Read Ordr Security Bulletin on Volt Typhoon Advisory Read more here!

Legislation and national policy changes are necessary, but organizations can’t wait for them to take effect

A recent security alert from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) highlighting advanced persistent threats against internet connected operational technologies (OT), including industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices, raises the stakes for the federal government to mandate stricter security standards for manufacturers of internet-connected devices.

In response to the growing number of threats to its governmental agencies, critical infrastructure, healthcare institutions, and businesses of every type and size, the White House and lawmakers have introduced stiffer standards, clearer guidance, updated policies, and legislation to compel organizations to increase their security posture, and to design more secure products. These include memos on achieving Zero Trust, the PATCH Act to increase medical device security, NIST whitepapers redefining critical infrastructure, the IoT Cybersecurity Improvement Act, and an Executive Order on Improving the Nation’s Cybersecurity, to name a few.

Troubling Trends

Ordr has voiced its support for these measures because it is clear that business-as-usual in cybersecurity is not getting the job done. Here are some numbers that illustrate the growing threat to the integrity of connected devices and the people and organizations that rely on them:

  • According to the United Nations, cyberattacks against healthcare organizations has increased 600% worldwide since the start of the pandemic in 2020;
  • There are more than 4,000 ransomware attacks every day, and an organization falls victim to a ransomware attack every 14 seconds;
  • The total costs of cybercrime, which were estimated at $6 trillion in 2021, are expected to exceed $10 trillion by 2025;
  • The FBI’s Internet Crime Complaint Center (IC3) investigated 649 successful ransomware attacks on U.S. critical infrastructure organizations in 2021; and,
  • Researchers tracked a 110% increase in vulnerabilities in connected devices in healthcare environments since 2019, and a 55% increase in attacks against the healthcare industry.

These are just a few of the troubling trends that demonstrate the need for a strong, national response for improving cybersecurity. But legislation and policies take time to draft, pass, and implement. In the meantime, organizations that rely on devices that make up the realm of OT, the internet of things (IoT), the internet of medical things (IoMT), and other systems and devices that connect to public networks must take steps now to harden their existing infrastructures against threats that target such systems.

A New Approach is Needed–And Available

Operational technologies form the backbone of modern industrial productivity. Many of the connected devices and cyberphysical systems that run production lines, keep facilities operating, and that support transportation and logistics were not designed with cybersecurity in mind. But as formerly air-gapped systems have become dependent on data and connectivity, they have become vulnerable. That is reflected in the attacks we see increasing on OT environments, which often can start with IT and IoT devices, and  do not require sophisticated approaches to be successful. But they do require a new approach to security.

The emphasis on achieving a Zero Trust posture for IT architectures is vital. The growing number and sophistication of the elements of today’s IT estates, including connected IT, IoT, IoMT, and OT devices means it is impossible for traditional, human-centric approaches to security to succeed. Zero Trust requires machine learning and automation to achieve complete visibility across all aspects of technical infrastructure and to respond to indicators of compromise affecting devices.

When threats are detected, security policy enforcement can isolate affected systems and segment those that are mission critical to allow operations to continue while mitigation unfolds, thereby limiting an organization’s vulnerable attack surface and limiting risks. Ordr’s technology has been proven more than capable of providing this level of performance, allowing organizations to see across their network, know what devices are connected and their level of vulnerability, and to secure those devices from attack by addressing four key aspects of cyber asset attack surface management:

  1. Identify your complete attack surface – Know what devices are in the network and risks they bring.
  2. Map the transaction flows – Understand what devices are doing. Unlike users, devices have deterministic communications patterns for their “roles”
  3. Architect/Create Zero Trust policies – This has to be automated to prevent errors, and to scale for hundreds of thousands of devices in the network.
  4. Monitor/maintain the network – Continue to discover devices, and monitor them for risks and anomalies.

When device security must be a priority—whether government, healthcare, manufacturing, or other critical infrastructure environments—organizations around the world trust Ordr for protecting their OT, IoT, IoMT and other connected devices. We can help your organization identify, inventory, assess, and protect your connected devices within minutes. Contact us at info@ordr.net.


