Sign in

Verve Industrial Protection
  1. What is IEC 62443?
  2. Focus on Basics: The IEC 62443 Checklist
  3. Taking advantage of IEC 62443’s broad applicability and inclusiveness
  4. Examining IEC 62443 Zones, Conduits and Security Levels
  5. The IEC 62443 aligned Cybersecurity Management System (CSMS)
  6. Guiding risk assessment with IEC 62443
  7. Using IEC 62443 to secure product development lifecycles
  8. Leveraging IEC 62443 in product selection and procurement
  9. Blending IEC 62443 with other frameworks and standards
  10. Acknowledging IEC 62443’s cyber-physical limitations
  11. Getting started with IEC 62443
  12. IEC 62443-specific certifications and source material
  13. How Verve aligns to IEC 62443

What is IEC 62443?

While many cyber security standards enjoy success in enterprise IT environments, the…

Following the ransomware attack on the Colonial Pipeline, DHS and CISA have released a new Security Directive for critical pipeline operators. More are likely to follow.

On May 27th, the United States Department of Homeland Security announced its initial regulatory response to the Colonial Pipeline ransomware attack. As the Security Directive highlighted, this is only the first step in what is likely to be a much more robust set of regulatory changes to improve the cyber security of the nation’s critical pipeline infrastructure.

This first directive has significant implications for pipeline operators. Not only does it require disclosure and reporting…

Reduce the risk of a ransomware attack with these proven tips for preventing and protecting against OT/ICS ransomware.

Between May 6 and May 12, 2021, Colonial Pipeline, owner of 5,500 miles of pipeline carrying natural gas, gasoline, and diesel from Texas to New Jersey, shut down its operations in response to what it said was a ransomware attack targeting its IT network. In a media statement, Colonial officials indicated the damage was limited to their IT systems, but that the company “proactively took certain systems offline to contain the threat.”

That response, which included disabling select OT/ICS systems, “temporarily halted…

How to leverage lessons learned from the Colonial Pipeline ransomware attack to prepare for cyber-related threats in oil & gas

Photo by Quinten de Graaf on Unsplash

After a weekend of hundreds of posts about the Colonial Pipeline ransomware event, we thought some “Monday morning quarterbacking” was in order. As with all cyberattacks, one must be cautious when reacting to news headlines and not depend too heavily on public reports in the first 48 hours of an ongoing incident.

Even today, almost 72 hours later, the view of what happened at Colonial remains cloudy. The fog is lifting just enough, however, to offer a glimpse of some…

Verve research featured in ICS-CERT warning on GE’s popular line of advanced protection and control relays. Here’s what asset owners need to know.

Photo by Andrey Metelev on Unsplash

ICS-CERT this week issued an advisory detailing nine critical vulnerabilities affecting GE’s Universal Relay (UR) Family including several that could allow an attacker to access sensitive information, reboot the devices, gain privileged access, or crash the system via denial-of-service.

The vulnerabilities in ICSA-21–075–02 affect GE’s B30, B90, C30, C60, C70, C95, D30, D60, F35, F60, G30, G60, L30, L60, L90, M60, N60, T35, T60 relays and carry an aggregate CVSS score of 9.8. Researchers at Verve Industrial…

ICS (or Industrial Control System) Security is growing in importance as cyber-attacks increasingly focus on physical processes for either ransom or to cause harm to critical production systems. Attacks such as those at the Oldsmar water treatment plant, the various ransomware attacks on the vaccine supply chain, and the more extensive threats to the Ukrainian and US power grids and oil refineries in the Middle East generate greater worry for boards, governments, and operators of industrial organizations.

Photo by American Public Power Association on Unsplash

What is ICS security?

To begin, “What is ICS Security”? ICS security is defined as the protection of industrial control systems from threats from cyber attackers. It…

The game-changing malware that shocked the ICS/OT world is back in the news and still has lessons to share.

It’s been more than a decade since security researchers in Belarus first identified a virus that would come to be known as Stuxnet, a sophisticated cyber weapon used in a multi-campaign attack targeting a uranium enrichment facility in Natanz, Iran. Now, fresh infrastructure attacks in the volatile region are renewing the discussion about Stuxnet, its origins, its methods, and its contributions to the current compendium of ICS defenses.

Last month, Iranian authorities revealed a catastrophic explosion and power outage at the…

Rail transportation: Digitalization and securing current and future assets require comprehensive cyber security

Photo by Benn McGuinness on Unsplash

Economics and technological transformation of business generally go hand-in-hand. If revenue is down, or there is an opportunity to increase revenue through automation, most businesses are apt to make decisions that improve profitability and redundancy. After all, who can blame leadership for ensuring a return for stakeholders and keeping business in the black? In the rail transport industry, ridership is likely down, logistics need optimization, and technology is making all sorts of promises (when isn’t it?).

Keeping a business feasible centers around risk management and Return on…

Alice and the ICS Vulnerability Looking Glass — How to Avoid Going Down the Rabbit Hole with ICS Vulnerabilities

In 2020, ICS-CERT issued 248 cyber security advisories for public consumption on the CISA’s ICS-CERT portal. Verve analyzed all these advisories, regardless of whether they came from large or small vendors to ensure accuracy even for geographies where the primary vendors are lesser-known. We compared them to 2019 releases. This report summarizes the conclusions, implications on remediation strategies, as well as a perspective on what 2021 might hold.

Learn why there’s an increasing need for OT security to adopt the core elements of IT Systems & Security Management in the coming years.

The basic premise of Dale Peterson’s article “How to be an OT Visionary” was to look at what is happening in IT and assume it will arrive in OT five years later. He provides a range of great examples from Antivirus to virtualization, and I would wholeheartedly agree with his sentiment. …

Verve Industrial Protection

Verve's mission is to protect the world's critical infrastructure. Learn more at

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store