RubyComm Ltd is a leading provider of OT cybersecurity solutions to protect industrial systems, critical infrastructure, commercial facilities, smart buildings.rubycomm.com Raanana, Israel and Boston, MAJoined May 2024
When an IT Network Halts a Physical Harvest: The Interdependency Vulnerability.
The June 2026 disruptive ransomware attack on Mackay Sugar, Australia’s second-largest raw sugar producer, serves as a critical case study in the vulnerability of modern agri-industrial infrastructure.
Executing just days into the 2026 sugarcane crushing season, the threat group known as The Gentlemen (Storm-2697) successfully forced the immediate shutdown of the Farleigh and Racecourse mills in Queensland, bringing harvesting and regional cane haulage to a complete standstill.
To preserve basic equipment safety, operators were forced to pull the plug and revert to highly constrained, manual crushing operations just to process existing inventory.
Agribusiness related manufacturing is a particularly sensitive industry to OT cyber attacks because seasonal crops that are harvested may not survive the downtime caused by the remediation lifecycle which can take days or weeks.
Moving Beyond Passive Detection
This incident proves that passive visibility dashboards and standard perimeter firewalls are insufficient against self-propagating, automated threat vectors. Once a worm gains an initial foothold, it exploits unsegmented pathways to bridge the gap between enterprise networks and production environments.
True operational resilience requires stopping lateral movement before it reaches critical process boundaries.
The Rubyk-OT platform is engineered specifically to enforce strict, hardware-driven micro-segmentation. By installing palm-sized, ruggedized appliances at close proximity to your critical asset boundaries, you create an immutable barrier that isolates control environments from enterprise-level compromises. Even if the corporate network goes dark, your physical production line stays online.
Fast-Tracking CRA Compliance for Industrial Equipment SME Manufacturers
The countdown to the December 2027 Cyber Resilience Act (CRA) enforcement deadline is officially a primary concern for industrial equipment manufacturers.
ENISA’s June 2026 small and medium sized enterprises CRA Survey Report highlights a critical bottleneck : 47% of organizations expect severe difficulties integrating baseline security-by-design principles into their product lines due to resource constraints. The underlying data reveals deep operational gaps:
-The Engineering Gap: Only 24% of companies currently implement threat modelling, despite it being an explicit requirement for in-scope digital products.
-The Resource Constraint: 56% cite the cost of implementation, and 61% cite limited staff and time as primary hurdles to compliance.
The SME OEM Solution for this Bottleneck: Compliance at Close Proximity
Industrial OEMs do not have the time or the resource capacity to stop product roadmaps and rewrite the firmware architecture of legacy controllers, edge nodes, or smart machinery.
By integrating @RubyCommCyber1's Rubyk-OT directly into your equipment designs, you offload the core technical requirements of the CRA without altering your underlying codebase. Rubyk-OT acts as an embedded, hardware-enforced shield that brings your industrial equipment or hardware into alignment with the technical CRA cyber security requirements.
Do not let internal development constraints compromise your access to the EU market. Offload the main burden of structural CRA compliance to a dedicated physical layer by partnering with RubyComm to secure your OEM architecture.
Voluntary Cyber Frameworks Didn't Fail Because of Bad Intentions. They Failed Because of Modern Warfare.
For over a decade, sovereign governments relied primarily on voluntary cybersecurity guidelines and advisory performance goals to safeguard critical infrastructure. The operational consensus was that asset operators understood their own specific factory floors or utility substations best.
Geopolitical realities have completely dismantled that assumption. As state-sponsored adversaries shifted from corporate data espionage to active pre-positioning inside critical civilian infrastructure, Western regulators realized a stark truth: a localized vulnerability at a single regional utility can create a systemic national security crisis.
The ongoing rollout of hard regulatory mandates such as localized NIS2 enforcement acts and the upcoming vulnerability notification milestones of the EU Cyber Resilience Act (CRA) is a direct reaction to this vulnerability.
