NASA’s newest solar research mission is already producing some amazing outcomes. The PUNCH or Polarimeter to Unify the Corona and Heliosphere mission, which was launched on March 12, 2025, is a set of four small satellites working together in low Earth orbit to study the sun’s outer atmosphere and solar wind. Within weeks of launch, it sent back its first set of images, including a colourful and unusual “rainbow” view of a faint glow caused by sunlight scattering off dust in space that was rare and rarely seen before.These early images are scientific and have quickly caught the attention of space enthusiasts due to their unexpected beauty. One image, taken on April 18 by the WFI-2 instrument, shows a soft gradient of red, green, and blue light against a starry sky. The image shows how the spacecraft measures different wavelengths of light and the direction that light has been polarised by particles in space.
A rainbow in space
This image isn’t a real rainbow, but a false-colour representation of polarised light from space dust. The colours including red, green, and blue, reflect different polarisation angles that help scientists understand how light scatters off interplanetary particles.As said by NASA in a SwRI press release, “The image is colorised to show the polarization (or angle) of the zodiacal light, a faint glow from dust orbiting the sun.” These early images help scientists confirm that the instruments are working correctly and are ready for more detailed solar observations.
Seeing the moon in a new light
Another exceptional moment happened on April 27, when one of PUNCH’s cameras, the Narrow Field Imager (NFI), spotted the new moon passing near the sun. To see this clearly, the NFI used a special cover called an occluder to block out the sun’s bright light. In the image, the moon looks full even though it was technically a new moon. That’s because of something called “Earthshine”, or sunlight bouncing off Earth and lighting up the moon’s dark side. This helped scientists make sure the moon won’t get in the way of PUNCH’s future views of the sun’s outer layers.
On April 16, two of the other PUNCH satellites, WFI-1 and WFI, also captured the soft glow of zodiacal light. Through their wide-angle view, they picked up some famous sights in the night sky, like the Hyades and Pleiades star clusters, the Andromeda galaxy, and the Cassiopeia constellation. These early images are helping scientists fine-tune the instruments, but they also show just how sensitive PUNCH is as it can spot even the faintest details way out in space.
SPHEREx joins the ride
Launched alongside PUNCH aboard a SpaceX Falcon 9 rocket from Vandenberg Space Force Base, SPHEREx is another NASA mission with big goals. Unlike the James Webb Space Telescope, which zooms into distant objects, SPHEREx will scan the whole sky in 102 infrared colours. As Nicky Fox, associate administrator for NASA’s Science Mission Directorate, said in a SPHEREx briefing, “We are literally mapping the entire celestial sky in 102 infrared colors for the first time in humanity’s history.”Photo: NASA/ SwRI
SAVE $400: The Garmin Fenix 7 fitness tracker is on sale at Amazon for $499.99, down from the list price of $899.99. That’s a 44% discount and a new record-low price at Amazon.
We’re on the heels of an exciting Prime Day. This year we get four full days of shopping to find the best Apple deals, outdoor gear upgrades, and finally replacing those uncomfortable earbuds. If you have summer adventures planned or you’re looking to keep better tabs on your fitness metrics, there’s an especially great deal that’s already live on a fitness tracker.
As of July 6, the Garmin Fenix 7 fitness tracker is just $499.99 at Amazon, marked down from the list price of $899.99. That’s a major 44% discount that takes $400 off the smartwatch. It’s also a new record-low price at Amazon by a long shot.
Mashable Trend Report
Summer is the perfect time to get into a new fitness routine. With better weather and longer daylight hours, it can be a great way to set a new schedule that involves a focus on health. Whether you’re taking longer walks around the neighborhood or heading into the mountains to set a new trail record, the Garmin Fenix 7 is packed with useful features.
SEE ALSO:
Apple Watch deals are heating up ahead of Prime Day — get the lowest-ever price on the Series 10
For starters, who couldn’t use a built-in flashlight on their wrist? On the trail, this is incredibly useful for digging into your backpack to find that (probably melted) chocolate bar. At home, it’s a great way to avoid tripping on the dog during the midnight bathroom trip. The strobe function is gonna come in handy during winter runs at 5 p.m. when it’s completely dark out. But of course, the Garmin is packed with fitness tracking features, too.
