Resources
Everything we publish comes directly from engagements with data centers, manufacturers, and critical infrastructure operators across the Pacific Northwest. No recycled vendor talking points.
Full Library
Why consulting-led programs outperform platform-led programs in operational environments — and how to evaluate providers against tangible outcomes rather than dashboard screenshots.
How we would walk a mid-sized food processor from initial detection through 9-day production recovery after a ransomware event that pivots from IT into OT historian servers — and the architecture that prevents recurrence.
A 14-week reference plan for moving a hyperscale Building Management System off a flat corporate network onto a segmented, monitored OT enclave — without interrupting critical cooling, power, or life-safety signals.
Most manufacturing facilities believe they have air-gapped networks when they actually have networks that are segmented but not isolated. The distinction matters for risk modeling.
Backups that don't survive ransomware aren't backups—they're liability. Learn what industrial organizations need to do differently.
Building management systems — chillers, ATSes, CRACs, lighting — routinely sit on flat networks with default credentials and vendor-remote access. In a data center, that is a production risk.
AI-powered video analytics detect anomalies in industrial environments: unauthorized access, equipment tampering, unsafe conditions. Integrate CCTV intelligence into your security operations.
Critical decisions in the first hours of an OT incident determine business continuity. Learn our triage framework for industrial environments.
Human-Machine Interfaces are operational windows into critical systems. Implement HMI hardening: authentication, network segmentation, and secure remote access controls.
Pacific Northwest hydropower facilities are critical infrastructure. Secure hydropower SCADA systems and dam operations from evolving cyber and physical threats.
We analyzed 2025 breaches targeting industrial facilities. Email phishing remains dominant, but supply chain and USB attacks are rising. Detailed findings inside.
The word "convergence" has quietly become an excuse to skip the difficult architectural decisions that keep production floors running. Here's what responsible integration actually looks like.
Effective mantrap architecture prevents unauthorized access while maintaining operational flow. Learn mantrap principles, dimensions, and deployment strategies for critical infrastructure protection.
Generic SIEM rules fail in OT environments. We outline practical detection logic designed specifically for control system behavior and baselines.
Despite claims that cloud-connected OT has "killed" Purdue, the model's logical zones remain the clearest language we have for discussing industrial segmentation with auditors and operators.
Active threat actors are refocusing on industrial targets. We break down which groups matter, what they exploit, and how to detect early indicators.
Attackers can inject malicious firmware into control devices, creating persistence that survives reboots and factory resets. We explain the threat and detection approaches.
Semiconductor fabrication requires extreme process control and capital equipment security. Address fab-specific OT challenges: equipment purveyors, process criticality, and supply chain risks.
Threat hunting is proactive investigation for attacks your automated tools might miss. We explain hunting methodology adapted for OT environments and realistic outcomes.
Accurate time is foundational to OT security. Without it, forensics become impossible, compliance audits fail, and security controls malfunction.
VLANs are network routing isolation, not security boundaries. Why VLAN-only segmentation fails in manufacturing and what you need instead.
Digital certificates secure OPC UA, TLS, and other modern ICS protocols. Implement certificate lifecycle management, PKI architecture, and operational procedures.
Firewall selection drives your segmentation strategy for years. Learn what features actually matter for OT versus vendor marketing fiction.
Unmanned aircraft provide attackers with aerial surveillance of facilities. We examine the threat and how to detect reconnaissance drones before mapping becomes attack planning.
Engineering workstations bridge IT and OT networks. EDR tools can detect compromise, but must be tuned carefully to avoid false positives that make engineers disable them.
Clean-in-Place systems are critical to food and beverage operations. Secure CIP systems against process tampering and unauthorized control.
The 62443 family is sprawling. We cut it down to the zones, conduits, and security levels that most heavy manufacturers will actually be audited on.
Physical key management is often neglected in favor of electronic access. Implement proper key control procedures, auditing, and emergency protocols for industrial operations.
SD-WAN enables cost-effective multi-site networks but introduces architectural complexity in OT. Learn how to maintain security and determinism across distributed sites.
Many smaller utilities think NERC CIP doesn't apply to them. We clarify applicability, outline compliance requirements, and explain practical approaches.
Extracting forensic artifacts from industrial controllers after a breach requires hardware-level understanding. We explain the constraints and techniques.
Tabletop exercises miss the muscle memory that matters. Here's how we structure live, low-risk ransomware drills for plant managers and maintenance teams.
