A place for me to store, reference and of course share standards, articles and research relating to Cybersecurity for OT, IIoT, IoT, ICS, PLC and SCADA.

This page is split into three sections

1. The Standards that will impact OT, IIoT and IoT equipment, processes and security
2. Research from various sources on OT, IIoT and IoT equipment, processes and security
3. Articles and publications on OT, IIoT and IoT equipment, processes and security

Standards

• U.S. Government Issues Cybersecurity Warning to Critical Infrastructure Operators and Others
• CISA’s Alerts page
• Top construction cybersecurity challenges and risk mitigation tips
• Hackers Make Hay? Smart Tractors Vulnerable to Full Takeover
• IEC publishes IEC 62443-2-1:2024, setting security standards for industrial automation and control systems
• UK – UK IoT law coming in 2024
• The UK Code of Practice for Consumer IoT Security (March 2021)
• Industrial Control Systems Community of Interest GUIDANCE: Considerations for Cyber Incident Response Planning within Industrial Control Systems/Operational Technology
• CISA – Industrial Control Systems
• The FBI, CISA, NSA and US Treasury fact sheet on best practices for the secure use of Open Source Software (OSS) for senior leadership and operations personnel at critical infrastructure facilities and operational technology vendors.  Improving Security of Open Source Software in Operational Technology and Industrial Control Systems
• NIST IOT NIST SP 1800-32 Securing Distributed Energy Resources: An Example of Industrial Internet of Things Cybersecurity
• NIST Zero Trust NIST SP 800-207 Zero Trust Architecture
• NIST – SP 800-82 Rev. 3 (Initial Public Draft) – Guide to Operational Technology (OT) Security
• NIST – SP 800-82 Rev. 2 Guide to Industrial Control Systems (ICS) Security
• McKinsey & Co – Cybersecurity for the IoT: How trust can unlock value
• MITRE ATT&CK – ICS Matrix
• ISA/IEC 62443 Series of Standards
• IEC 62443
• NIS2 The NIS2 Directive: A high common level of cybersecurity in the EU
• UNECE R155
• UNECE R156
• IEEE – Electric Vehicle Charging Station: Cyber Security Challenges and Perspective
• ENISA – 5G Supplement – to the Guideline on Security Measures under the EECC
• ISO 21434 ISO/SAE 21434:2021 Road vehicles — Cybersecurity engineering
• Webinar – How to achieve Cybersecurity Compliance as an Automotive Supplier
• ISO 21823 1 ISO/IEC 21823-1 Internet of things (IoT) — Interoperability for IoT systems — Part 1: Framework
• ISO 21823 2 ISO/IEC 21823-2:2020 Internet of things (IoT) — Interoperability for IoT systems — Part 2: Transport interoperability
• ISO 21823 3 ISO/IEC 21823-3:2021 Internet of things (IoT) — Interoperability for IoT systems — Part 3: Semantic interoperability
• ISO 21823 4 ISO/IEC 21823-4:2022 Internet of things (IoT) — Interoperability for IoT systems — Part 4: Syntactic interoperability
• Purdue Enterprise Reference Architecture