The New Regulatory Reality:
Corporate Liability -> Personal, executive-level accountability for security failures.
Passive Monitoring -> Legally mandated, active risk-mitigation architecture.
Vendor Sovereignty -> The power to completely exclude non-compliant suppliers from the market.
Governments are no longer politely asking industrial operators to secure their perimeters. They are legally mandating protocol integrity, supply chain transparency, and structural resilience across the entire lifecycle of physical assets.
The Rubyk-OT platform was engineered precisely for this era of strict enforcement. By providing a hardware-enforced, asset-level security posture that aligns with such regulations and standards, we help industrial enterprises move from reactive compliance audits to verifiable operational defense.
When we think about data center security, we usually picture firewalls protecting servers and databases. But a new report highlights a far more physical, often overlooked vulnerability.
A recent study by the threat research team at Claroty, covered this week by SecurityWeek, uncovered critical security flaws in widely deployed HVAC controllers and UPS network cards.
Chaining these vulnerabilities can give external threat actors remote code execution and complete control over building management systems.
An HVAC failure in a data center isn't a matter of discomfort. It can trigger immediate thermal shutdowns, destroys expensive hardware, and leads to millions of dollars in operational losses.
This is the stark reality of IT/OT convergence. The physical assets built to keep infrastructure running smoothly are now network-connected, making them direct targets. Yet, keeping every legacy or third-party component perfectly patched is an endless, complex race for security teams.
A different approach to defending physical infrastructure is required and this is precisely why we developed Rubyk-OT. Instead of overcomplicating your network architecture or waiting in fear for the next critical patch cycle, Rubyk-OT introduces a compact, hardware based security layer that connects directly in-line with your physical assets.
By enforcing granular micro-segmentation and protocol-aware threat prevention, it completely insulates critical infrastructure (e.g. HVACs, UPS systems, and building automation controllers) from unauthorized remote access. It provides enterprise-grade protection for both new and legacy equipment without disrupting operations.
Securing your facility’s backbone shouldn't require an army of specialized network engineers.
Link to the full article:securityweek.com/critical-hvac-…
Most NIS2 readiness work is paperwork. That does not mean your organization is compliant.
Documentation is required, audit-relevant, and a real part of compliance. But here is the pattern we keep seeing: companies invest six figures in NIS2 policies, then a penetration test finds an OT network that is flat, unsegmented, and reachable from a contractor laptop.
The gap is the difference between a control that is described and a control that is enforced.
NIS2 Article 21 requires "appropriate technical measures." Regulators across Germany, France, Poland, and Italy are signaling they want to see how those measures actually run, not just how they are written down.
Three questions worth answering before your next audit:
- Can you show real, hardware-enforced segmentation between IT and OT?
- Can you produce OT-side traffic logs a regulator will actually accept as evidence?
- If a Tier 1 customer asks for proof of OT controls, can you deliver it within a week?
If any of those answers are uncertain, the gap is technical, not procedural.
And most importantly, senior management is now personally accountable for cybersecurity risk management; not the CISO and not the IT Dept.
Your CISO is doing everything right. You can still be personally held liable for failing to comply with NIS2.
NIS2 regulations made one change most executives missed: senior management is now personally accountable for cybersecurity risk management. Not the CISO. Not IT. It is the people who approve and oversee the budget.
In some jurisdictions, this even means top executives face temporary management bans if compliance fails.
That changes the boardroom conversation entirely.
We talk to plant directors who say, "we have firewalls." We talk to their boards who ask, "how do we prove segmentation between IT and OT to a regulator after an incident?"
These are different questions with very different evidence requirements.
Documentation is not proof. A policy that says "OT networks are segmented" is not the same as a device that physically enforces it.
If your board is asking harder questions about OT this quarter, the gap they are trying to close is between what is written and what is operating.
That is a hardware question, not a policy one.