HID Prox and low-frequency 125 kHz credentials still secure critical mechanical spaces at an uncomfortable number of facilities. A 40-dollar reader says hello.
Most SOC 2 scopes stop at the corporate perimeter. For data centers and manufacturers, that leaves the most operationally consequential systems outside the audit boundary.
TRITON proved that attackers can weaponize safety systems. Seven years later, most industrial facilities still lack real-time safety system monitoring.
Unidirectional gateways enforce one-way data flow at the hardware level. They are powerful but expensive and operationally complex. Learn when they are justified.
Effective visitor management balances safety, compliance, and operational continuity. Discover processes for credential verification, escort protocols, and background checks in manufacturing.
Wiper malware erases data and disables systems. We examine recent industrial variants and explain how defenders detect them before they execute.
Zone-and-conduit diagrams are essential for understanding OT architecture. Learn documentation formats that stay accurate and usable over time.
Batch and continuous manufacturing have different operational and security profiles. Design process-specific security controls and monitoring strategies.
Surveillance NVRs and PTZ cameras have a long history of embedded vulnerabilities. In a facility with hundreds of devices, that's a substantial unmanaged footprint.
From Industroyer's breaker operations to Pipedream's modular architecture, we trace the evolution of OT-specific malware and what each generation taught attackers.
Firewall rules accumulate technical debt. A rules base that was clean becomes overgrown, redundant, and unmaintainable. Learn to keep rules clean.
Micro-segmentation—isolating individual devices or small groups—sounds appealing but requires sophisticated visibility and automation. Know when it delivers ROI and when it overcomplicates operations.
The ICS matrix gives plant teams a common vocabulary for attacker behavior. We walk through how to map it to real facilities without turning it into a paperwork exercise.
Modbus remains widely deployed in industrial facilities despite security limitations. Understand Modbus architecture, risks, and practical hardening strategies for OT networks.
CISA and NSA have disclosed sophisticated state-sponsored attacks on US industrial targets. We summarize what is known and what the patterns tell us about targeting.
Remote production sites and branch plants need cost-effective connectivity with security parity to headquarters. SD-WAN enables this if you design architecture carefully.
Security orchestration in OT requires a different approach than IT. Learn how to build SOAR playbooks that respect OT constraints and safety requirements.
Traditional red-team tooling will crash PLCs. Our methodology layers passive reconnaissance, controlled active testing in test cells, and carefully staged Level-3 exercises.
Private 5G networks promise deterministic connectivity for manufacturing. What security tradeoffs should you understand before deploying one?
Detecting control protocol anomalies is powerful but noisy. We explain baselining approaches and behavioral detection methods that scale without overwhelming analysts.
Pulp and paper manufacturing relies on Distributed Control Systems for process optimization. Navigate DCS modernization while maintaining security and operational continuity.
Technical security is necessary but insufficient. Social engineering exploits legitimate trust and access norms. We outline common plant-specific tactics and defenses.
Prevent unauthorized access through mantrap doors and access points. Compare tailgating detection methods from passive observation to sensor-based alerts.
TSA security directives for pipeline systems have evolved significantly. We explain current requirements and what compliance looks like in practice.
Integrators, OEMs, and equipment vendors need to reach your plant. The way most facilities grant that access would fail a basic security review — and often does.
Industrial cellular modems are everywhere—backup WAN links, remote site connectivity, emergency notifications. Few facilities understand their security implications.
Industrial refrigeration systems use ammonia for efficiency and cost. Understand ammonia safety, process control, and OT security in cold storage operations.
Cryptominers compromise industrial networks for computing power. We explain how to detect them and quantify the operational and security costs.
Building Management Systems control critical data center infrastructure: power, cooling, access, and environmental systems. Secure BMS design and operations are essential.
DNP3 is the standard protocol for utility SCADA systems. Learn DNP3 architecture, authentication extensions, and security best practices for power and water utilities.
Edge computing nodes bring compute capability closer to production systems. Learn how to secure edge infrastructure without creating security sprawl.
The EPA has issued extensive cybersecurity guidance for water utilities. We break down the key expectations and practical implications.
Most legacy OT networks are flat. Converting to zone-based segmentation requires careful sequencing to avoid production downtime. Here's how we do it in practice.
Loading docks present unique security challenges: high personnel traffic, vehicle access, and limited visibility. Establish dock security protocols for manufacturing and data center operations.
Attackers increasingly abuse legitimate OT tools for lateral movement and reconnaissance. We show what to monitor and how to defend.
