27 Feb

4 Min read

Navigating Cybersecurity in Operational Technology: Insights from the Joint Cyber Defense Collaborative

February 27, 2025 Nok Nok News 0 comments

Navigating Cybersecurity in Operational Technology:
Insights from the Joint Cyber Defense Collaborative

The Joint Cyber Defense Collaborative (JCDC) released an important document titled “Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products.” This collaborative effort involves major players in cybersecurity, including the Cybersecurity and Infrastructure Security Agency (CISA), Germany’s Federal Office for Information Security (BSI), the UK National Cyber Security Centre, and the European Commission. The document is a significant step towards enhancing the cybersecurity posture for operational technology (OT) environments, which are increasingly vulnerable to cyber threats.

Some key takeaways from the document:
The JCDC’s recommendations provide a roadmap for OT owners and operators to make informed decisions when selecting digital products. Here are two critical points highlighted in the document:

1. Phishing-Resistant Multi-Factor Authentication (MFA)
One of the standout recommendations is the call for buyers to prioritize products that include phishing-resistant multi-factor authentication (MFA) in their baseline versions, underscoring the importance of robust authentication mechanisms in today’s threat landscape:

● Selection criteria: The baseline version of the product supports role-based access control (RBAC) and multifactor authentication (MFA), particularly for changes to safety-critical equipment.

● Questions to ask: Has the manufacturer eliminated or is working to eliminate the use of shared role-based passwords in their products? Is MFA included in the baseline version?

● Why this matters: Strong authentication allows for defense-in-depth and enables identity and access management best practices.

For organizations looking to comply with this guidance, solutions like the Nok Nok S3 Suite, the Authentication Cloud, and the IoT SDK are excellent options. These products offer advanced authentication capabilities that help mitigate the risk of phishing and man-in-the-middle attacks, ensuring that only authorized users can access critical systems and data. Implementing such solutions is a proactive step towards safeguarding operational technology environments.

2. Elimination of Default Passwords
Another critical focus of the document is the elimination of default passwords, which is listed as a key aim to achieve “Secure by Design” practices. Default passwords are often a weak link in cybersecurity, providing an easy entry point for malicious actors. The document stresses the need for organizations to move away from these vulnerabilities and adopt more secure password practices:

● Selection criteria: The product is delivered secure out of the box, resilient against the most prevalent threats and vulnerabilities, without requiring additional configuration from users or administrators.

● Questions to ask: Has the manufacturer eliminated or is working to eliminate default passwords?

● Why this matters: Insecure default settings expose asset owners to more risk and increase security costs.

Using the Nok Nok IoT SDK can significantly aid operational technology operators in this endeavor. The SDK facilitates the implementation of phishing-resistant authentication methods that do not rely on default passwords, thus enhancing the overall security of IoT devices and systems. By leveraging such technology, organizations can ensure that their OT environments are better protected against unauthorized access.

The Importance of Cybersecurity in Operational Technology
As operational technology systems become more interconnected and reliant on digital products, the need for robust cybersecurity measures has never been more critical. The recommendations put forth by the JCDC are not just best practices; they represent a foundational shift towards a security-first approach in the selection and implementation of digital products.
By prioritizing phishing-resistant MFA and eliminating default passwords, OT owners and operators can build a more resilient infrastructure capable of withstanding evolving cyber threats. The guidance provided in the JCDC’s document serves as a valuable resource for organizations looking to enhance their cybersecurity strategies and protect their critical assets.

Conclusion
The publication of “Secure by Demand” marks a pivotal moment for organizations involved in operational technology. As cyber threats continue to evolve, the emphasis on secure design principles and robust authentication mechanisms cannot be overstated. By following the recommendations of the JCDC and integrating solutions like the Nok Nok S3 Suite and IoT SDK, organizations can take substantial steps towards fortifying their defenses and ensuring the integrity of their operational technology environments. In a digital landscape fraught with risks, being proactive about cybersecurity is not just an option; it’s a necessity.

