Protect critical infrastructure with
human-driven OT intelligence
Secolve explores both the technical and human aspects of
operational technology security to protects critical
infrastructure now and for future generations.
Understand your OT security risks and improve your defences with these range of services.
78% of security staff with OT responsibilities are concerned about an attack on their business in the next 12 months
Source: Understanding OT in Australian Business, Essence Communications, August 2020
Oil and Gas
What is ISO 27001?
The ISO 27001 is one of the most well-known standards globally, and plays a crucial role in safeguarding information's confidentiality, integrity, and availability across various sectors and sizes of organisations. But is it the right one to choose from the numerous options for cyber security frameworks and standards to assist in securing your operational technology… Continue reading What is ISO 27001?
A quick guide to addressing unusual activity on OT systems
Noticing unusual activity on operational technology (OT) systems is a serious cause for concern. When spotted, prompt and appropriate actions should be taken to prevent harm or disruptions to critical infrastructure. In this blog, we’ll explore what unusual activity on OT systems could look like and the recommended steps to be followed to isolate, investigate,… Continue reading A quick guide to addressing unusual activity on OT systems
NIST SP 800-82 Revision 3 highlights and key differences
The National Institute of Standards and Technology (NIST) has published the final version of Special Publication 800-82 Revision 3. In this blog, we’ll give a high-level overview of the NIST SP 800-82 cyber security framework and look at the core updates and improvements covered in Revision 3, as compared to the previous 2 versions. NIST SP… Continue reading NIST SP 800-82 Revision 3 highlights and key differences
What is NIST-CSF?
The NIST Cyber Security Framework (NIST-CSF) was born out of the need for a standardised approach to cyber security and has evolved into a versatile tool used globally. In this blog, we explore a high-level overview of the NIST-CSF, including its origins and structure. We’ll also explore its application in the Australian critical infrastructure landscape,… Continue reading What is NIST-CSF?
What is the AESCSF?
The Australian Energy Sector Cyber Security Framework (AESCSF) offers a tailored approach to bolstering cyber security for OT environments within Australia’s energy sector. In this blog, we provide an overview of this framework, explore its role in the uplifting security standards in Australian operational technology (OT) systems, as well as potential challenges that organisations may encounter… Continue reading What is the AESCSF?
What is the Essential Eight (E8) framework?
The Essential Eight framework has its roots in IT security but has also found application in OT cyber security with its structured approach to tackling challenges that emerge at the intersection of technology and industry. In this blog, we explore this foundational framework, its use in securing OT environments, and why you may or may… Continue reading What is the Essential Eight (E8) framework?
Why organisations need OT security awareness training
Critical infrastructure organisations underpin the functioning of society, relying on operational technology (OT) systems and industrial control systems (ICS), to manage and control crucial operations, from power plants to transportation networks. However, as technology advances, so do the risks of cyber threats and attacks targeting these critical systems. Securing traditional OT environments requires a… Continue reading Why organisations need OT security awareness training
What is ISA/IEC 62443?
There are numerous options for cyber security frameworks and standards and choosing the right one for securing your operational technology (OT) can be a daunting task. The ISA/IEC 62443 series of standards has emerged as a prominent choice for organisations looking for a framework for implementing and maintaining security within industrial automation and control systems… Continue reading What is ISA/IEC 62443?
5 cyber security frameworks and standards you need to know
Critical infrastructure organisations are facing cyber threats more than ever in this ever-evolving landscape. Protecting assets and ensuring our communities are safe from these cyber threats starts with understanding and adopting established cyber security frameworks that provide structured guidelines and best practices. These frameworks serve as valuable blueprints, helping organisations build resilient defences. But with… Continue reading 5 cyber security frameworks and standards you need to know
What is the CIRMP?
The Australian Government signed off on the Critical Infrastructure Risk Management Program (CIRMP) as the final part of the Security of Critical Infrastructure (SOCI) Act updates in February 2023. If you’re an Australian critical infrastructure organisation it’s likely that these updates will apply to you, but what does it all really mean? In this article,… Continue reading What is the CIRMP?
OT Cyber Security Meetups
Operational technology (OT) is the backbone of our critical infrastructure. It powers our cities, transport systems, energy plants, and manufacturing operations. With the rapid digitalisation of OT systems and the rise in cyber threats, securing our OT has become a top priority for organisations across different sectors. As cyber security challenges continue to evolve, it’s… Continue reading OT Cyber Security Meetups
Critical Infrastructure’s Most Notorious Cyber Threat Actor Groups
This blog post will highlight some of the different types of malicious groups that target Critical Infrastructure and examples of such attacks occurring. Critical Infrastructure is a term used by governments to describe assets used by the public that are essential for the functioning of a society and economy, and infrastructure. These public assets… Continue reading Critical Infrastructure’s Most Notorious Cyber Threat Actor Groups
The SOCI Act, where are we now and how can we help?