On your wrist, you’ll have access to heart rate date, pulse Ox levels, and sleep metrics. Each morning, the Garmin will give you a daily report that discusses training readiness for the day. Plus, the the Garmin Fenix 7 is capable of solar recharging. But you shouldn’t need that too often since the watch can get up to 22 days of battery on a single charge when in smartwatch mode.
Since it’s down to a super low price at Amazon, it’s probably wise to jump on this Garmin Fenix 7 deal before Prime Day takes hold. There’s no telling when Amazon will decide to bump up the price while lowering others during the longest Prime Day sale ever.
The best early Prime Day deals to shop this weekend
Death toll from Texas flooding rises to nearly 70, officials say
The death toll due from the Texas floods has risen to nearly 70 overall on Sunday, with 59 people dead in Kerr County, officials said. The additional numbers are from outlying areas.
The number of missing girls from Camp Mystic has gone down to 11, from an original 27 missing.
Key events
The National Weather Service has extended its flood watch through 7 p.m. central time for central Texas.
The Service warns that additional rainfall of two-to-four inches are possible, with “isolated pockets of 10 inches” also possible. “It is very difficult to pinpoint where exactly the isolated heavy amounts will occur in this pattern,” the National Weather Service posted on X.
Kerr County officials said that, as of 9 a.m. central time on Sunday, 38 adults and 21 children have died in the county due to the deadly flooding. Eighteen adults and four children have not been identified.
The remaining dead are from outlying areas. There are a total of nearly 70 dead.
There are 11 Camp Mystic campers and one counselor still missing, officials said.
Death toll from Texas flooding rises to nearly 70, officials say
The death toll due from the Texas floods has risen to nearly 70 overall on Sunday, with 59 people dead in Kerr County, officials said. The additional numbers are from outlying areas.
The number of missing girls from Camp Mystic has gone down to 11, from an original 27 missing.
A MAGA congressional candidate in Georgia shared strange posts on social media, claiming that the weather is being manipulated, as search and rescue efforts continue in Texas after deadly flooding.
Kandiss Taylor, who is running for Congress in Georgia for the 2026 elections, posted on X: “Fake weather. Fake hurricanes. Fake flooding. Fake. Fake. Fake.”
In another post, Taylor doubled-down, by sharing conspiracy theories about natural disasters: “This isn’t just ‘climate change.’ It’s cloud seeding, geoengineering, & manipulation. If fake weather causes real tragedy, that’s murder.”
X users responded to Taylor, slamming her for her tweets.
She later said that her posts were about legislation proposed by right-wing MAGA and conspiracy-theorist congresswoman Marjorie Taylor Greene that would prohibit “the injection, release, or dispersion of chemicals or substances into the atmosphere for the express purpose of altering weather.”
“I wasn’t talking about Texas with this post,” Taylor said. “Liberal left winged media twisted what I said to make it about Texas.”
The longtime owner and director of Camp Mystic, a Christian girls camp, died while trying to save campers, a local publication reports.
Dick Eastland was “kind and welcoming” and is described as a father figure to campers.
Camp Mystic was established in 1926 along the Guadalupe River in central Texas nearly a century ago “to provide young girls with a wholesome Christian atmosphere,” Reuters reports.
Dick and his wife Tweety Eastland, are the third generation of the family that bought the camp in 1939, the camp website says. There are still 27 girls missing from Camp Mystic.
“[Eastland] was family to so many campers,” wrote Paige Sumner in the Kerrville Daily Times. “It doesn’t surprise me at all that his last act of kindness and sacrifice was working to save the lives of campers.”
People in Texas describe the terrifying moments after deadly flooding swept through the central part of the state. The death toll has risen to 59 people.
One man describes him and his wife being swept by the water and holding onto a tree until rescuers arrived to help. “It was scary, it was really scary,” he said.
The Guardian’s video team produced this piece on people caught up in the floods.