17 Aug

2 Min read

Test Drive the Nok Nok Passkey Authentication Solution

August 17, 2023 Nok Nok News 0 comments

Before you buy a new car, you test drive it. Sometimes you test drive lots of cars before you make a decision. Not all cars are the same, and they are definitely not the same as your old car. You want to see how the car drives, how the brakes work, cruise control, air conditioning and of course the all important safety features. It is the same when it comes to buying technology solutions – security is paramount. And equally important is the “look and feel” when the solution is customer facing. And now you can test drive the Nok Nok passkey authentication solution.

How often has customer experience ruined your relationship with a brand after the brand has changed an interface? Facebook changed its look and feel almost every two years and it drove their users nuts every time! But what if change made things much better and easier? Like when Apple introduced Touch ID? Nok Nok provides a passkey authentication solution that lets you authenticate your customers quickly and easily across mobile phones, desktop computers and tablets– all without passwords – a delightful change! It won’t look and feel like your old “car,” it will be better, and more secure!

And guess what? You can test drive Nok Nok when you sign up for a free trial. And learn more about how using a Nok Nok passkey authentication solution is the same regardless of your device when you watch the video. And btw – our video is shorter than test driving a car!

Free Trial

Watch Video

21 Jul

2 Min read

Cyber Hero Micro Briefing Series with Matt Topper

July 21, 2023 Nok Nok News 0 comments

Security, privacy and identity are very serious topics but the people beyond these technologies are human – they are creative and they find unique ways to solve the complex problems surrounding these topics. This week’s big blockbuster premiere coming in with a bang is “Oppenheimer”, the new Christopher Nolan movie starring Cillian Murphy as the infamous Robert Oppenheimer, father of the atomic bomb.

Although our Cyber Hero this week may not have created one of the most secretive, private and protected research sites on earth like Oppenheimer, he has built a space where users can scale, build resilience and safely and securely access the service. Matt Topper of UberEther is a big proponent of safety and security, and he believes high-level security should be accessible to everyone, not just a few scientists in Los Alamos.

While they are not guarding the secrets of the nuclear bomb, most regulated industries have incredibly high security requirements nowadays including multi factor authentication. Listen to Matt dissect the pros and cons of this kind of technology and its place moving forward.

Listen to Matt’s full podcast episode from earlier this week and subscribe to our blog to stay up to date on all the comics and podcasts premiering this summer in our Cyber Hero Origins series!

14 Jul

2 Min read

Cyber Hero Micro Briefing Series with Rolf Lindemann

July 14, 2023 Nok Nok News 0 comments

Could we ask for a better analogy? This week’s blockbuster premier is “Mission Impossible – Dead Reckoning Part One” with the always entertaining Tom Cruise. His character Ethan Hunt and the IMF must track down a dangerous weapon before it falls into the wrong hands. So too are the founders of the FIDO Alliance like Tom Cruise leaping tall buildings and racing through narrow alleyways to protect against “dangerous hackers” looking to get their hands on your passwords!

This week’s Cyber Hero is a little like Tom Cruise – Rolf Lindemann of Nok Nok – dashing and swashbuckling. Rolf has been there since the inception of the FIDO Alliance. Hear in his own words how the small group of people tackled one of the biggest problems still in the world of computing.

Imagine a group of individuals standing on the beach looking out at the ocean and being told you need to boil all the water. This is what it often felt like when the original founders of the FIDO specification and the FIDO Alliance went through the process of deciding where to begin to replace passwords. They all knew that no one company or person could solve the problem of weak, phishable passwords. But they knew something had to be done as the bandaids being applied to try to strengthen passwords were not working as $100s of millions of dollars were being lost to cybercriminals everyday.

Listen to Rolf’s full podcast episode from earlier this week and subscribe to our blog to stay up to date on all the comics and podcasts premiering this summer in our Cyber Hero Origins series!

26 Jun

6 Min read

AI Brings Need for Robust Security

June 26, 2023 Nok Nok News 0 comments

Title: AI Brings Need for Robust Security to the Next Level
By: Dr. Rolf Lindemann

New technologies often enable new business models. That is not a new observation. The latest new technology is (or more precisely the latest technological break-through has been made using) Artificial Intelligence or “AI”. Whenever the first signs of such new business models are visible, they trigger discussions around potential benefits and threats of the new technologies. The latest discussion that caught my attention was the potential (mis-)use of AI for running large scale attacks. I think it is worth putting that in perspective, because there is an underlying pattern here. If that catches your attention, you are invited to follow me…

Years back, the internet brought us search engines that made information available in an instant. To collect and keep updated all that information is an enormous and expensive effort (fixed cost), but it pays off since the cost per query is negligible but the revenue per search generates (advertising) revenue . This is typically called a scalable business model .

