Energy Sector
6 articles covering energy OT/ICS security
CISA ICS Advisory: Siemens RUGGEDCOM and SCADABr Remote Code Execution
CISA has released a critical ICS advisory covering unauthenticated remote code execution vulnerabilities in Siemens RUGGEDCOM network devices and SCADABr SCADA software, both widely deployed in energy and manufacturing environments.
Volt Typhoon Pre-Positioning in US and UK OT Networks
China-nexus threat actor Volt Typhoon has systematically infiltrated operational technology networks across US and UK critical infrastructure sectors, establishing persistent footholds in energy, water, and communications systems for potential future disruption.
OT Network Segmentation: Purdue Model, DMZ Design, and Historian Isolation
A practical guide to network segmentation in OT environments, covering the Purdue Reference Model, industrial DMZ architecture, data historian isolation, and the tradeoffs between operational access and security posture.
TRITON/TRISIS: The Malware Designed to Kill
TRITON is the only publicly known malware explicitly engineered to disable Safety Instrumented Systems—the last line of defense against industrial catastrophes. An analysis of its architecture, targeting of Schneider Electric Triconex controllers, and what it means for safety system cybersecurity.
Modbus and DNP3: Inherent Security Weaknesses in Legacy Industrial Protocols
Modbus and DNP3 were designed for reliability and interoperability, not security. An analysis of the structural security weaknesses in both protocols—unauthenticated commands, lack of encryption, spoofing, and replay attacks—and the compensating controls available to practitioners.
The OT Asset Inventory Problem: Visibility Gaps, Passive Discovery, and Unmanaged Devices
Most industrial operators cannot accurately enumerate the devices on their OT networks. This visibility gap is the foundational barrier to OT security—you cannot protect what you cannot see. A practical look at passive discovery tools, the limits of vendor inventories, and strategies for building actionable asset visibility.