by Gary Mintchell | Dec 9, 2025 | Embedded Control, Security
I met a new neighbor the other day. We talked a bit about what we had done in our prior employment lives. Turns out she has a friend who gave her a copy of his book. She loaned Software Test Attacks to Break Mobile and Embedded Devices by Jon Duncan Hagar to me to read. It’s 10 years old, but it seems quite contemporary. (Not that I’ve done any embedded systems programming for decades.) The book is also thorough.
After reading through it, this press release dropped into my mailbox about yet another report from a security company. If they don’t scare you into taking action on software security, they’ve overestimated their impact. Using AI as a programming assistant is all the rage currently. Reports indicate that there are good uses, but also that you had best not use AI-generated code as your final build.
This 2025 report investigates AI adoption and the security of AI-generated code in critical embedded systems. It is certainly timely.
RunSafe Security, a pioneer of cyberhardening technology for embedded systems across critical infrastructure, announced the release of its 2025 report, AI in Embedded Systems: AI Is Here. Security Isn’t. The report is a snapshot of how artificial intelligence (AI) usage is unfolding across embedded software development and provides insights into what the data means for engineering, product, and security leaders who are integrating AI into their workflows.
Surveying more than 200 professionals throughout the US, UK, and Germany who work on embedded systems in critical infrastructure, the report reveals that AI-generated code is already running in production across medical devices, industrial control systems, automotive platforms, and energy infrastructure. The report finds that AI has quickly moved from an experimental curiosity to an operational reality in embedded systems development. While adoption races forward, security concerns loom large.
Here follows the obligatory quote.
“AI will transform embedded systems development with teams deploying AI-generated code at scale across critical infrastructure, and we see this trend accelerating,” said Joseph M. Saunders, Founder and CEO of RunSafe Security. “Our report reveals an industry at an inflection point, where transformation is happening faster than security practices have evolved. Organizations that navigate it successfully will be those that maintain the same rigor with AI-generated code that they’ve traditionally applied to human-written code while also recognizing that AI introduces new patterns, risks, and security requirements. At RunSafe Security, we provide greater visibility into software and risk so organizations can properly manage their security while deploying AI in embedded systems.”
RunSafe Security’s report highlights the following key findings:
- AI is already widely used in embedded software development workflows:
- 80.5% of respondents currently use AI tools in embedded development
- 83.5% have deployed AI-generated code to production systems
- 93.5% expect usage to increase over the next two years
- Risk from AI-generated code is widely recognized, but framed as manageable if organizations modernize:
- 53% of respondents cited security as their top concern with AI-generated code
- 73% rated cybersecurity risk as moderate or higher
- Runtime resilience is a central pillar of embedded security:
- Runtime protection for AI-generated embedded software is rated “highly important” by most respondents
- 91% of respondents plan to increase investment in embedded software security over the next two years
- 60% already use runtime protections to address memory safety vulnerabilities
Click on the Follow button at the bottom of the page to subscribe to a weekly email update of posts. Click on the mail icon to subscribe to additional email thoughts.
by Gary Mintchell | Dec 3, 2025 | Security
Jennifer Faylor from Inductive Automation wrote this blog—Ignition 8.3 Pro Tips: Supercharge System Security—a few weeks ago offering some security tips for users of Ignition. There’s more. Check out the blog for the entire essay.
She begins, “In honor of Cybersecurity Awareness Month, this blog will delve into some of the Ignition 8.3 features that help you better secure your systems.”
The new industrial Secrets Management feature in Ignition 8.3 enables you to store secrets securely and protect them from unauthorized parties — a game-changer if you’re looking to boost SCADA password security. And coming soon in Ignition, you’ll also be able to integrate with third-party secrets management platforms such as HashiCorp Vault.
With Ignition 8.3, you get multiple layers of control system threat protection that align with the latest industrial cybersecurity standards to keep your data and assets safe. To highlight some of the new features: we’ve expanded functionality for LDAP authentication security by enabling extra LDAP attributes to be defined for the Active Directory, AD/Database Hybrid, and AD/Internal Hybrid user sources. We’ve also added two additional properties for nested group membership lookup and group role attributes for the Active Directory user source. Three new properties are now available for Ignition Internal Authentication: “Prohibit Password,” “Prohibit Username,” and “Maximum Consecutive Repeated Characters.” And the Administrator role is now automatically listed under the Authenticated/Roles security level when installing a fresh gateway.
The new security features also enable integrators to have visibility of a system’s configuration, while still maintaining good security for the system.
