ot-security
Safeguard articles tagged "ot-security" — guides, analysis, and best practices for software supply chain and application security.
10 articles
Eppendorf BioFlo 320 Bioreactor: A Hard-Coded VNC Password Earns CVSS 9.8 (CISA ICSMA-26-146-01, May 2026)
CISA's May 26, 2026 medical advisory flags CVE-2026-7251, a hard-coded VNC password in all versions of the Eppendorf BioFlo 320 bioreactor. A remote attacker who reaches the device gets full control of cell-culture and bioprocess parameters. We break down the flaw and the fix.
Iran-Linked Actors Are Disrupting U.S. Water and Energy PLCs: Inside CISA/FBI Advisory AA26-097A (2026)
A joint FBI, CISA, NSA, EPA, DOE and Cyber Command advisory (AA26-097A, April 2026) warns that Iranian-affiliated actors are now causing operational disruption to internet-exposed PLCs across U.S. water, energy, and government facilities. Through May 2026 it is the defining OT threat. We unpack the campaign and the defense.
Supply Chain Security for Energy (NERC CIP) 2026
Supply chain security for energy utilities in 2026 means CIP-013-2, CIP-010-4 software integrity, and the CIP-015-1 internal network monitoring rollout.
Manufacturing OT Supply Chain Security in 2026
Manufacturing has converged IT and OT for a decade, and the supply chain risk has followed. Here is what IEC 62443-aligned vendor management looks like in 2026, with the threats that justify it.
ISA-TR62443-2-2-2025: Security Protection Schemes for IACS
The ISA released TR62443-2-2-2025 in December 2025, giving industrial operators actionable guidance for designing and validating a Security Protection Scheme. Here is what changed in OT defender practice.
SBOM requirements for industrial control systems (ICS/SCADA)
ICS/SCADA SBOM requirements are colliding with 20-year-old control systems that predate software transparency mandates. Here's what's required, why, and how to close the gap.
Energy Sector Software Security and NERC CIP Compliance
Power utilities and energy companies must secure software supply chains while meeting NERC CIP requirements. Here's a practical approach.
Software Updates in Air-Gapped Environments: Security Without Connectivity
Air-gapped environments protect critical infrastructure by eliminating network connectivity. But software still needs updates. Bridging this gap without introducing the risks you isolated against is the challenge.
Manufacturing OT Software Supply Chain: Securing the Factory Floor
Manufacturing OT systems depend on software supply chains that most security teams don't monitor. Here's how to extend supply chain security to the factory floor.
Digital Twins and Supply Chain Security: Securing the Virtual Mirror
Digital twins replicate physical systems in software. When the software supply chain of a digital twin is compromised, the consequences extend to the physical world.