In recent months, there has been a significant increase in ransomware attacks on industrial companies and critical infrastructure, including the Colonial Pipeline attack which caused fuel shortages across the East Coast of the U.S for over a month and led to a payment of a $4.4 million ransom. As a result – and to provide cyber visibility across all IT, OT and IoT environments – we partnered with OTORIO, the provider of next-generation OT cyber and digital risk management solutions, to provide an integrated solution to companies with converged IT, OT and IoT environments looking for proactive ransomware protection.
In response to the devastating impact of these attacks, the Department of Homeland Security’s Transportation Security Administration (TSA) announced a new Security Directive that will require critical pipeline owners and operators to:
- Report confirmed and potential cybersecurity incidents to the DHS Cybersecurity and Infrastructure Security Agency
- Designate a Cybersecurity Coordinator to be available 24 hours a day, seven days a week
- Require critical pipeline owners and operators to review their current practices and identify any gaps and related remediation measures to address cyber-related risks
- Report the results to TSA and CISA within 30 days
“The cybersecurity landscape is constantly evolving and we must adapt to address new and emerging threats,” said US Secretary of Homeland Security Alejandro N. Mayorkas in response to the new TSA regulations.
A single-pane solution to identify and quantify industrial cyber risks
Our partnership with OTORIO will help our customers convert the latest regulations into a practical cybersecurity work plan, while improving their overall security postures and safeguarding them against the next crippling attack.
The partnership provides cyber visibility across all IT, OT and IoT environments, enabling organizations to quantify their cyber risks, identify exposures, and build long-term cybersecurity best practices. The fully automated solution simplifies the compliance processes, as well as ongoing risk monitoring.
By proactively identifying exposures and potential attack vectors and addressing them before they become breaches, CYE and OTORIO enable companies to significantly reduce risks, with fewer resources to optimize their cybersecurity investments.
By combining forces, CYE and OTORIO offer:
- A single pane of glass to continuously monitor IT, OT and IoT security postures
- Complete coverage of security visibility, including areas that are currently being shielded by blind spots
- Quantification of risks and identification of exposures across all IT, OT and IoT environments
- Long-term cybersecurity best practices through a combination of technology and services
- Simplified compliance processes
“The partnership with OTORIO comes at a time when we see a significant uptick in ransomware attacks on companies providing critical services to the public,” said founder and CEO of CYE Reuven Aronashvili. “CYE aims to alleviate the burden on companies that can’t afford any operational downtime, while giving them peace of mind that they are protected against any future need to pay a heavy ransom.”
“Cybercriminals have become as powerful as nation-state adversaries, posing a real threat to operational continuity,” said Daniel Bren, Co-founder and CEO of OTORIO. “Our joint solution with CYE simplifies cybersecurity for converged IT/OT/IoT environments by adopting a proactive risk-reduction approach instead of traditional intrusion detection and response methods.”
Shoring up all defenses to protect industrial companies of all sizes and in all locations
As a result of the ongoing threat posed by industrial ransomware attacks, the US National Security Council noted the private sector’s unique responsibility in helping the federal government strengthen critical assets against these types of destructive attacks. As recent events have highlighted: no company is safe from being targeted by ransomware no matter the size or location.
“Businesses of every size are finding it hard to combat the emerging cyber threat either because they lack the financial resources or because they lack the skill set,” says Scott E. Augenbaum, a former supervisory special agent at the FBI’s Cyber Division, Cyber Crime Fraud Unit. “The answer lies with the public/private sector taking proactive steps to keep their networks safe by partnering with subject-matter experts who develop smart cybersecurity solutions that are easy to install and manage.”
Watch: Expert panel discussion
Click here to watch leading security experts discuss the TSA Pipeline Security Directive and how it can be turned into an actionable work plan.