You can majorly step up your SCADA communication security thanks to one important new 8.3 feature: more secure data serialization with Remote Procedure Call (RPC) technology that uses Google Protobuf instead of Java serialization.
by Gary Mintchell | Nov 13, 2025 | Manufacturing IT, Security
Rockwell Automation has upgraded its cybersecurity offering for operations technology (OT) applications. Executives touted how Rockwell’s roots in operations roots its cybersecurity offering more naturally in the plant than IT-oriented solutions overlaid at a recent media briefing. They noted its OT-designed platform and security services empower industrial organizations to reduce risk, maximize uptime and simplify compliance across the full cybersecurity lifecycle.
Rockwell Automation announced the launch of SecureOT solution suite, a comprehensive industrial cybersecurity offering designed to help manufacturers and critical infrastructure protect critical operations and build secure environments.
As industrial operations become increasingly connected, organizations are facing a sharp rise in cyber threats targeting operations technology (OT) systems. Many legacy systems were never designed with cybersecurity in mind, and traditional IT tools often fail to protect complex, aging industrial environments. SecureOT was developed to close the gap, helping organizations secure their OT infrastructure with technology and expertise built for the realities of modern industrial operations.
SecureOT brings together Rockwell Automation’s purpose-built SecureOT Platform, professional services and managed security services into a unified solution that delivers end-to-end protection for complex, aging and highly regulated industrial systems.
- SecureOT Platform delivers real-time asset visibility, risk prioritization and vulnerability management across diverse vendor ecosystems.
- Through its professional services, SecureOT offers strategic advisory, assessments and implementation support to help organizations strengthen their security posture. Its managed security services provide continuous 24/7 monitoring and incident response from Rockwell’s dedicated OT Security Operations Center (SOC) and Network Operations Center (NOC).
- SecureOT aligns with globally recognized frameworks, including NIST CSF, NIS2 and IEC 62443, and takes a vendor-neutral approach to securing industrial control systems and technology stacks.
Use case examples:
- A leading oil & gas producer achieved full OT asset visibility and remediated critical risks across remote operations in just six months.
- A large beverage manufacturer migrated their aging industrial network and compute installed base to a fully managed and supported infrastructure across more than 150 sites globally.
- An energy company doubled its NIST CSF maturity scores while delivering measurable ROI to executive leadership.
- A power utility gained secure, real-time visibility into remote substations – achieving NERC CIP compliance and reducing costs through agentless monitoring.
Click on the Follow button at the bottom of the page to subscribe to a weekly email update of posts. Click on the mail icon to subscribe to additional email thoughts.
by Gary Mintchell | Nov 5, 2025 | Business, News, Security
More acquisitions in the market. Another cybersecurity company acquired. This one by Yokogawa. A lot of consolidation in the cybersecurity market. Among other things, Yokogawa cites this acquisition as creating a Digital Hub for Renewable Energy and Decarbonization.
Yokogawa Electric Corp. announced that it has acquired Intellisync, a provider of cybersecurity and digital transformation solutions, and WiSNAM, a developer of advanced grid control and energy management solutions. Both companies will be integrated into BaxEnergy, a wholly-owned subsidiary of Yokogawa that provides renewable energy management solutions. This will allow Yokogawa to expand its cybersecurity capabilities and advanced grid control products, and elevate its presence in the renewable energy sector through the creation of a digital hub.
Some background of the acquired companies.
Established in 2017, Intellisync’s expertise lies in cybersecurity as a service, defending customer assets against external threats and internal intrusions. It operates a dedicated 24/7 network and security operations center. Intellisync also offers vulnerability assessment, security testing, and consulting services covering digital transformation, data analytics, and artificial intelligence. By ensuring cybersecurity compliance across information technology (IT) and operational technology (OT) layers, this acquisition will accelerate Yokogawa’s ability to deliver robust cybersecurity solutions.
Established in 2010, WiSNAM specializes in hardware and software for controlling renewable and distributed energy resources. As one of WiSNAM’s flagship offerings, Power Plant Controller maximizes performance and yield in photovoltaic and hybrid plants by providing quick and precise data collection. It supports international grid codes* and offers high scalability, ranging from medium to large-scale installations, while ensuring the steady provision of grid-compliant power for medium and high-voltage systems.
Simone Massaro, CEO of BaxEnergy, said, “With these acquisitions, Yokogawa will accelerate the development of a new generation of software offerings that extend beyond renewable energy, delivering secure, high-performance solutions for decarbonization of energy-intensive industries.”
