Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

bitsight

A Day Without ICS: The Overlooked ICS Risks That Could Bring Operations to a Halt

Jan 14, 2026 By Emma Stevens In BitSight
Have you ever watched AMC’s The Walking Dead? Before the walkers, before the chaos, there is a quieter moment that often goes unnoticed. The power is out. Roads are empty. Hospitals are running on borrowed time. The world has not fallen apart yet, but it is no longer working. That is what a day without ICS and OT would look like. Industrial control systems (ICS) and operational technology (OT) are the systems that run the physical world.
Read Post

ICS phishing with Jon Gaulding

Dec 19, 2025 By LimaCharlie In LimaCharlie
Join us for this week's Defender Fridays as we explore ICS phishing and calendar invite abuse with John Gaulding, Full Stack Engineer at Sublime Security. John examines how attackers are weaponizing calendar invites to bypass email security defenses and create persistent attack vectors. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.
View Video
Securing PLCs in OT Environments: Practical Steps for Ops Teams

Securing PLCs in OT Environments: Practical Steps for Ops Teams

Dec 18, 2025 By SecuritySenses In SecuritySenses
Programmable Logic Controllers (PLCs) form the foundation of operational technology (OT) environments, governing everything from assembly lines to critical infrastructure utilities. While traditionally isolated by air gaps, modern connectivity has exposed these assets to new risks. If compromised, a PLC can be manipulated to cause physical damage, safety hazards, and significant downtime. However, securing these devices does not always require deep firmware re-engineering or replacing entire fleets of hardware.
Read Post
IIoT Data Hygiene: How Clean Telemetry Improves Reliability

IIoT Data Hygiene: How Clean Telemetry Improves Reliability

Dec 18, 2025 By SecuritySenses In SecuritySenses
IIoT data hygiene is the set of operational practices that ensure telemetry remains accurate, timely, and trustworthy for monitoring and analytics. In the rush to connect assets, teams often overlook the quality of the data stream itself, leading to noisy alerts and unreliable models. This article focuses on practical actions Ops teams can implement with low risk and limited engineering effort.
Read Post
foresiet

The New Mandate: CISA CPG 2.0 and the Evolution of Critical Infrastructure Security

Dec 16, 2025 By Foresiet In Foresiet
The digital threats facing critical infrastructure—from energy grids and water treatment plants to hospitals and financial systems—are no longer theoretical. Nation-state actors and organized cybercrime are relentlessly targeting these essential services. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has responded with the updated Cybersecurity Performance Goals (CPG) 2.0, moving the industry beyond simple compliance toward verifiable cybersecurity resilience.
Read Post
xona systems

Are You in Control of Who is Accessing Your Critical Systems?

Nov 12, 2025 By Roark Pollock In Xona
Remote access has become essential. However, for most industrial organizations, it’s also become the most dangerous blind spot in their cybersecurity posture. The tools many teams still rely on VPNs, jump servers, and shared logins that were never built for today’s OT and IT environments. These legacy systems were designed decades ago, when connectivity was simpler and threats were fewer.
Read Post
xona systems

Disconnected Access Explained: How Xona Protects Critical Systems Without Network Connectivity

Nov 6, 2025 By Raed Albuliwi In Xona
Remote access isn’t optional in critical infrastructure anymore; it’s operationally essential. Whether for maintenance, OEM support, remote field work, or incident response, industrial organizations must enable access to critical systems. But, legacy access methods like VPNs, jump servers, and even agent-based Zero Trust or IT-based remote privileged access management (RPAM) tools all share one dangerous flaw: they implicitly trust the endpoint.
Read Post
Trustwave

Protecting the Systems that Sustain Us: Securing Critical Infrastructure During Cybersecurity Awareness Month

Oct 30, 2025 By Trustwave In Trustwave
To close out Trustwave’s, A LevelBlue Company, Cybersecurity Awareness Month 2025 coverage, we will take a look at securing critical infrastructure, one of the focus areas for the Cybersecurity and Infrastructure Security Agency (CISA). For our complete coverage, please see: Cybersecurity Awareness Month 2025: The Value of MSSPs and Cybersecurity Awareness Month 2025: 4 Steps to Build a Cyber Strong America.
Read Post
bitsight

Reaching Peak Understanding of IoT and ICS Risk

Oct 14, 2025 By Emma Stevens In BitSight
In a world where internet connectivity intersects with just about every facet of our physical world—from cameras and door locks to power grids and factory robots—cyber risk intelligence has moved well beyond just protecting the bits and bytes of logical IT ecosystems. Security and risk professionals also have to be on the lookout for and aware of improperly secured cyber physical devices, like IoT devices, which greatly expand the enterprise attack surface.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.