People recounted their ordeal after deadly flooding swept through central Texas on Friday morning.
Death toll from Texas flooding rises to 59, lieutenant governor says
The death toll from the flooding in Texas has risen to 59, according to the county’s Lieutenant Governor Dan Patrick (up from the previous total of 51). More details soon…
Here is a graphic showing where Camp Mystic is located within the state of Texas:
A graphic showing where Camp Mystic is located within Texas.A graphic showing where Camp Mystic is located within Texas.
Officials said this morning the tally of children missing from the Christian youth camp for girls stood at 27.
Officials have said waters in some parts of Texas are starting to recede to where they were before the storm.
The Guadalupe River near Kerrville – which surged by more than 20 feet within 90 minutes during the downpour — is, according to CNN, back down to just a foot or two higher than its level before the flood.
The hills along the Guadalupe River in central Texas are dotted with century-old youth camps and campgrounds where generations of families came to swim and enjoy the outdoors, Associated Press reports. The area is especially popular around the July Fourth holiday, making it more difficult to know how many are missing.
“We don’t even want to begin to estimate at this time,” Kerrville city manager Dalton Rice said earlier.
Search crews were facing harsh conditions while “looking in every possible location,” he said.
Jonathan Porter, the chief meteorologist at AccuWeather, a private weather forecasting company that uses National Weather Service data, said it appeared evacuations and other proactive measures could have been undertaken to reduce the risk of fatalities.
In a statement, he said:
People, businesses, and governments should take action based on flash flood warnings that are issued, regardless of the rainfall amounts that have occurred or are forecast.
As we mentioned in a previous post, local officials in Texas have said they had not expected such an intense downpour that was the equivalent of months’ worth of rain for the area.
“We know we get rains. We know the river rises,” said Kerr County Judge Rob Kelly, the county’s top elected official. “But nobody saw this coming.”
As much as 10 inches of intense rainfall fell within a few hours overnight in central Kerr County on Friday, causing the Guadalupe River’s banks to burst at about 4am local time.
Pope Leo has sent condolences to the families of devastating floods in Texas which killed at least 51 people and left nearly 30 others missing, many of them children.
Following Angelus prayers, the pontiff said:
I would like to express sincere condolences to all the families who have lost loved ones, in particular their daughters who were in a summer camp in the disaster caused by flooding of the Guadalupe River in Texas. We pray for them.
Aftermath of Texas floods – in pictures
Here are some of the latest images coming out from Texas after devastating floods forced authorities to launch one of the largest search-and-rescue efforts in the state’s recent history:
Houses and cars are partially submerged in flood waters in an aerial view near Kerrville, Texas. Photograph: US Coast Guard/ReutersA drone view shows the swollen San Gabriel river, in Georgetown, Texas, amid the deluge. Photograph: Adam Grumbo/Reuters Kyle Hammock stands in front of his damaged home on the bank of Guadalupe River after clearing debris from inside his home. Photograph: Jim Vondruska/Getty ImagesA volunteer rescue searcher speaks on the phone after deadly flooding in Kerr County. Photograph: Sergio Flores/ReutersA child’s baseball helmet lies among flood debris along TX-39 near Hunt, Texas. Photograph: Eric Vryn/Getty Images
What has the federal response to the Texas floods been?
US president Donald Trump addressed the deadly floods on Saturday. On his Truth Social platform, he said his administration was working with state and local officials on the ground in Texas to respond “to the tragic flooding” that occurred a day before.
“Our Secretary of Homeland Security, Kristi Noem, will be there shortly,” Trump wrote.
Speaking at a press conference alongside Texas Governor Greg Abbott on Saturday, Noem pledged that the Trump administration would use all available resources to help the state in its rescue efforts, including by bringing in more fixed-wing aircraft and helicopters to aid with operations.
She said the government would make it a priority to upgrade National Weather Service technology used to deliver warnings.
Noem said:
We know that everyone wants more warning time, and that’s why we’re working to upgrade the technology that’s been neglected for far too long to make sure families have as much advance notice as possible.