This week @RubyCommCyber1 had the honor of participating in the Israeli Water Authority's course for emergency and water security facility managers, where our CRO, Aviad Marco, spoke on the cyber protection of physical security systems.
The cameras, access readers, gate controllers and intercoms installed across our facilities are no longer passive analog devices. Each one is a networked computer with its own firmware, stored credentials and a live network connection, and that connection often sits on the same network as the industrial controllers running the site. A modern security camera is a networked computer with a lens, and a single neglected one can become an attacker's easiest way in.
This is exactly the problem RubyComm was built to solve. We help operators see these devices for what they really are, close the openings they create, and keep video and physical security systems from turning into the weakest link in an otherwise protected environment. As these systems spread across critical environments, closing that gap only grows more urgent.
Big thank you to Danny Laker, Head of Security, Emergency and Cyber at the Israeli Water Authority, for the invitation and for running an excellent program, and to Yossi Mor and Guy Farag for putting it all together. Thanks as well to the Israel National Cyber Directorate and to the water sector security managers who took part in the discussion.
Keeping our national water systems safe is a collective effort, and we're glad to be part of it.
Are gas stations the next underbelly of operational technology (OT) cyber attacks?
Last week, eight @USAGov , including @CISAgov , the @FBI , the @NSACyber, and the @EPA , issued a joint advisory on automatic tank gauge (ATG) systems (CISA and Partners Urge Hardening Automatic Tank Gauge Systems, June 2 2026). The concern: internet-exposed ATGs are being compromised, with attackers executing commands as though they were standing at the console.
ATGs quietly monitor fuel and liquid levels, temperature, and leaks across the energy, chemical, food and agriculture, and transportation sectors. When one is manipulated, the risk goes beyond bad data. It means disabled alarms, masked leaks, and potential physical consequences.
The advisory's core guidance is sound: get these systems off the open internet and lock down credentials. The hard part is operational. Most operators depend on ATGs for remote monitoring, so "disconnect it" runs straight into "but we need to see it."
That tension is the real OT security problem. Connectivity is a business requirement, not a mistake. The useful question is how to keep the data flowing out while making unauthorized commands physically impossible, instead of trusting a password to hold the line.
That's the problem we think about every day at @RubyCommCyber1 .
The deadliest vulnerability in your hospital isn't on your IT network. It's in your basement, utility rooms, and backup electric generator.
While traditional IT security guards patient records and email servers, the medical gas pipelines, backup power grids, water filtration systems, and HVAC units regulating sterile environments remain dangerously exposed.
This is healthcare's operational blind spot, where a cyber incident stops being a data problem and becomes a physical safety emergency. Passive monitoring might alert you after a facility's power management system or climate control is compromised, but by then, it’s already too late.
At @RubyCommCyber1 , our Rubyk-OT appliance shifts the paradigm from observation to active enforcement. We protect critical hospital infrastructure, from modern building management systems to decades-old mechanical assets, in an enterprise-grade protection layer that operates silently in the background.
Read our latest blog to learn why the operational spine of healthcare needs to be protected: rubycomm.com/post/the-clini…
ENISA's new NIS360 report (May 2026) delivered a quiet but important verdict on water: both drinking water and waste water have now moved into the cybersecurity "risk zone," ranking among the least mature of all 22 high-criticality sectors assessed under NIS2 in Europe.
The findings describe an approach to cyber risk that is still largely reactive and ad hoc, held back by legacy systems, limited visibility into OT infrastructure, and a shortage of skilled people. In plain terms, two sectors that society depends on every single day are now more exposed than they are prepared to manage.
What stands out across the report is how consistent the OT story is. Whether it is water utilities, energy operators, or rail, ENISA points to the same pattern: legacy operational technology that was never designed with security in mind, patching that is rarely timely or feasible, and growing reliance on remote and third-party access. The recommended next steps, OT asset visibility, tighter governance of supplier and remote access, and non-disruptive testing suited to live environments, are exactly the gaps keeping operators awake at night.
