Curating the @BEERISAC: OT/ICS Security Podcast Playlist I've noticed how many such podcasts had emerged these days, hard to follow all of them, but great to have a choice. All I know are on the list. There used to be only @digitalbond

Join me next week!

The European Union Agency for Cybersecurity (@enisa_eu) has released the 'NIS Investments 2024' report, with key insights into how critical infrastructure organizations under the NIS 2 Directive allocate their cybersecurity budgets.

Some details and analysis by @AnalyticsIoT on what the modern IT/OT convergence is.

RT @nozominetworks: It was great to be back at CS4CA Europe in London last week! @Shipulin_Anton participated in a panel titled, 'Threat S…

See you next week!

Join me for the latest OT/IoT Security industry updates at the next Nozomi Hour session!

New Ransomware Report, H1 2024 by @GRFederation - Manufacturing is still the top target - LockBit is the top actor, set up new infrastructure - New groups re-extorts victims after they pay a ransom - Other sector specific insights

I'll be in London on September 24-25 and would love to connect with fellow cybersecurity professionals at the CS4CA Europe event. Let's meet and have a conversation! Join us!

Cool, @MITREengenuity in the new project: "Defending Operational Technology (OT) with ATT&CK" finally merged relevant TTPs from MITRE ATT&CK for Enterprise, ATT&CK for ICS, and even Cloud and Containers.

.@MITREengenuity is calling for contributions to enrich the next round of ATT&CK® Evaluations: ICS, that will focus on evaluating security product capabilities against adversary behavior inspired by insider attacks within the ICS/OT domain.

.@IECStandards has released the updated version of the ISA/IEC 62443-2-1:2024 - Security program requirements for IACS asset owners

I've gathered other OT security job resources in the GitHub repository, by @timyardley

ICYMI, ISASecure and ISAGCA recently released a new report on future IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards. Proposes a new service category OTaaS, new role of a cloud provider, and new certifications.

Happy to have joined my @nozominetworks team and our APAC partners at the APJ Partner Summit in Bali last week. Together, we will make critical OT and IoT infrastructure in the region more resilient to cyber risks!

In case you missed it!

Organisation of The Islamic Cooperation – Computer Emergency Response Teams (OIC-CERT) published the Annual Report for 2023, with its members' activities, achievements, and plans.

Join me tomorrow!

Interesting study on cybersecurity of wind-sensitive CI (tall buildings, long-span bridges, wind turbines, and solar trackers), where cyberattacks can leverage a natural hazard, the wind, to change mechanical and aerodynamic properties of the structures.

New GitHub repository by @CISACyber: ATT&CK-based Control-system Indicator Detection for Zeek (ACID) A collection of OT protocol indicators developed to alert on specific ATT&CK for ICS behaviors