Modbus TCP was designed for local networks and has no built-in authentication. Learn how to run it across segmented networks without compromise.
Visibility in OT isn't what IT teams expect. True visibility requires sensing at Purdue Levels 1–3, understanding process context, and bridging air gaps.
Passive monitoring avoids disruption to production networks. We explain deployment strategies, traffic capture approaches, and the limitations of visibility.
Attackers leave infected USB devices at facility gates and in common areas, relying on social engineering and curiosity. We explain the evolving tactics and defenses.
BPA, PGE, PacifiCorp — the grid geography shaping the PNW's industrial base creates specific resilience considerations most national playbooks don't account for.
Multi-tenant colocation requires strict security boundaries between tenants. Implement physical separation, access control, and monitoring that protect tenant data and prevent cross-tenant attacks.
Malware designed for IT systems sometimes affects OT networks, causing unexpected impacts. We examine propagation mechanisms and defensive strategies.
A properly architected OT DMZ isolates corporate IT from operational systems while maintaining necessary data flow. Learn the zone design principles that work in real manufacturing environments.
When attackers compromise your systems integrator, your facility becomes a target. We explain the risk and how to defend against transitively compromised vendors.
European NIS2 regulation affects US-based subsidiaries and suppliers. We explain how and what compliance requires.
Network segmentation focuses on limiting east-west (lateral) movement. Understanding traffic patterns drives your segmentation strategy.
OPC UA is the modern standard for industrial data exchange. Master OPC UA authentication mechanisms: certificate-based trust, user authentication, and role-based access control.
Cloud infrastructure is becoming part of manufacturing architecture. Learn which OT workloads belong in the cloud and which should stay on-premises.
Runbooks are essential for OT incident response, but most organizations build them and ignore them. Learn how to create runbooks your team will follow.
Perimeter fencing deters casual intrusion and defines security boundaries. Explore fencing types, height standards, and integration with access control systems.
The Portland-Hillsboro area hosts a significant cluster of data centers. Understand the market, shared infrastructure risks, and competitive security landscape.
Spear-phishing attacks against engineering staff have become highly personalized. We break down the tactics and how to train your team to recognize them.
Wireless networks introduce risk in OT, but specific use cases justify the tradeoff. Learn which wireless applications have clear security benefits.
The CISA Industrial Control Systems Cyber Incident Analysis Act requires incident reporting. Learn what criteria apply and how to prepare.
Hard real-time control requires guaranteed latency and bandwidth. Learn when deterministic networking is worth the complexity and how to achieve it.
Industrial historians store operational data for analysis and compliance. Design historian systems for high availability, recovery, and secure data management.
Network switches are foundational to segmentation but often run with default credentials and dangerous access controls. Here is a hardening approach for manufacturing environments.
Malicious insiders have knowledge and access that external attackers must earn through weeks of reconnaissance. We outline detection strategies and the human factors that matter.
Choosing between a combined security operations center and separate IT and OT teams has major implications for incident response and threat hunting.
Replacing or significantly upgrading OT infrastructure while keeping production running requires parallel systems, careful sequencing, and fallback plans at every step.
USB devices remain a primary infection vector for isolated OT networks. Despite twenty years of known risk, most facilities lack USB controls. We explain why and how to defend.
The SEC's new disclosure rules require public companies to report material cybersecurity incidents. We explain the implications for industrial operators.
NIST's guidance on industrial control system security was updated. We break down key changes and what they mean for your security program.
CISA releases hundreds of ICS advisories annually. We explain how to prioritize, assess applicability, and respond effectively.
Industrial organizations seeking cyber insurance are increasingly asked about OT security. We explain what underwriters look for and how to prepare.
The 62443 standard requires system integrators to meet specific security competencies. We explain the framework and its implications for vendor management.
Starting a cybersecurity program where none existed is daunting. We provide a phased approach that builds capability without overwhelming your team.
How do you know if your OT cybersecurity program is actually improving? We explain metrics that reflect security progress.
Selecting and managing integrators who design and maintain your control systems requires evaluating security maturity. We explain how to assess and monitor vendors.
Acquiring or being acquired? Cybersecurity due diligence for industrial operations is complex. We explain what to evaluate and how to assess OT cyber risk.
OT security requires sustained investment. We provide a budgeting framework that helps prioritize spending and justify investments to finance and leadership.
No results
Nothing matches those filters — try clearing the search.
Stay Current
Roughly one message a month. No product promotions, no third-party sharing, unsubscribe in a click.
Field reports · research briefs · case notes