This is the problem @RubyCommCyber1 built Rubyk-OT to solve. Hardware-enforced protection that sits in front of legacy OT assets, simplifying segmentation and remote-access control without forcing utilities to rip out equipment they cannot easily replace. If you operate or advise water or energy infrastructure and the NIS360 findings feel a little too familiar, the RubyComm team is always happy to discuss what practical OT defense looks like in the field.
Source: ENISA NIS360, Latest insights in the cybersecurity maturity and criticality of NIS sectors of high criticality (May 2026)
Yet another wake-up call for water and energy operators.
On April 7, the FBI, CISA, NSA, and EPA issued an urgent joint advisory: Iranian-affiliated cyber actors are actively targeting PLCs and SCADA systems at drinking water, wastewater, and energy facilities across the United States. Real disruptions. Real financial losses. Right now.
These aren't sophisticated zero-day attacks. They're exploiting PLCs that are simply exposed to the internet with no MFA, no network segmentation, no monitoring.
The fix doesn’t have to be complicated. It's often a matter of knowing where to look and what to do first.
That's exactly what @RubyCommCyber1 does. We help water and energy operators simplify their OT cybersecurity by cutting through the noise to protect what matters most: the systems that keep our communities running.
Is your facility prepared? Talk to us so we can find out together.
Link to joint advisory can be found in comments section: ic3.gov/CSA/2026/26040…
Healthcare cybersecurity has become a conversation about EHRs, identity, and ransomware drills.
That framing leaves the larger attack surface unaddressed.
A modern hospital sits on a dense layer of operational technology that has nothing to do with patient records. HVAC for sterile zones and operating theaters. Building management systems. Power distribution and backup generators. Medical gas. Water systems. Access control. Fire safety. Elevators. Each is a networked endpoint with a clinical consequence if it fails or is manipulated.
There is no question who is responsible for the building. We believe that hospital managers should not wait and can move on infrastructure security today.
The picture is far less clear for medical devices, where security responsibility is split between manufacturers, biomedical engineering, IT, and clinical leadership, with no single party in a position to act alone.
Last week our CTO Shlomi Marco delivered a lecture at @ShaareZedekMed on this gap. The engagement in the room reinforced what we have been hearing across the sector: hospital security leaders know the OT problem is real, and they are looking for controls that match the operational reality of a 24/7 clinical environment.
A sincere thank you to the team at Shaare Zedek for hosting the discussion.
A water utility in Monterrey, Mexico just narrowly avoided becoming the first publicly documented AI-assisted OT compromise.
Dragos published the post-mortem last week. It deserves to be read by every water sector CISO.
The attacker did not have ICS expertise. They had commercial AI. Within hours of compromising the IT network at Servicios de Agua y Drenaje de Monterrey (SADM), the AI had:
Mapped the entire enterprise environment.
Identified the vNode SCADA gateway as the highest-value pivot into OT.
Built a 17,000-line Python framework with 49 attack modules.
Generated a tailored password spray against the IT-OT boundary.
The attack failed at the authentication layer. This time.
The Dragos finding the water sector needs to internalize: AI did not invent new offensive tradecraft. It compressed weeks of expert operator work into hours of prompt engineering. The barrier to attempting an OT compromise just collapsed.
Two implications for utility operators:
One. Your IT-OT boundary is now under continuous, AI-accelerated reconnaissance the moment your IT network is touched. Software firewalls, credential policies, and segmentation rules are exactly the artifacts AI is best at enumerating and bypassing.
Two. Hardware-enforced boundaries are structurally different. They cannot be reconfigured by a compromised admin, rewritten by a generated script, or unlocked with a stolen credential. The constraint lives in the silicon, not in a config file.