Research

• CISA – Cybersecurity Performance Goals 2.0 for Critical Infrastructure
• Dragos – The 2025 OT Security Financial Risk Report
• Forescout – 44% of Industrial Organizations Claim to Have Real-Time Cyber Visibility, but Nearly 60% Can’t Reliably Detect OT/IoT Threats
• Honeywell – New Honeywell 2025 Cyber Threat Report reveals ransomware surges 46 percent with OT systems as key targets
• ISA – IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
• ABI – Surging OT cybersecurity sales could outstrip IT
• US Government Accountability Office – Improvements Needed in Addressing Risks to Operational Technology
• The Common Weakness Enumeration (#CWE) project, version 4.14 introduces a new view titled “Weaknesses Addressed by ISA/IEC62443 Requirements”
• Nozomi – Research Report: Assessing the Threat Landscape
• TXone – The Crisis of Convergence: OT/ICS Cybersecurity 2023
• Fortinet – 2023 State of Operational Technology and Cybersecurity Report
• Asimily – IoT Device Security in 2024: The High Cost of Doing Nothing
• A forensic framework to improve digital image evidence administration in IIoT
• KeyFactor – Digital Trust in a Connected World: Navigating the State of IoT Security
• LogPoint – NIS2 – What is it and how it impacts cybersecurity
• Noname – API Security Disconnect 2023
• Asimily – Total Cost of Ownership Analysis on Connected Device Cybersecurity Risk 
• Ultimaco – Circles of Trust 2023: Exploring Consumer Trust in the Digital Society
• Nozomi – Unpacking the Threat Landscape With Unique Telemetry Insight
• SANS (Trend Micro) – Breaking IT/OT Silos with ICS/OT Visibility – 2023 SANS ICS/OT visibility survey
• Palo Alto – 8 Stages of the IoT Attack Lifecycle
• Marsh – Electric vehicle charging infrastructure in Europe: How operators can manage risks effectively
• Ondeso – Industrial IT Terms Glossary
• Verizon 2023 DBIR – 2023 Data Breach Investigations Report
• Allianz – Allianz 2023 Safety and Shipping Review 2023
• Waterfall – 2023 Threat Report
• Coalition – Cyber Insurance – 2022 Cyber Claims Report: Mid-year Update
• Gartner – Market Guide for Operational Technology Security
• Allianz – Allianz Risk Barometer 2023: Cyber and business interruption top threats as economic and energy risks rise
• Blackberry – Operational Technology Cyberattacks and the 2023 Threat Landscape [Research]
• CISA – Cybersecurity Best Practices for Smart Cities
• Nokia – Nokia and ABI Research unveil Industry 4.0 maturity index for industrial campuses
• Dragos – The 2022 ICS/OT Vulnerability Briefing Recap
• Claroty – State of XIoT Security: 2H 2022
• Nozomi/SANS – The State of ICS/OT Cybersecurity in 2022 and Beyond
• SANS – The State of ICS/OT Cybersecurity in 2022 and Beyond
• IEEE – Research on Industrial Internet of Things Security Architecture and Protection Strategy
• IEEE – Security and Privacy in the Industrial Internet of Things: Current Standards and Future Challenges
• IEEE – Cybersecurity for Industrial Internet of Things: Architecture, Models and Lessons Learned
• Emerging Cybersecurity Capability Gaps in the Industrial Internet of Things: Overview and Research Agenda
• Cyber security 4.0: protecting the Industrial Internet Of Things
• Ericsson – Investigation of security and functional safety in industrial IoT
• Lloyds Register – Foresight review on Cyber Security for the Industrial Internet of Things
• Forescout – The Enterprise of Things Security Report: The State of IoT Security
• Barracuda – The state of industrial security in 2022
• Cyber Security and Privacy Issues in Industrial Internet of Things
• UK Government Research – Consumer Attitudes Towards IoT Security
• UL – IoT Security Top 20 Design Principles

