OTWarden Blog

ICS vulnerability insights, advisory analysis, and practical OT security guidance.

This Week in ICS Security — 2 June 2026

2026-06-02 · OTWarden

32 ICS security advisories published this week (6 critical, 7 high severity). Here are the ones that matter.

Read more →

NIS2 Article 21 and Vulnerability Management for OT Environments

2026-05-27 · Nicki Rough

What Article 21 of the NIS2 Directive actually requires from essential entities on vulnerability handling, and what that looks like in practice for OT/ICS operators.

Read more →

This Week in ICS Security — 26 May 2026

2026-05-26 · OTWarden

21 ICS security advisories published this week (4 critical, 4 high severity, 1 actively exploited). Here are the ones that matter.

Read more →

PMS Vulnerabilities at Sea: What Maritime Engineers Miss (And Why It Matters)

2026-05-20 · Nicki Rough

Power management systems are among the most security-relevant OT systems on a vessel, yet they're often overlooked in cybersecurity assessments. Here's what maritime engineers need to know about PMS vulnerabilities and maritime PLC security.

Read more →

This Week in ICS Security — 19 May 2026

2026-05-19 · OTWarden

86 ICS security advisories published this week (16 critical, 15 high severity, 3 actively exploited). Here are the ones that matter.

Read more →

This Week in ICS Security — 12 May 2026

2026-05-12 · OTWarden

38 ICS security advisories published this week (1 critical, 7 high severity). Here are the ones that matter.

Read more →

IACS UR E26 and E27: What Shipbuilders and Owners Need to Know

2026-05-06 · Nicki Rough

IACS Unified Requirements E26 and E27 apply to newbuild ships contracted on or after 1 July 2024. Here's what they require from shipyards, equipment suppliers, and ship owners — and what vulnerability monitoring has to do with it.

Read more →

This Week in ICS Security — 5 May 2026

2026-05-05 · OTWarden

42 ICS security advisories published this week (3 critical, 16 high severity). Here are the ones that matter.

Read more →

This Week in ICS Security — 28 April 2026

2026-04-28 · OTWarden

30 ICS security advisories published this week (6 critical, 3 high severity). Here are the ones that matter.

Read more →

IMO 2021 and ICS Vulnerability Management: What Ship Operators Actually Need to Do

2026-04-25 · Nicki Rough

IMO Resolution MSC-FAL.1/Circ.3 required cyber risk management in SMS systems from January 2021. Five years on, most operators still treat it as a checkbox. Here's what it actually means for managing ICS vulnerabilities on your vessels.

Read more →

This Week in ICS Security — 21 April 2026

2026-04-21 · OTWarden

33 ICS security advisories published this week (3 critical, 1 high severity). Here are the ones that matter.

Read more →

Siemens ProductCERT vs CISA ICS-CERT: Which Security Feed Should You Monitor?

2026-04-01 · OTWarden

Siemens publishes its own security advisories through ProductCERT before CISA republishes them. If you run Siemens equipment, here's what the difference means for your alert timing.

Read more →

ICS Patch Management: Why OT Teams Can't Use the Same Process as IT

2026-03-25 · OTWarden

IT patch Tuesday doesn't work in OT. Here's why ICS patch management is different, what a realistic process looks like, and how to track it without adding headcount.

Read more →

NERC CIP Vulnerability Management: What You Need to Document

2026-03-11 · OTWarden

CIP-007 and CIP-010 require documented vulnerability management processes. Here's what auditors look for and how to build an audit trail without adding headcount.

Read more →

Why ICS Teams Need Filtered CISA Alerts, Not More Noise

2026-02-19 · OTWarden

CISA publishes hundreds of ICS advisories per year. Most teams either ignore them or drown in them. There's a better way.

Read more →