Rubyk-OT was built for this exact scenario. A hardware-enforced appliance sitting between IT networks and OT control systems for water, energy, and critical infrastructure operators. When the IT side falls, and Dragos is making clear it eventually will, the OT side holds on physics, not on policy.
dragos.com/blog/ai-assist…
The Pre-Positioning Era: Rethinking OT Defense
For two decades, OT security has been built on a single assumption: the adversary is outside, and our job is to detect their arrival. Recent developments make it clear that this assumption no longer holds.
Nation-state actors are no longer racing toward disruption. Instead they are quietly pre-positioning inside critical infrastructure networks, sometimes for years, waiting for a moment of geopolitical choice. Against an adversary who is already inside and produces no anomalies until they decide otherwise, detection-centric defense is structurally insufficient, and the center of gravity must shift from observation to constraint.
The defensive question is no longer "how will we see them when they arrive," but "what can they do if they are already here."
For a deeper look into the architectural shifts and the implications for Israeli defense, read the full piece here:
rubycomm.com/post/the-pre-p…
We are proud to share that @RubyCommCyber1 CEO, Shlomi Marco, has been featured in Edition #70 of the ICS Cyber Bulletin (@Israel_Cyber and ICNL).
His latest piece, "The Pre-Positioning Era: Rethinking OT Defense for an Adversary Who Is Already Inside," explores the critical shift in OT threats for 2026 with key takeaways as follows:
The Silent Threat: Modern nation-state actors (like Volt Typhoon) no longer seek immediate disruption. They prioritize quiet, persistent access, waiting for the "perfect" moment to strike.
The Detection Gap: Traditional defense is built for "noisy" attackers. Pre-positioning hides in plain sight—initial access looks like a vendor login, and lateral movement mimics routine engineering.
From Observation to Constraint: We must move beyond detection. True resilience requires enforcing least functionality at the protocol level and eliminating implicit trust at the IT-OT seam.
Read the full analysis on rethinking OT defense in the link in the first comment.
Solar inverters are no longer passive hardware.
They're networked, software-defined, and embedded in supply chains nobody can fully verify.
In 2025, U.S. officials reported finding undocumented comms modules in some Chinese-made inverters and batteries.
That changes the OT security calculus.
Full piece: rubycomm.com/post/the-backd…
When a tier-2 supplier gets compromised, it stops being their problem within hours. It becomes a production, contractual, and reputational problem for every manufacturer downstream.
That is the question our CEO Shlomi Marco is taking on at @IndustCybersec Days Manufacturing 2026 this Wednesday, May 13.
Session: The Cybersecurity Gap: Why SMB Manufacturers Cannot Be Left Behind
Time: 14:15 CEST
Format: Virtual, Free
Across Europe, small and mid-sized manufacturers sit deep inside the supply chains of the continent's largest industrial players, but operate with a fraction of the cybersecurity budget, expertise, and infrastructure renewal cycle. The result is a structural exposure that the larger enterprises inherit by default.
Shlomi will share what @RubyCommCyber1 sees across discrete and process manufacturing deployments, and outline practical ways to close the gap without compromising production continuity.
Register here: industrialcyber.co/industrial-cyb…
The most striking finding in the Dragos 2026 OT/ICS Year in Review may also be the simplest one.
Thirty percent of their 2025 incident response engagements began not with a detection alert, not with a ransom note, but with someone on the plant floor flagging that something looked off.
In the majority of those cases, the telemetry needed to determine whether cyber was involved had never been collected.
This is the operational reality of OT cybersecurity today. OT network data behaves differently than IT logs. Commands flow, the physical process responds, and the evidence of what happened disappears within seconds unless something was actively capturing it. You cannot investigate what was never recorded.
A growing number of asset owners are now publicly stating that incidents had nothing to do with cyber, not because they ruled it out, but because they had no data to rule anything in or out.
Dragos estimates fewer than 10 percent of OT networks worldwide have meaningful monitoring in place. And this is the gap behind every serious conversation about resilience and compliance with frameworks such as NIS2, NERC CIP-015, IEC 62443, and the EU Cyber Resilience Act (CRA) which have strict reporting requirements.
