Building a Simplified Defensible OT Architecture: BlastWave’s Educational Webinar Series for CISA Cybersecurity Awareness Month
October is designated as CISA’s Cybersecurity Awareness Month, a crucial time for organizations across the public and private sectors to pause and focus on strengthening their defensive posture. At BlastWave, we recognize that this push for education is especially critical within Operational Technology (OT) networks that power critical infrastructure, such as energy, water, and manufacturing.
Securing these environments is not just about preventing data breaches; it is about ensuring operational continuity, protecting health and safety, and avoiding catastrophic spills. To contribute meaningfully to this national awareness effort, we are launching a focused, four-part, 30-minute “lunch and learn” webinar series beginning this month.
Preventing OT Breaches: A How To Guide
This series is engineered specifically for the OT professional, addressing the core conflicts that plague industrial environments: Uptime vs. Patching and Accessibility vs. Security. We aim to simplify security, protect unpatchable legacy devices, and eliminate the initial attack surface that adversaries target.
Each session is a concise, actionable 30-minute exploration designed to fit into a busy workday, guiding the OT engineer from foundational principles of visibility to advanced network architecture and supply chain defense.
Here is an overview of the four sessions:
Part 1: The Invisible OT: How to Build a Complete Asset Inventory & 'Virtual Air Gap' for Legacy Systems
Tagline: Stop defending blindly. Learn to shield your unpatchable PLCs from the internet without touching firmware.
Visibility is the foundational principle of a defensible architecture. This session addresses the "Legacy Burden," explaining why legacy PLCs and SCADA systems are inherently unpatchable and how this creates chronic security gaps. We will detail why continuous, real-time asset inventory is foundational—aligning with the NIST Cybersecurity Framework’s "Identify" function and IEC 62443 mandates. The core topic will be implementing Network Cloaking, which acts as a “virtual air gap” by rendering assets invisible to proactively eliminate the initial reconnaissance phase of the attack chain, non-disruptively mitigating zero-day threats.
Part 2: Beyond Phishing: Blocking the Kill Chain’s First Punch with Passwordless Industrial MFA
Tagline: Eliminate the #1 attack vector. Why passwords and traditional MFA are dead on the plant floor, and what replaces them.
Compromised credentials are the primary method by which adversaries gain initial access to critical infrastructure. This webinar will detail why passwords and legacy multi-factor authentication (MFA) are easily compromised by modern, GenAI-driven phishing and MFA-bombing attacks. We will introduce the Passwordless Mandate (a phishing-resistant identity layer using device-bound cryptographic key pairs) as the critical Zero Trust Network Access (ZTNA) core principle of explicit verification. Blocking initial access and discovery can shut down up to 84% of cyber threats.
Part 3: Microsegmentation Simplified: Stopping Lateral Movement Without Firewall Headaches
Tagline: The Engineer's Guide to Least Privilege. Architect blast-resistant networks without expensive hardware or production downtime.
The major threat in flat OT networks is the rapid, catastrophic spread of an intrusion, known as the "blast radius" problem. This session addresses the operational challenge of achieving microsegmentation without the complexity and cost associated with traditional, hardware-based firewalls, which are prone to misconfiguration. We will demonstrate Software-Defined Microsegmentation, detailing how authenticated, encrypted, peer-to-peer (P2P) tunnels are used to create granular secure zones and conduits, enforcing the principle of least privilege. This approach aligns with industrial segmentation standards (IEC 62443) and can be rapidly scaled across multi-site environments without downtime.
Part 4: Secure the Outsider: Zero Trust for Remote Vendors, AI Agents, and the OT Supply Chain
Tagline: The highest risk is outside your walls. Master time-limited access and identity for third parties and autonomous systems.
The highest-risk access scenarios often originate from outside the organization’s walls, including compromised third-party vendor accounts and the new, machine-speed threat introduced by autonomous AI agents. This session provides prescriptive guidance on securing remote maintenance access, focusing on core ZTNA controls:
Time-Limited Access Control, Least Privilege Enforcement, and central session logging for audit trails. We will also explain how ZTNA is the ideal control plane for securing
Non-Human Identities (NHIs) like AI agents, ensuring they are contained to their designated task segment.
Join Us:
We invite all OT engineers, CISOs, and security professionals managing critical infrastructure to register for this essential series. It’s time to move past legacy IT security thinking and engineer true resilience into your OT environment.
Invisible OT: https://us02web.zoom.us/webinar/register/WN_YkZB_5vsTqmh28uUsOrUeg
Beyond Phishing: https://us02web.zoom.us/webinar/register/WN_obfnK8CeSz2rOdEiyipQNQ
Microsegmentation Simplified: https://us02web.zoom.us/webinar/register/WN_KJA5QqhpQx2us1bhZoATkA
Secure the Outsider: https://us02web.zoom.us/webinar/register/WN__R4CForPSraUdvv4zC5cvA
Experience the simplicity of BlastShield to secure your OT network and legacy infrastructure.
.svg)