First phase of scalable attacks. What works “for good” often also works “for bad”, meaning that people with bad intentions can create scalable business models based on scalable attacks. We have seen those already. Back in 2013, hundreds of millions of passwords were stolen adding up to more than a billion stolen passwords at that time . In some way that was the first phase of scalable attacks. Those were focused on authenticating returning users. Nok Nok was one of the founding members of the FIDO Alliance that published FIDO Authentication specifications which protect against scalable attacks and hence brings robust security to authentication.

Second phase of scalable attacks was focused on knowledge-based authentication , i.e. asking for your mother’s maiden name, name of your first pet, your first car model, social security number etc. to then assume it is only you that could correctly answer those questions. Unfortunately, the search engines in the internet (see above) often can find the answer to such questions hence making it easy for attackers to create new accounts on behalf of a user. This is not really surprising as that type of information was not considered a secret by any party and as a result was shared frequently. Essentially breaking Identity Verification. As a result, the Federal Financial Institutions Examination Council (FFIEC) stated that identity verification generally shall not solely depend on knowledge-based questions . Document-centric identity proofing evolved as a response to this attack . This means that users scan their picture ID and their face and let a remote service verify they match.

Third phase of scalable attacks. When your mom calls you on the phone, how do you know it is her? First, you might see her phone number in the display of your phone. Second, you will recognize her voice, and third, during the call you will recognize the way she interacts with you. Now, maybe there is a number four: you will recognize her face when she uses a video call. So that makes four independent methods – that looks pretty secure. Maybe let’s not rely on the phone number as we know about the “Caller ID” spoofing attacks – yet another method lacking robust security: the Caller ID is not cryptographically tied to the phone line.

So, what about her voice? This is where AI comes in. You might have heard about DALL-E , the engine using a large-language model that creates images based on your instructions (and the hundreds of millions of images used for training). There is a similar engine called VALL-E, which simulates anyone’s voice after being trained with just 3 seconds of audio . When I first saw this technology being used in a Bond movie , I considered it “science fiction” – now it is real and might soon be easily available to anyone on the darknet.

What about mom’s face video? The publicly used term for that is “Deepfake”. There are very convincing examples available on the internet . The Chaos Computer Club (CCC), Europe’s largest association of hackers, demonstrated how to attack a prominent document-centric identity proofing service using such an attack . Again, these types of tools might soon be easily available to anyone on the darknet (or already are, but I have not checked).

So, the only security method that remains is the way she interacts with you. I am sure this interaction does not change that frequently, so someone observing it once will likely be able to replicate it using the tools mentioned above. Again, neither my voice nor a video recording of me are considered a secret. They are often even available on the internet. So methods that are only secure if no one can replicate such public information at the right time are not robust.

What are the “lessons learned” here? When it comes to security that is robust against scalable attacks, we cannot rely on the difficulty to create voices nor videos of other people. Instead, we really must use cryptographic methods directly backed by something the user possesses, like electronic ID cards and hardware backed wallets or indirectly backed by something the user possesses, like cloud wallets with strong proven security using strong user authentication backed by FIDO security keys, passkeys or similar .

The recent advances in AI make it very clear that we have to accelerate the shift towards robust security for all remote interactions as methods that were only theoretically attackable (but not practically attacked) before are practically attacked now (or will be in the near future). This shift towards robust security will then help us to keep fraud under control, accelerate business and provide peace of mind to users – getting us closer to the ePromiseland .

23 Jun

1 Min read

Cyber Hero Series – It’s a bird, it’s a plane, it’s Tushar!

June 23, 2023 Nok Nok News 0 comments

This week’s blockbuster premiere is a comedy, drama and a romance all wrapped in one with one of the perennial favorite actors, Tom Hanks – “Asteroid City.” And as is the case with any movie written and directed by Wes Anderson – there is a mix of styles and different time periods.