This is why we built Rubyk-OT the way we did: to support incident response with factual information from real-time events.
The harder question for every operator of critical infrastructure right now is not whether you have an EDR upstream or a firewall at the perimeter. It is whether, on the morning someone in the control room says something seems wrong, you will have the data to answer them.
RubyComm - Simplified OT Cybersecurity.
1K Followers 3K FollowingDevOps, SecOps , AI Implementation AI is more than just intel, it's your new SysAdmin. Automating workflows, securing the stack, and redefining Red/Blue teaming
561 Followers 2K FollowingQualstar Corporation (OTC: QBAK) founded in 1984, manufactures and markets data storage system products and compact, high-efficiency power solutions.
582 Followers 2K Following"When a clown moves into a palace, he does not become a king. The palace becomes a circus." Follow me and I will follow back (unless you are a scam).
353K Followers 49 FollowingOne of the most widely read and trusted cybersecurity news sites, providing IT security professionals informed insights into the latest news and trends.
561 Followers 2K FollowingQualstar Corporation (OTC: QBAK) founded in 1984, manufactures and markets data storage system products and compact, high-efficiency power solutions.
62K Followers 764 FollowingCSO serves enterprise security decision-makers and users with the critical information they need to stay ahead of growing threats & defend against cyberattacks.
1K Followers 747 FollowingThe medtech and digital health cluster pools leading national and international partners from the healthcare area.
https://t.co/QTq35AzSI0
143 Followers 190 FollowingSomos un movimiento empresarial con el objetivo de unir el ecosistema empresarial de Quintana Roo y dar voz a todos los sectores a lo largo del territorio.
58 Followers 14 FollowingThere are no rules in a cyber war. The battleground is digital, but the impact is human. This is the untold story of defenders on the front lines.
299K Followers 73 FollowingPart of @CISAgov, we respond to major incidents, analyze threats, and exchange critical cybersecurity information with partners around the world.
43K Followers 310 FollowingMaking the world a better place through education, research and innovation. Supporting students and communities to thrive economically, socially and culturally.
5K Followers 1K FollowingLeading network for transport innovation in European Cities 🇪🇺 to transition to a sustainable and liveable urban mobility 🌱
👉🏼 Part of @EITeu #TMWC26
2K Followers 916 FollowingA public radio show about all things cyber & intelligence from @TheRecord_Media and @PRX. Hosted by @nprDina. Comments/Pitches at [email protected]
1.2M Followers 0 FollowingNational Security Agency/Central Security Service official account, home to America's codemakers and codebreakers. Likes, retweets, and follows ≠ endorsement.
17K Followers 601 FollowingOver 13,000 ASTM standards operate globally. Defined and set by us, they improve the lives of millions every day - helping our world work better.
40K Followers 747 FollowingWelcome to the official account of Stratasys Ltd. (NASDAQ: $SSYS). Follow us for the latest Stratasys news. #Makeadditiveworkforyou
12K Followers 11K FollowingCanada's largest cybersecurity member network with over 11,500 members and Canada's largest cybersecurity jobs portal. https://t.co/cslwvqRCuS
7K Followers 2K FollowingWe are the voice of the Energy Storage Industry in Canada. Nous sommes la voix dans l'industrie du stockage de l'énergie au Canada. #EnergyStorage #ESCCon2025
3 Followers 0 Following360Compliance is a leading testing and certification laboratory, providing true one-stop testing and certification services from start to certificate.
40K Followers 720 FollowingPlease use this hell site as sparingly as possible. Elmo can't be allowed to succeed. Follow me on Mastodon @[email protected]
145K Followers 451 FollowingWe are the National Cyber Security Centre – part of the UK’s intelligence & cyber agency @GCHQ. We help to make the UK the safest place to live and work online.