Articles

• Industrial cybersecurity redefined by regulatory pressure demanding visibility, governance and harmonisation
• The Hype Machine: Unpacking Claims of Physical Consequences in Cyberattacks
• FDA Urges Medical Product Makers to Beef Up OT Security
• Three-quarters of building systems exposed to cyber risks
• S4x25: A Market at an Inflection Point – A Deep Dive
• Cybersecurity Best Practices in the Manufacturing Sector
• OT protection: Is air-gapping the answer?
• Report: Threat Actors Increasingly Targeting OT Organisations
• Dragos report shows rising OT cybersecurity threat in Australia
• Supercharged Protection: Preventing EV Chargers Cyberattacks with LogRhythm
• How Industrial IoT Solutions Can Drive Industry 4.0 Success
• The Integration of the IIoT and AI in Smart Factories
• Cyberattacks Wreaking Physical Disruption on the Rise
• OT-IT convergence will fast-track the next rail growth wave
• The Zero Trust model addresses vulnerabilities in converged manufacturing environments
• Cisco, partners to offer tailored IoT/OT packages
• Navigating NIS2 requirements with Microsoft Security solutions
• Guiding Your Secure Development Lifecycle Journey with Frameworks and Standards
• Applicability of NIS2 to Aviation Manufacturing
• Cybersecurity for rail systems – how to maintain it in the digital age
• IoT Device Security in 2024: The High Cost of Doing Nothing
• A forensic framework to improve digital image evidence administration in IIoT
• How To Address OT And ICS Cyberattack Vulnerabilities
• IoT/OT Network Adversaries Advance Amidst Bug Barrage
• 7 key OT security best practices
• The IoT Revolution: Shaping The Future Of Business
• IoT vulnerability reporting obligations set to apply in EU from 2027
• Measuring ATT&CK Flow in Ripple Incidents
• Three essentials for a secure OT environment
• The Emergence Of Smart Cities In The Digital Era
• Preempting Threats to Connected Cars: The Importance of Cybersecurity in a Data-Driven Automotive Ecosystem
• LoRaWAN Brings the IoT Across Longer Distances (Part 1): The Technology
• LoRaWAN Brings the IoT Across Longer Distances (Part 2): Applications
• Demystifying the top five OT security myths
• Unveiling the risks of OT systems and how to secure them
• Protecting the Reliability of Critical Railway Networks
• In The Digital Era, Manufacturers Must Make Securing Their OT A Priority
• Getting ready for NIS2 with strong identity controls
• US energy firm shares how Akira ransomware hacked its systems
• 5G Devices Are Evolving Beyond Smartphones to Battery-less IoT
• UK Helping OTs Build “Cyber Resilience”
• Mitigate Four Cyber Threats Facing Automated Factories
• In The Digital Era, Manufacturers Must Make Securing Their OT A Priority
• As EV cyber risks rise, careful procurement planning can prevent headaches
• Bolstering OT to keep manufacturers safe
• Cybersecurity in the Age of Industrial 4.0
• Getting Started with NIS2
• Cybersecurity: “Securing the Industrial World Is Not the Same as Securing the Corporate World”
• How to Prioritize SCADA System Updates with Limited Resources
• Smart grid: IoT predictive maintenance guide
• NIS2 preparation advised as guide explains how cyber law interacts with DORA
• NIST 800-82 R2/R3: A Practical Guide for OT Security Professionals
• Global perspective on dealing with complexities of rail network cybersecurity using regulations, collaborations
• BitSight research reveals almost 100,000 exposed ICS, enabling hackers to access, control physical infrastructure
• Impact Of The IoT Trust Mark On Cybersecurity In The United States
• Every Network Is Now an OT Network. Can Your Security Keep Up?
• Kaspersky Unveils Alarming IoT Vulnerabilities and Dark Web’s Thriving DDoS Economy
• NIS 2: What companies must do for their cyber security
• 5 uses for IoT in field service management
• IoT and 5G: Transforming Public Transportation System
• National Cyber Strategy’s call to modernize OT is about controlling the future of conflict
• Why Is OT Cybersecurity Overlooked in Manufacturing?
• Panasonic Warns That Internet-of-Things Malware Attack Cycles Are Accelerating
• How Can IoT Pentesting Protect Your Private Data?
• Converging worlds: cyber-attacks and Operational Technology
• IoT is Key to Meeting Sustainable Development Goals by 2030