Koji Nakaoka, Yokogawa Electric executive vice president, executive officer, and head of the company’s Energy & Sustainability Business Headquarters, said, “By combining Intellisync’s 24/7 security operation and WiSNAM’s grid compliant Power Plant Controller, Yokogawa can offer end to end solutions that bridge IT and OT. The acquisition also strengthens Yokogawa’s software as a service (SaaS) and recurring revenue portfolio and accelerates the company’s shift toward digital transformation and autonomous operations.”
Click on the Follow button at the bottom of the page to subscribe to a weekly email update of posts. Click on the mail icon to subscribe to additional email thoughts.
by Gary Mintchell | Oct 29, 2025 | Business, Security, Technology
Greg Hale, writing in his newsletter from ISS Source:
While the cloud does not dominate the everyday mechanisms of the manufacturing automation sector, this week’s Amazon Web Services (AWS) outage shows a clear dependance on any one of the three main providers is something every organization needs to review. Only three cloud providers dominate the global market, and when any of them experience outages, the ripple effects are massive,” said Dewan Chowdhury, chief executive and founder of security provider, malcrawler. “Universities lose access to online portals. Restaurants cannot process digital orders. Critical infrastructure operators lose visibility into their devices. This concentration of control has created a fragile ecosystem where one failure can disrupt entire sectors.” Amazon said this week’s outage which occurred Monday was likely caused by issues related to its domain name system, or DNS, which converts website addresses into numeric ones, allowing websites and apps to load on Internet-connected devices.
I’m with the supposed root cause. I’ve recently had two major issues due to WPMU Dev dinking around with my DNS and IP addresses. One little change, and my website is down—and it’s up to me to trace the problem.
David Heinemeier-Hansen, CTO and co-founder of 37 Signals, recently reviewed the risk and costs involved with the company’s reliance on these cloud services. He concluded that for a company of their size, they were better off financially and with risk by building their own.
I’ve been in the midst of discussions in another arena with the same idea—risk management. These discussions have focused on data interoperability. A company allowing multiple proprietary data silos invites a higher risk profile from the inability to find and act on data prudently and promptly.
What are you doing to mitigate risk?
Click on the Follow button at the bottom of the page to subscribe to a weekly email update of posts. Click on the mail icon to subscribe to additional email thoughts.
by Gary Mintchell | Oct 13, 2025 | News, Security
Cybersecurity might be the most noted and least implemented technology in operations technology today. I’m reminded of the struggles for safety systems back in the day. We wanted people to be safe, but proving an ROI on something that doesn’t happen is tough. At any rate, I’m happy to see new cybersecurity capabilities releasing.
Dragos has announced Dragos Platform 3.0. The Dragos Platform’s new Insights Hub consolidates risk-based vulnerability, asset, and threat alerts into a single prioritized view, while streamlined workflows, AI-enhanced vulnerability processes, and smaller footprint deployment options dramatically reduce time-to-value for industrial organizations. A number of additional capabilities are included in 3.0 to simplify management and lower cost of operation.
“The cost of inaction is too high in OT. The latest updates to the Dragos Platform focus on giving industrial defenders the visibility, speed, and confidence they need to take action and reduce risk before incidents escalate,” said Robert M. Lee, CEO and co-founder of Dragos. “Alerts, detections, and recommendations are grounded in insights supported by Dragos OT threat intelligence, which is unmatched in the industry. We are helping organizations build operational resilience to ensure the industrial and critical infrastructure they defend is prepared for today’s threats as well as tomorrow’s.”
Dragos Platform 3.0 introduces new deployment options and cost models that make it possible to serve smaller sites with greater flexibility and accessibility. New device footprints, including a smaller STS-50 and combined Sensor/SiteStore, enable organizations to extend comprehensive OT visibility across their entire industrial footprint without compromising on security effectiveness. Expanded Active Collection supports a range of new use cases including air-gapped and intermittently connected sites, which extends visibility and vulnerability management to even the most isolated environments.
The Dragos Platform also features simplified management through centralized sensor configuration and administration, along with streamlined integration capabilities that enhance workflows with both OT systems and IT security operations.
For organizations seeking complete managed security, the Dragos Platform with OT Watch Complete provides expert-driven 24/7 security monitoring, ongoing platform tuning, proactive security hardening, threat hunting, and management of detections, triage, and investigation. The service helps customers strengthen defenses and realize value more quickly. Dragos is working with multiple partners to embed their service into their broader managed SOC / managed detection and response service, and also operates as a standalone offering.
Click on the Follow button at the bottom of the page to subscribe to a weekly email update of posts. Click on the mail icon to subscribe to additional email thoughts.
