The Radiflow Cyber-Security Blog
In the aftermath of the Oldsmar Water Attack: using an OT-MSSP as a viable replacement for an in-house cybersecurity department
TJ Roe, VP Sales, North America, Radiflow discusses using an OT-MSSP as a viable option for industrial organizations to protect their networks despite budgetary and/or personnel constraints.
Radiflow cyber security researcher Liron Benbenishti describes the method and advantages of linking OT-security standards and adversary data sources in CIARA, using the example of IEC-62443 and MITRE ATT&CK.
Radiflow Senior Cyber Researcher Alon Shekalim analyzes the attack on a Florida water treatment facility and discusses the use of remote network access software as the attacker’s point of entry into the network
In this post, the second of three, Radiflow CTO Dr. Yehonatan Kfir discusses the different types of Threat Intelligence (TI), the benefits of using TI within an OT network risk assessment, and the problems with misuse of TI.
While active penetration testing is necessary for vulnerability detection, it poses the risk of accidental damage. As an alternative, Radiflow proposes a TI-based breach simulation method for OT networks.
Qualitative risk analysis is based on subjective opinions of Subject Matter Experts (SME). Heat-maps, risk matrices, red/yellow/green prioritization of risk factors and more are all subjective perceptions that can span a wide range of values. Priority levels are not…
Liron Benbenishti, Cyber Security Researcher at Radiflow, analyzes the 2015 Ukraine power grid attack using the ISA/IEC 62443-3-3 standard, which determines the actual security levels and evaluates the required security level that could have prevented the attack.
Ilan Barda, Radiflow CEO, reviews the state of OT cyber-security in 2020 and extrapolates the trends in 2021 and beyond, including WFH, the SolarWinds attack, ransomware in OT, OT-MSSPs and governing standards (e.g. IEC62443).
Radiflow CEO Ilan Barda discusses the key takeaways and trends regarding the SolarWinds security attack, and proposes guidelines for protecting industrial networks against such supply-chain type attacks.