In today’s edition of the Cyber Hero Origins series, our second digital comic, we go back in time a little and look at how our Cyber Hero Tushar Phondge has spent a career eradicating passwords, working toward putting into the hands of individuals – not big companies – the control over the types of personal information that is shared. His mission – self-sovereign identity.

Nok Nok says THANK YOU, Tushar, for learning as a boy how to tinker with cars and applying that same passion to cyber security – evangelizing and implementing FIDO-based passwordless authentication solutions along the way.

16 Jun

2 Min read

Cyber Hero Micro Briefing Series with Tammi Hayes

June 16, 2023 Nok Nok News 0 comments

One of the most highly anticipated summer superhero movies is out today – “The Flash.” While she can’t travel back in time like The Flash to change what’s happened in the past, our Cyber Hero this week, Tammi Hayes, has been there since the beginning, making us all more secure on the internet.

Tammi has been a cybersecurity champion for over two decades, pioneering its evolution since the early dot-com era. Her involvement with RSA, however, marked merely the beginning of her cybersecurity odyssey.

In this week’s episode of Cyber Hero Origins, Tammi describes her journey to becoming a cybersecurity evangelist and how she’s raised awareness for FIDO and Nok Nok – pushing forward the discourse on passwordless security and helping FIDO to become a globally accepted standard for all industries.

Thank you, Tammi! Your continuous efforts in cybersecurity are not merely a testament to your expertise and dedication, but it also serves as an inspiration for others!

Listen to her full podcast episode from earlier this week and subscribe to our blog to stay up to date on all the comics and podcasts premiering this summer in our Cyber Hero Origins series!

09 Jun

1 Min read

Cyber Hero Origins – Rakan Khalid

June 9, 2023 Nok Nok News 0 comments

This week’s expected summer movie blockbuster is “Transformers – Rise of the Beast.” At the same time we are excited to present to you a “transformer” in his own field Rakan Khalid, Head of Product, Identity Verification and Authentication. Rakan is our first Cyber Hero Origin in the form of a comic!

A little about why Rakan is a true Transformer and Cyber Hero: as a young person he took it upon himself to transform for his father, a doctor in Dubai, what was a paper based patient record system into an easy to manage electronic format. Fast forward through impressive jobs at Intel and eBay, and now Rakan is evangelizing FIDO-standards based passwordless authentication to protect his employer and their customers from breaches and fraud – not an easy transformation as people hold tightly to vulnerable passwords.

Nok Nok says THANK YOU to Rakan, one of many unsung cyber heroes who are responsible for thought leadership in his organization driving FIDO-based passwordless authentication.

Subscribe to our blog and stay tuned, as we have comics and podcasts premiering all summer!

02 Jun

2 Min read

Intro to Cyber Hero Series – From the Beginning

June 2, 2023 Nok Nok News 0 comments

Intro to Cyber Hero Series - From the Beginning.

31 May

4 Min read

Nok Nok Announces Record Customer Expansion as Industry Adoption of FIDO Passkeys Accelerates

May 31, 2023 Nok Nok News 0 comments

Next phase of growth powered by regulatory compliance and recent ecosystem partnerships.

Global adoption of passwordless authentication is accelerating due to regulatory compliance, security and user experience requirements, and recent advances from major computing ecosystem participants.

San Jose, CA – May 31, 2023 – Nok Nok, a leader in passwordless authentication for the world’s largest organizations, today announced strong 2022 results following the FIDO (Fast IDentity Online) industry introduction of passkeys, deployments with Fortune 500 companies and key partnerships in the government market that will accelerate the company’s next phase of growth. Nok Nok 2022 annual recurring revenue increased by more than 40% YoY, driven by expansion in customer deployments, and the addition of new vertical markets fueled by global regulations that require phishing-resistant authentication.

Innovative Passkey Support

As an inventor of FIDO specifications, Nok Nok and its S3 product suite have been in sync with advances in FIDO authentication. With the introduction of FIDO passkeys in 2022, Nok Nok announced the:

same safety and convenience of using biometrics to access your device as for logging into web services.
reduced attack surfaces by eliminating the most commonly stored credential – the password.
ability to embed passwordless authentication in enterprise workflows reduces development and support time for customer facing applications.
future integration capabilities that will include in-home devices such as Alexa, IoT device services, and physical access to buildings.