Kristi Noem speaks with Texas Gov Greg Abbott about ongoing search and rescue efforts at a press conference in Kerrville, Texas. Photograph: Rodolfo Gonzalez/AP
For context: Some state and local officials have said the NWS failed to provide accurate forecasts ahead of Friday’s destructive flooding.
“The original forecast that we received Wednesday from the National Weather Service predicted 3-6 inches of rain in the Concho Valley and 4-8 inches in the Hill Country,” Texas emergency management chief W. Nim Kidd told journalists on Friday. “The amount of rain that fell at this specific location was never in any of those forecasts.”
The father of Blair, 13, and BrookeHarber, 11, confirmed to CNN yesterday that his daughters had died in the Texas flooding after having gone missing in Kerr County.
RJ Harber told CNN that Blair “was a gifted student and had a generous kind heart” and that Brooke “was like a light in any room, people gravitated to her and she made them laugh and enjoy the moment”.
Neither Blair or Brooke were at Camp Mystic when they went missing.
Questions have arose as to why the severity of the flooding in the middle of the night on the Fourth of July holiday caught many officials by surprise.
Here is an extract from a story by my colleagues Oliver Milman, José OlivaresandRobert Mackey who have looked into the preparations for the flood and examined how federal policy may have impacted local projection capabilities:
Officials defended their preparations for severe weather and their response but said they had not expected such an intense downpour that was, in effect, the equivalent of months’ worth of rain for the area.
One National Weather Service (NWS) forecast this week had called for only 3-6in (76-152mm) of rain, said Kidd, of the Texas division of emergency management.
“It did not predict the amount of rain that we saw,” he said.
Saturday’s deaths renewed questions about whether it was wise for the Trump administration to implement deep budget and job cuts at the NWS – among other federal government agencies – since his second presidency began in January.
Camp Mystic, a nearly century-old Christian girls camp, had 700 girls in residence at the time of the flood, according to Texas Lieutenant Governor Dan Patrick.
Early Friday morning, shortly after the deluge hit, over 100 game wardens and an aviation group tried to access the camp, but they weren’t able to enter to start rescuing children until after midday, CNN reports.
One of the girls attending the camp, Renee Smajstrla, who was nine years old, was confirmed to be among the dead by her uncle.
“Renee has been found and while not the outcome we prayed for, the social media outreach likely assisted the first responders in helping to identify her so quickly,” Shawn Salta wrote on Facebook. “We are thankful she was with her friends and having the time of her life.”
A Sheriff’s deputy pauses while combing through the banks of the Guadalupe River near Camp Mystic. Photograph: Julio Cortez/AP
Camp Mystic said in an email to parents of the campers that if they had not been contacted directly, their child had been accounted for.
Another girls’ camp in the area, Heart O’ the Hills, said on its website that co-owner Jane Ragsdale had died in the flood but no campers had been present as it was between sessions.
Search for missing continues with at least 51 people killed, including 15 children
We are restarting our live coverage of the devastating Texas floods.
Hundreds of rescuers are desperately searching for people missing in central Texas, after torrential rains caused devastating flooding that killed at least 51 people, including 15 children.
The total number of missing people is not yet clear, but officials say that 27 of them are girls who had been attending Camp Mystic, a Christian youth camp located along the River Guadalupe in Kerr County, the area worst affected by the flood.
The river rose more than 20 feet in less than two hours overnight into the July 4 holiday.
Drone footage shows extent of deadly Texas flooding – video
The flooding in Kerr County killed at least 43 people, including 15 children, and at least eight people died in nearby counties, including Travis County and Tom Green County.
Searchers used helicopters, boats and drones to look for victims and to rescue people stranded in trees and from camps isolated by washed-out roads.
Authorities said about 850 people had been rescued, with more than 1,700 people involved in the search-and-rescue operation.
Texas Governor Greg Abbott vowed that authorities will work around the clock and said new areas were being searched as the water receded. He declared Sunday a day of prayer for the state.
In a post on X, he wrote that Camp Mystic was“horrendously ravaged in ways unlike I’ve seen in any natural disaster” and vowed that rescuers would find “every girl who was in those cabins”.