The Executive Order 14028 has sent ripples through the cybersecurity industry. Since my last blog post where I provided my reflections on the EO, NIST has published their definition of ‘critical software’ in their official white paper published on June 25, 2021.

Operational technologies comprise the industrial hardware and software systems that form the backbone of industry. Manufacturing equipment, building automation systems, facilities management controls, transportation and logistics infrastructure are all essential to managing critical operations.

In the guidance, NIST clearly defines Operational Technology as critical software that must be secured. At Ordr, we know fully the gravity of this situation and have built our solution around this paradigm to give our customers the peace of mind, in knowing that they can effectively identify, manage and secure their critical infrastructure devices in their critical infrastructure in support of this crucial mission for the United States.

From the NIST Whitepaper:

NIST recommends that the initial EO implementation phase focus on standalone, on-premises software that has security-critical functions or poses similar significant potential for harm if compromised.

Subsequent phases may address other categories of software such as:

  • software that controls access to data;
  • cloud-based and hybrid software;
  • software development tools such as code repository systems, development tools, testing software, integration software, packaging software, and deployment software;
  • software components in boot-level firmware;
  • or software components in operational technology (OT).

EO-critical software is defined as any software that has, or has direct software dependencies upon, one or more components with at least one of these attributes:

  • Is designed to run with elevated privilege or manage privileges;
  • Has direct or privileged access to networking or computing resources;
  • Is designed to control access to data or operational technology;
  • Performs a function critical to trust; or,
  • Operates outside of normal trust boundaries with privileged access.

The definition applies to software of all forms (e.g., standalone software, software integral to specific devices or hardware components, cloud-based software) purchased for, or deployed in, production systems and used for operational purposes. Other use cases, such as software solely used for research or testing that is not deployed in production systems, are outside of the scope of this definition.

The preliminary list of software categories considered to be EO-Critical:

  • Identity, credential, and access management (ICAM)
  • Operating systems, hypervisors, container environments
  • Web browsers
  • Endpoint security
  • Network control
  • Network protection
  • Network monitoring and configuration
  • Operational Monitoring and Analysis
  • Remote scanning
  • Remote access and configuration management
  • Backup/recovery and remote storage

As an extension of the focus on Operational Technology, on July 20, the Department of Homeland Security (DHS) issued a security directive requiring owners and operators of critical pipelines that transport hazardous liquids and natural gas to implement “urgently needed protections against cyber intrusions.”

In an earlier security directive in late May, immediately following the Colonial Pipeline cyber attack, the DHS began requiring US pipeline operators to conduct a cyber security assessment. The May 2021 Security Directive requires critical pipeline owners and operators to (1) report confirmed and potential cybersecurity incidents to CISA; (2) designate a Cybersecurity Coordinator to be available 24 hours a day, seven days a week; (3) review current practices; and, (4) identify any gaps and related remediation measures to address cyber-related risks and report the results to TSA and CISA within 30 days.

These are all the right steps toward improving the Nation’s Cybersecurity. We are eager to extend the work we already have underway with many federal agencies and organizations that need to protect their Operational Technology. With the Ordr platform, our focus is on visibility and security for cyber resilience:

  • Continuous visibility into all devices and their vulnerabilities (IT, IoT, and OT):

Ordr can help you identify what assets are in your environment. This allows you to examine your entire business process when calculating risk. It is important to not overlook what seem to be simple IT or IoT systems or processes like shipping or logistics, like billing. Those systems are as critical to production, processing, and delivery as any refinery equipment or manufacturing sensors.

  • Intelligent insights into how devices are behaving:

We detect known threats via our integrated threat detection engine to identify exploits, active threats and attacker lateral movement tools. We also use machine learning to baseline and map exactly how every device is behaving and what it is communicating to. This is critical to surface unknown threats and anomalous communications, particularly when attackers have already infiltrated your network. Ultimately we have to examine cyber resilience via full spectrum understanding of the flow of device communications (transactions and data) as well as we understand the flow of oil or manufacturing processes.