“We see new momentum in the FIDO marketplace due to the announcement of Passkeys last year,” offered Miguel Villaumbrales, Global Head of Digital Identity from BBVA. BBVA, a customer of Nok Nok since 2019 with a security-first mindset, has implemented Nok Nok’s FIDO-based biometric authentication in its award winning mobile banking services, including their smart watch applications.

Customer Deployment Spotlight

NTT DOCOMO, INC. has been a customer of Nok Nok since 2015. Under the slogan “Your Security, More Simple,” DOCOMO has improved the authentication user experience for a wide variety of DOCOMO services. In 2020, DOCOMO began offering a passwordless option by providing a password disable setting, and in April 2023, NTT DOCOMO began support for WebAuthn/Passkeys. DOCOMO’s adoption of Nok Nok’s FIDO solution enhanced the authentication user experience, toward DOCOMO’s goal of a “Passwordless World.”

New Partnerships to Address Growing Global Regulatory Compliance

2022 was the year that Nok Nok accelerated product development in order to meet the needs of government and highly regulated industries. Nok Nok announced a partnership with UberEther, a leading provider of identity and access management solutions to the federal government, to provide phishing-resistant authentication in UberEther’s FedRAMP High and DoD Impact Level 5 ready IAM Advantage platform.

Nok Nok also entered into a new partnership with Carahsoft Technology Corp., The Trusted Government IT Solutions Provider®. Recent executive orders and regulations require federal government agencies to leverage phishing-resistant multi-factor authentication (MFA) solutions. Through Carahsoft’s reseller partners, and NASA Solutions for Enterprise-Wide Procurement (SEWP) and National Cooperative Purchasing Alliance (NCPA) contracts, federal government agencies will have access to Nok Nok’s FIDO-enabled and phishing-resistant multi-factor authentication (MFA) solution.

“From when we co-founded the FIDO Alliance in 2012 to where we see adoption today, it is truly rewarding to see industry-leading customers and partners deploying Nok Nok’s FIDO enabled solutions at internet scale to hundreds of millions of global end users,” said Phil Dunkelberger, CEO of Nok Nok. “It has been our best year for deployments, customer expansion and innovation with the shipping of the The Nok Nok™ S3 Authentication Suite Version 9. Recent market interest in our solutions has been driven by the introduction of FIDO-based passkeys, which is creating a global awareness of what interoperable, easy to use passwordless authentication can mean for the consumer experience. All of this momentum points to a more secure, easier to use experience for all users, and reduced complexity for IT and security teams.”

About Nok Nok

Nok Nok is a leader in passwordless customer authentication and delivers the most innovative FIDO (Fast IDentity Online) solutions for the passwordless authentication market today. Nok Nok empowers organizations to significantly improve their user experience and security, and reduce operating expenses, while enabling compliance with the most rigorous privacy and regulatory requirements. The Nok Nok™ S3 Authentication Suite integrates into existing security environments to deliver proven, FIDO-enabled passwordless customer authentication. As a founder of the FIDO Alliance and an innovator of FIDO standards, Nok Nok is an expert in next-level, multi-factor authentication. Nok Nok’s global customers and partners include AFLAC Japan, BBVA, Carahsoft, Fujitsu Limited, Hitachi, Intuit, Mastercard, MUFG Bank, NTT DATA, NTT DOCOMO, Standard Bank, T-Mobile, and Verizon. For more information visit NokNok.com.

Read the official press release.

Contact Us

Latest Posts

Navigation

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Title: AI Brings Need for Robust Security to the Next LevelBy: Dr. Rolf Lindemann

Next phase of growth powered by regulatory compliance and recent ecosystem partnerships.

Global adoption of passwordless authentication is accelerating due to regulatory compliance, security and user experience requirements, and recent advances from major computing ecosystem participants.

Innovative Passkey Support

Customer Deployment Spotlight

New Partnerships to Address Growing Global Regulatory Compliance

About Nok Nok

Contact Us

Latest Posts

Navigation

Please complete this form to view and download this resource.

Submit to Download Forms

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Title: AI Brings Need for Robust Security to the Next Level
By: Dr. Rolf Lindemann