The Australian government are moving at speed and the next phase of the SOCI Act, and the risk management program (RMP), should be finalised in December 2022 after industry consultation. Here’s an overview of the SOCI Act, what’s been passed and what is being worked through. Key takeaways: ▪ SOCI reforms… Continue reading The SOCI Act, where are we now and how can we help?
Cyber-attacks on the Food and Beverage manufacturing industry
This blog looks at the Food and Beverage manufacturing industry, what potential attacks could occur within the Food and Beverage manufacturing industry, how organisations within the industry can prevent or minimise the effect of a cyber-attack, and how Industry 4.0 further increases an organisation’s exposure to cyber-attacks. What is Industry 4.0 and why does… Continue reading Cyber-attacks on the Food and Beverage manufacturing industry
Cyber-attacks on the Ports and Maritime industry
This blog examines some examples of the diverse types of cyber-attacks that have occurred in the Ports & Maritime industry. By gaining insights into some of the various impacts across OT & IT we then look at what areas to consider building resilience against such attacks. What are the different types of cyber-attacks that could potentially occur and what are the impacts of these cyber-attacks in the… Continue reading Cyber-attacks on the Ports and Maritime industry
Secolve Identifies Vulnerability in Schneider’s Acti9 PowerTag Link C Product
Background Recently, Secolve assessed the security of Schneider Electrical’s Acti9 PowerTag Link Csmart PLC and the EcoStructure Facility Expert software and applications. We identified and reported vulnerabilities in the devices, applications and cloud infrastructure that would have exposed sensitive user information and allow commands to be run on devices without proper authorisation or authentication.… Continue reading Secolve Identifies Vulnerability in Schneider’s Acti9 PowerTag Link C Product
Security of Critical Infrastructure Act (SOCI) reforms: Is your business ready?
Businesses contending with Covid, and the end-of-year rush have had another administrative task added to their to-do list, in the form of the federal government’s new Security Legislation Amendment (Critical Infrastructure) Act 2021. The draft Bill had been expected to pass through Parliament earlier this year. Instead, it has now been split in two, with the less urgent… Continue reading Security of Critical Infrastructure Act (SOCI) reforms: Is your business ready?
OT security: what is it and should we be worried?
Barely a day goes by without some form of cyber attack hitting the headlines – no small feat in a time of a deadly global pandemic. While the majority of attacks have targeted organisations’ IT processes, experts agree it’s only a matter of time before hackers set their sights on the operational technology (OT)… Continue reading OT security: what is it and should we be worried?
How to improve your OT cyber security maturity
With daily reports of OT security breaches and imminent changes to local legislation, it has never been more important for businesses to review their security settings. This can seem overwhelming, but no matter what your business’s size, it should be guided by three basic questions. What is your baseline security level? Every organisation, big… Continue reading How to improve your OT cyber security maturity
Would you risk it for a brisket?
Cyber security has become a hot topic across the world and an area that governments are paying more attention to, particularly around critical infrastructure. Every day, people across the globe wake up to the news of a new cyberattack, often in the form of crippling ransomware that encrypts files and locks users out of systems… Continue reading Would you risk it for a brisket?
New critical infrastructure laws: What you need to know
Last year saw a huge upheaval for businesses as they were forced to rapidly reimagine their operating systems and workforce engagement in response to Covid-19. And while vaccination rollouts provide some prospect of a return to “normality”, businesses must now prepare for the next big change – complying with the federal government’s new Security… Continue reading New critical infrastructure laws: What you need to know
IoT/OT Defence: Removing The Myth Pragmatically
The threat posed by state-sponsored threat actors on critical infrastructure has been a heated topic of discussion since 2010 and again this week the ACSC raised further concerns. While a lot of attention has been given to the malware and tactics used by advanced persistent threat groups, and rightfully so as it enables better defence… Continue reading IoT/OT Defence: Removing The Myth Pragmatically
Improving your OT security posture
Where ever you are on your OT/ICS cybersecurity journey we are here to help with services and products to suit your organisation. Let’s uplift the nations critical infrastructure assets to minimise any disruption to your operations.