate the exchange of goods face evolving cyber threats, demanding our unwavering attention and concerted action.
Guides & frameworks
APT44: Unearthing Sandworm (Mandiant)
In its third year, Russia's war in Ukraine sees Sandworm as a significant cyber threat, increasingly integrated with Russia’s conventional forces and central to the military efforts. Beyond Ukraine, Sandworm operates globally, impacting key areas for Russia. With many expected to vote in 2024's elections, Sandworm’s potential for disrupting democracy is concerning. Consequently, Mandiant has classified it as APT44 due to its continuous global threat.
Guides & frameworks
Industrial Cybersecurity Technology, Solutions & Services – Buyer’s Guide 2024
Welcome to the sixth annual edition of the Industrial Cybersecurity Technology, Solutions, and Services Buyers’ Guide. As we celebrate another year, our goal remains to clarify the complex cybersecurity landscape for industrial organizations, aiding them in enhancing their operational safety and security. Once again, this is the time for industrial cybersecurity to perform and shine. So put on your hard hats and strap in.
Guides & frameworks
H2 2023 – a brief overview of main incidents in industrial cybersecurity (Kaspersky ICS)
In this overview, we discuss cybercriminal and hacktivist attacks on industrial organizations. This overview includes information on incidents confirmed by either the affected organization or responsible government officials publicly. Compromise reports and claims made by cybercriminal groups alone are not discussed.
Threats and vulnerabilities
Connect:fun Detailing an exploitation campaign targeting FortiClient EMS
This report details an incident targeting a media company using CVE-2023-48788 and how a threat actor used it to download ScreenConnect and the Metasploit’s Powerfun script for post-exploitation activity – for our first ever named threat campaign. Due to the use of ScreenConnect and Metasploit’s Powerfun for post-exploitation, we are dubbing this campaign Connect:fun.