  • Automated policies on existing infrastructure:

The most critical function during an attack on OT environments is cybersecurity resilience, how quickly you can respond to an attack and continue business operations. Ordr not only tells you what device is being compromised, where it’s located, what it is doing and who it is communicating with, we also dynamically generate the policies to mitigate threats on your security and networking infrastructure. We can automate the creation of NGFW policies, ACL blocks, quarantine VLAN assignment, port shutdown, or session termination with one click of a button– enforced on existing switches, wireless controllers, and firewalls, or via NAC platforms.

Our work doesn’t just stop in the United States. Being a global leader in IoT, IoMT and OT Security, we are proactively embedding best practices, as well as lessons learned, to nations around the world. The US is not alone in their struggle against threat actors that wish to do them harm. This is highlighted in recent events in Germany, Canada, Australia, United Kingdom as well as other many other nations and industries. We are doing our part to make the giant leap towards a better and safer future.

Setup a time with us to start the process today and you’ll be able to see what connected devices are on your network in minutes.


More than a decade ago, operational technology (OT) was d only used in manufacturing and industrial environments and airgapped from the rest of the organization. Today, the convergence of information technology (IT) and OT, and the growth of the internet of things (IoT) is revolutionizing the way organizations monitor systems, share and analyze data, and efficiently make decisions based on near real-time information. While this transformation brought about a modernization of how IT, IoT, and OT systems share invaluable data to empower business operations, it also brought about the alarming realization that none of these devices were created with security in mind. With ubiquitous connectivity comes the increase in ways to exploit them to gain access to sensitive data.

The convergence of IT and OT calls for the need to address identifying all network connected devices, how they are communicating and properly assess the risk associated. This is why Gartner named Ordr as a Representative Vendor in the Market Guide for OT Security.

As described in the Gartner report, the OT/CPS (Cyber Physical Systems) security journey for organizations aligns with six key phases. “Once they enter the “Oh Wow!” Phase [3], organizations realize that security — whether IT, OT, physical or supply chain — needs a whole-of-enterprise focus. Historical IT and OT functional differences are becoming a liability when security is involved. Due to design, age or function, the unique requirements of OT systems now add to IT security concerns in ways that can no longer be ignored. Modernization efforts bring risk, reliability and safety discussions to the forefront. As a result, leading organizations are starting to elevate OT security requirements into their enterprise risk management (ERM) efforts by adopting an integrated security strategy across IT, OT, CPS, physical security and supply chain security.”

Phase 3. The “Oh Wow!” Moment: Invariably, proof of concepts (POCs) become eye openers. For example:

  • Unmanaged assets are connected everywhere.
  • OT networks that were initially designed to be highly segregated have become flatter than realized.
  • Ports on all kinds of systems in all kinds of remote locations are wide open.
  • OEMs are accessing the machines they sold remotely and no one is managing it.
  • Disclosed vulnerabilities on old OSs have never been evaluated for possible patching.
  • The functional silos between separate security disciplines (e.g., cybersecurity, physical security, supply chain security, product security, health and safety) are creating seams that bad actors can exploit.
  • The realization sets in that operational environments where security is lacking are centers of value creation for most organizations; however, no centralized governance exists to start making sense of it all. Recognition develops that roles and responsibilities for a wide variety of (security related) processes and decisions have never been clear, let alone agreed on.

At Ordr we’ve helped top global organizations address visibility and security with a whole-enterprise approach — from traditional servers, workstations and PCs to IoT, IoMT and OT devices. We have created a solution that passively and in real-time discovers what devices are on the network, profiles device behavior and risks, and then automates the appropriate action. Our relationship with our customers has been one of mutual benefit, we have worked together to evolve our solution and address new use cases. As a result, we’re grateful and proud to serve our customers and be been named in the Market Guide for OT Security as a solution addressing device visibility and security.

For the report, click here.

Gartner Market Guide for Operational Technology Security, Katell Thielemann, Wam Voster, Barika Pace, Ruggero Contu,13th January 2021

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.