• Air-Gapped ICS Systems Targeted by Sophisticated Malware
• How can we tackle the serious security concerns over IoT?
• What is the Relationship Between IoT and Cloud Computing?
• 5G and Industrial IoT: A Match Made for the Next Industrial Revolution
• Addressing The National Legacy Of IoT And OT Risk
• OT Vulnerability Management: A Beginners Guide to Network Defense, Change Management, and System Hardening
• Building an infrastructure backbone for IoT utilization
• 6 Steps To Securing Operational Technology In Critical Infrastructure
• Bridging the IT/OT Gap: Finding the Lost Data
• 50% of Zero Trust Programs Risk Failure
• What the National Cyber Strategy Implementation Plan means for critical infrastructure
• ICS regulations, standards and directives improve cybersecurity in OT environments, though limitations prevail
• An Overview of IoT Regulations – Checklist for UK PSTI, EU RED and CRA
• Five ways to keep industrial control systems safe from cyberattacks
• Hiding in plain sight: The risks posed by OT systems and how to secure them
• Electrical Grid Stability Relies on Balancing Digital Substation Security
• Rail cybersecurity must be bolstered against ransomware attacks, IT/OT integration, geopolitical tensions
• The Role of Software Solutions in the Implementation of Industry 4.0 Technologies
• Boosting OT Security: A comprehensive guide for CISOs in the age of Industry 4.0
• CISA’s New ‘CyberSentry’ Program to Tighten ICS Security
• Dutch Critical OT Systems Vulnerable to Hacks. Hackers Could Exploit Inherent Vulnerabilities in OT Systems, Dutch NCSC Warns
• Five ways to get the board to think more seriously about OT security
• What is IoT Cyber Security? Darktrace
• The Intersection of Cybersecurity and IoT: Analyzing Attack Surface Impact
• IoT trends to watch out for in 2023
• Four ways to protect your OT environment from cybersecurity incidents
• Adding the operation focus to OT security
• 5 Must-Know Facts about 5G Network Security and Its Cloud Benefits
• What key IoT trends should we watch out for in the next decade?
• Lessons from a 40-year-long automotive OEM leader
• Securing the Supply Chain of the 5G Network Is Critical to Its Success
• Claroty exposes vulnerabilities in Teltonika’s IIoT products
• IoT Q&A With Amazon Web Service VP Yasser Alsaied
• What is NB-IoT and how does it work?
• Mitigating cybersecurity threats in water and wastewater
• Hyundai and Kia Thefts Keep Rising Despite Security Fix
• 5 Critical Controls for ICS and OT Cybersecurity Strategy
• Where Organizations Falter in Their Zero Trust Approaches
• The often-overlooked cybersecurity risk: unsecured printers
• What Is the Purdue Model for Industrial Control System (ICS) Security?
• Three Top Trends Driving Industrial Automation
• Why, And How, To Cyber Harden Industrial Operations
• Moving Process Data Across Segmented Networks
• Why Stopping Cyberattacks Against EV Charging Networks Is Critical
• Electric Vehicle Charging Stations: Unexpected Target for Cyber Attacks?
• EVs rev up cybersecurity challenges
• EV Charging Station Applications – a Growing Cyber Security Risk
• Zero Trust Data Security: It’s Time To Make the Shift
• Manufacturing under attack: Defending the factory floor
• New ‘Early Warning’ Platform Created To Head Off OT Security Threats
• Purdue Model for ICS Security
• 3 Ways IoT Can Make Industrial Workplaces Safer
• Aon identifies ‘invisible’ cyber risks to global energy storage market
• CISA Releases Advice for Defending Smart Cities
• Prevention Vs. Detection: What CISOs Need To Know For OT Security
• Saving Supermarket Supply Chains with IIoT
• Global surge in IoT cyberattacks seen
• Maritime Innovations: Cybersecurity
• The Future Of IoT Connectivity
• Bureau Veritas accredited as ISO 21434 inspection body
• Understanding IEC 62443
• Five critical components of effective ICS/OT security
• Dragos ICS/OT ransomware attacks up 87%
• ICS environments must safeguard cyber threat landscape by building resilience against nation-state actors
• Security-by-Design and -Default – Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default
• How to Ensure Security for IoT Edge Device Processors
• Unlocking The Power Of IoT For Your Business
• Securing industrial control systems and operational technology