In this episode of OT After Hours, Ken Kully (Systems Support Lead for Rockwell SecureOT) is joined by Natalie Kalinowski (Network & Cybersecurity Specialist), and Mustafa Aamir (Application Consultant Cyber-NCS), for a timely discussion about the December 2025 cyber attack on Poland's power infrastructure, a contemporaneous physical infrastructure attack in Germany, and cyber attacks that have surrounded the recent war in Iran.
But it's not all doom and gloom! Many of these attacks follow a familiar script, exploiting basic vulnerabilities like lack of MFA and reused credentials; addressing these can significantly improve security posture. And many of these "low hanging" mitigations, such as changing credentials and implementing MFA, can be undertaken internally without extensive external support, enabling quick improvements.
Key Takeaways
- Asset Management and Risk Analysis: Use "crown jewels" analysis, risk assessment, and understanding operational risk versus CVSS scores to prioritize protection of critical devices and vulnerabilities.
- Basic Cyber Hygiene: Implement cybersecurity controls such as network segmentation, VLAN configuration, basic hardening, and eliminating static credentials; these measures are cost-effective and provide significant risk reduction.
- External Expertise and Virtual Advisors: Bring in external consultants or virtual security advisors on a flexible basis to supplement in-house expertise, especially for organizations with diverse infrastructure and limited budgets.
- Incident Response and Tabletop Exercises: Perform regular review and rehearsal of incident response plans, including tabletop exercises based on real-world attack scenarios, to evaluate preparedness and identify gaps.
- Leveraging Open Source Intelligence: Use available tools to proactively identify exposed assets and low-hanging fruit, enabling operators to secure their attack surface before adversaries exploit it.
Subscribe
Follow and subscribe for more episodes on Apple Podcasts, Spotify, YouTube, or wherever you get your podcasts.
Get in Touch
🔗 LinkedIn | YouTube | X | Contact Us
