Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

levelblue

Poland's Energy Sector Attack is a Wake-Up Call for Improving Edge Security

Feb 16, 2026 By Peter Hawes In LevelBlue
The Cybersecurity Infrastructure Security Agency (CISA) issued an alert this week based on an attack that struck Poland’s energy sector in late 2025. The attack compromised the operational technology (OT) and industrial control systems (ICS) in 30 renewable energy and heating plants, impacting 500,000 people and also that nation’s manufacturing sector.
Read Post
xona systems

Service Advisory: What Recent Remote Access Disruptions Remind Us About Security Evolution

Jan 22, 2026 By Cody Jaster In Xona
Security incidents and service disruptions are never simple. They are rarely the result of a single mistake, and they don’t only happen to organizations that “did something wrong.” In reality, many of the most capable, well-resourced companies experience them precisely because they operate at scale, under constant pressure, and within complex, interconnected environments.
Read Post
bitsight

A Day Without ICS: The Overlooked ICS Risks That Could Bring Operations to a Halt

Jan 14, 2026 By Emma Stevens In BitSight
Have you ever watched AMC’s The Walking Dead? Before the walkers, before the chaos, there is a quieter moment that often goes unnoticed. The power is out. Roads are empty. Hospitals are running on borrowed time. The world has not fallen apart yet, but it is no longer working. That is what a day without ICS and OT would look like. Industrial control systems (ICS) and operational technology (OT) are the systems that run the physical world.
Read Post

ICS phishing with Jon Gaulding

Dec 19, 2025 By LimaCharlie In LimaCharlie
Join us for this week's Defender Fridays as we explore ICS phishing and calendar invite abuse with John Gaulding, Full Stack Engineer at Sublime Security. John examines how attackers are weaponizing calendar invites to bypass email security defenses and create persistent attack vectors. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.
View Video
Securing PLCs in OT Environments: Practical Steps for Ops Teams

Securing PLCs in OT Environments: Practical Steps for Ops Teams

Dec 18, 2025 By SecuritySenses In SecuritySenses
Programmable Logic Controllers (PLCs) form the foundation of operational technology (OT) environments, governing everything from assembly lines to critical infrastructure utilities. While traditionally isolated by air gaps, modern connectivity has exposed these assets to new risks. If compromised, a PLC can be manipulated to cause physical damage, safety hazards, and significant downtime. However, securing these devices does not always require deep firmware re-engineering or replacing entire fleets of hardware.
Read Post
IIoT Data Hygiene: How Clean Telemetry Improves Reliability

IIoT Data Hygiene: How Clean Telemetry Improves Reliability

Dec 18, 2025 By SecuritySenses In SecuritySenses
IIoT data hygiene is the set of operational practices that ensure telemetry remains accurate, timely, and trustworthy for monitoring and analytics. In the rush to connect assets, teams often overlook the quality of the data stream itself, leading to noisy alerts and unreliable models. This article focuses on practical actions Ops teams can implement with low risk and limited engineering effort.
Read Post
foresiet

The New Mandate: CISA CPG 2.0 and the Evolution of Critical Infrastructure Security

Dec 16, 2025 By Foresiet In Foresiet
The digital threats facing critical infrastructure—from energy grids and water treatment plants to hospitals and financial systems—are no longer theoretical. Nation-state actors and organized cybercrime are relentlessly targeting these essential services. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has responded with the updated Cybersecurity Performance Goals (CPG) 2.0, moving the industry beyond simple compliance toward verifiable cybersecurity resilience.
Read Post
xona systems

Are You in Control of Who is Accessing Your Critical Systems?

Nov 12, 2025 By Roark Pollock In Xona
Remote access has become essential. However, for most industrial organizations, it’s also become the most dangerous blind spot in their cybersecurity posture. The tools many teams still rely on VPNs, jump servers, and shared logins that were never built for today’s OT and IT environments. These legacy systems were designed decades ago, when connectivity was simpler and threats were fewer.
Read Post
xona systems

Disconnected Access Explained: How Xona Protects Critical Systems Without Network Connectivity

Nov 6, 2025 By Raed Albuliwi In Xona
Remote access isn’t optional in critical infrastructure anymore; it’s operationally essential. Whether for maintenance, OEM support, remote field work, or incident response, industrial organizations must enable access to critical systems. But, legacy access methods like VPNs, jump servers, and even agent-based Zero Trust or IT-based remote privileged access management (RPAM) tools all share one dangerous flaw: they implicitly trust the endpoint.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.