About
Articles by Andrew
-
Upstream / Midstream / Downstream Cyber Attacks – Dependency Analysis
Upstream / Midstream / Downstream Cyber Attacks – Dependency Analysis
By Andrew Ginter
-
NIS2 and Its Impact on Operational Technology Cybersecurity
NIS2 and Its Impact on Operational Technology Cybersecurity
By Andrew Ginter
Activity
-
See you in Anaheim at EnergySec! Drop by booth 305, where I will be giving away free signed copies of my new book! Apologies to all those who are…
See you in Anaheim at EnergySec! Drop by booth 305, where I will be giving away free signed copies of my new book! Apologies to all those who are…
Shared by Andrew Ginter
-
Less than 24 hours to go! Make sure to visit Waterfall Security Solutions for the reveal! #Remoteaccess #OTsecurity #Criticalinfrastructure…
Less than 24 hours to go! Make sure to visit Waterfall Security Solutions for the reveal! #Remoteaccess #OTsecurity #Criticalinfrastructure…
Liked by Andrew Ginter
-
At Waterfall Security Solutions we've been working on something big! Our new remote access solution, made for OT networks, is being released on July…
At Waterfall Security Solutions we've been working on something big! Our new remote access solution, made for OT networks, is being released on July…
Liked by Andrew Ginter
Experience & Education
Licenses & Certifications
-
Information Technology Certified Professional (ITCP)
International Professional Practice Partnership (IP3)
Issued -
Certified Information Systems Security Professional (CISSP)
International Information Systems Security Certification Consortium (ISC)2
Issued -
Information Systems Professional (ISP)
Canadian Information Processing Society (CIPS)
Issued
Publications
-
Secure Operations Technology
Abterra Technologies Inc.
IT-SEC protects the information. SEC-OT protects physical, industrial operations from information, more specifically from attacks embedded in information. When the consequences of compromise are unacceptable – unscheduled downtime, impaired product quality and damaged equipment – software-based IT-SEC defences are not enough. Secure Operations Technology (SEC-OT) is a perspective, a methodology, and a set of best practices used at secure industrial sites. SEC-OT demands cyber-physical…
IT-SEC protects the information. SEC-OT protects physical, industrial operations from information, more specifically from attacks embedded in information. When the consequences of compromise are unacceptable – unscheduled downtime, impaired product quality and damaged equipment – software-based IT-SEC defences are not enough. Secure Operations Technology (SEC-OT) is a perspective, a methodology, and a set of best practices used at secure industrial sites. SEC-OT demands cyber-physical protections - because all software can be compromised. SEC-OT strictly controls the flow of information – because all information can encode attacks. SEC-OT uses a wide range of attack capabilities to determine the strength of security postures - because nothing is secure. This book documents the Secure Operations Technology approach, including physical offline and online protections against cyber attacks and a set of twenty standard cyber-attack patterns to use in risk assessments.
-
The Top 20 Cyberattacks on Industrial Control Systems
Waterfall Security Solutions
This paper proposes that cyber risk be communicated as a Design Basis Threat (DBT) line drawn through a representative “Top 20” set of cyber attacks spread across a spectrum of attack sophistication. These Top 20 attacks have been selected to represent cyber threats to industrial sites across a wide range of circumstances, consequences and sophistication. Many industrial cyber risk practitioners will find the list useful as-is, while expert practitioners may choose to adapt the list to their…
This paper proposes that cyber risk be communicated as a Design Basis Threat (DBT) line drawn through a representative “Top 20” set of cyber attacks spread across a spectrum of attack sophistication. These Top 20 attacks have been selected to represent cyber threats to industrial sites across a wide range of circumstances, consequences and sophistication. Many industrial cyber risk practitioners will find the list useful as-is, while expert practitioners may choose to adapt the list to their more detailed understanding of their own sites’ circumstances.
-
SCADA Security - What's broken and how to fix it
Abterra Technologies Inc.
Modern attacks routinely breach SCADA networks that are defended to IT standards. This is unacceptable. Defense in depth has failed us. In "SCADA Security" Ginter describes this failure and describes an alternative. Strong SCADA security is possible, practical, and cheaper than failed, IT-centric, defense-in-depth. While nothing can be completely secure, we decide how high to set the bar for our attackers. For important SCADA systems, effective attacks should always be ruinously expensive and…
Modern attacks routinely breach SCADA networks that are defended to IT standards. This is unacceptable. Defense in depth has failed us. In "SCADA Security" Ginter describes this failure and describes an alternative. Strong SCADA security is possible, practical, and cheaper than failed, IT-centric, defense-in-depth. While nothing can be completely secure, we decide how high to set the bar for our attackers. For important SCADA systems, effective attacks should always be ruinously expensive and difficult. We can and should defend our SCADA systems so thoroughly that even our most resourceful enemies tear their hair out and curse the names of our SCADA systems' designers.
-
Industrial Internet Consortium Security Framework
Industrial Internet Consortium
IIC members have developed a common security framework and an approach to assess cybersecurity in Industrial Internet of Things systems. A true collaborative project in every sense of the word, The Industrial Internet Security Framework (IISF) is the most in-depth cross-industry-focused security framework comprising expert vision, experience and security best practices. It reflects thousands of hours of knowledge and experiences from security experts, collected, researched and evaluated for the…
IIC members have developed a common security framework and an approach to assess cybersecurity in Industrial Internet of Things systems. A true collaborative project in every sense of the word, The Industrial Internet Security Framework (IISF) is the most in-depth cross-industry-focused security framework comprising expert vision, experience and security best practices. It reflects thousands of hours of knowledge and experiences from security experts, collected, researched and evaluated for the benefit of all IIoT system deployments.
Languages
-
English
Native or bilingual proficiency
-
German
Limited working proficiency
More activity by Andrew
-
See you on Thursday, July 24th for the second webinar in the CIE webinar series. I'll be talking about "Making Decision-Makers Aware of…
See you on Thursday, July 24th for the second webinar in the CIE webinar series. I'll be talking about "Making Decision-Makers Aware of…
Shared by Andrew Ginter
-
Keep you eyes peeled on July17th & follow Waterfall Security Solutions! ICS and OT managers are going to love this one ;)
Keep you eyes peeled on July17th & follow Waterfall Security Solutions! ICS and OT managers are going to love this one ;)
Liked by Andrew Ginter
-
What if we told you that at Waterfall Security Solutions we've been working on a full-featured remote access solution that maintains the physical…
What if we told you that at Waterfall Security Solutions we've been working on a full-featured remote access solution that maintains the physical…
Liked by Andrew Ginter
-
This week will bring a new revolution in the OT Security space! What if we told you that at Waterfall Security Solutions we've been working on a…
This week will bring a new revolution in the OT Security space! What if we told you that at Waterfall Security Solutions we've been working on a…
Liked by Andrew Ginter
-
Keep you eyes peeled on July 17th & follow Waterfall Security Solutions! ICS and OT managers are going to love this one
Keep you eyes peeled on July 17th & follow Waterfall Security Solutions! ICS and OT managers are going to love this one
Liked by Andrew Ginter
-
Keep you eyes peeled on July 17th & follow Waterfall Security Solutions! ICS and OT managers are going to love this one
Keep you eyes peeled on July 17th & follow Waterfall Security Solutions! ICS and OT managers are going to love this one
Liked by Andrew Ginter
-
At Waterfall Security Solutions we've been working on something big! Our new remote access solution, made for OT networks, is being released on July…
At Waterfall Security Solutions we've been working on something big! Our new remote access solution, made for OT networks, is being released on July…
Liked by Andrew Ginter
-
Why should you have to choose? What if we told you we’ve been working on a full-featured remote access solution that maintains the physical…
Why should you have to choose? What if we told you we’ve been working on a full-featured remote access solution that maintains the physical…
Liked by Andrew Ginter
-
What if we told you that at Waterfall Security Solutions we've been working on a full-featured remote access solution that maintains the physical…
What if we told you that at Waterfall Security Solutions we've been working on a full-featured remote access solution that maintains the physical…
Liked by Andrew Ginter
Other similar profiles
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Andrew Ginter
13 others named Andrew Ginter are on LinkedIn
See others named Andrew Ginter