Stay with us as we bring you the latest updates on the floods throughout the day.
Furniture lie scattered inside a cabin at Camp Mystic after deadly flooding in Kerr County. Photograph: Sergio Flores/Reuters
The Wallabies have claimed victory in their first Test for 2025 after a Harry Wilson try in the 79th minute sealed a 21-18 win over Fiji at McDonald Jones Stadium.
In front of a record rugby crowd of 28,132 in Newcastle, the Wallabies raced to a 14-0 lead but were forced to dig deep after a second half barrage from the Flying Fijians.
The tourists swept to the lead with 25 minutes remaining after scoring 18 unanswered points before Wilson’s late, spinning move close to the line steered the Wallabies home.
The Wallabies were hungry for early points and nearly found their way through Harry Potter, who just couldn’t collect the cross-field kick.
It reflected a first half dominated by the hosts but couldn’t capitalise on their opportunities, with several tries disallowed.
Dave Porecki got Australia on the board via the rolling maul after Langi Gleeson was held up. Eight minutes later, Potter was denied again after the final pass from Tom Wright was judged to have travelled forward. The Wallabies were controlling territory but had another try disallowed for a crooked lineout throw.
The pressure eventually delivered points when slick hands from centres Len Ikitau and Joseph-Aukuso Suaalii created the space for Fraser McReight to dive over.
With the hosts in control, an errant kick right at half time gave Fiji a chance to counter as Salesi Rayasi went over to reduce the lead to 14-5 at the break.
The second half started as the first began with another Wallabies try denied – this time to Max Jorgensen after a forward pass from Wright to Harry Potter, who chipped ahead for his fellow winger.
This provided the window for Fiji to hit back, starting with a Caleb Muntz penalty to reduce the margin to under a converted try.
The door was then opened for winger Jiuta Wainiqolo to produce some magic to put the visitors in front. The Toulon winger collected the ball inside his 22 and broke through multiple defenders before throwing a magic offload for Lekima Tagitagivalu to dive over in the corner.
With all the momentum, Fiji looked to have scored again through Sireli Maqala, however, the hosts were saved after Potter’s foot was in touch before the turnover.
It went from bad to worse for the hosts after a nasty whiplash incident left flyhalf Noah Lolesio injured in the build-up.
Another Fiji penalty extended the margin to four points as the hosts held tough in defence.
The Fijians threw everything trying to seal the win as the Wallabies kept forcing turnovers.
It gave them a last chance to find a winner as several penalties put them on the five-metre line.
Up stepped the captain, spinning his way over the line and finding the chalk with 90 seconds to go for the winner,
There is a Diogo Jota performance that many Liverpool supporters will remember above all others.
In October 2022, with the Reds struggling badly for form, Jota and Co. came up against a Manchester City team that would go on to win a historic treble that season.
A month before the 2022 men’s World Cup – the tournament Jota later said was “one of his dreams” to play in – many players might have taken it easy for fear of injuring themselves.
Not Jota.
The Portuguese forward did not contribute a goal or an assist, but he played 100 minutes and battled to win the ball back on countless occasions. Liverpool won 1-0, but Jota’s tireless performance saw him go down with an injury in the final minute. He would go on to miss the World Cup.
With the tournament set to come around again next year, Jota would very likely have finally fulfilled that dream in 2026.
That opportunity, along with the far more important chance to experience life as a young father and newlywed, was cruelly snatched from the 28-year-old on Thursday morning when he and his brother, André Silva, died in a car crash in northwestern Spain.
Hunger and bravery
Maybe Jota would have avoided the injury against Manchester City if he had stayed out of the difficult tackles. But that is not the kind of player he was.
“The way he played the game was full of this sort of scampering energy. … He would hunt the ball down aggressively, and he’d hunt space down aggressively.” Neil Atkinson, CEO and host of The Anfield Wrap, told CNN Sports’ Amanda Davies.
Jota’s technical gifts – while remarkably apparent at times – were not on the level of those of some of his teammates. But it was that willingness to fight that made him such a popular figure on Merseyside, and the reason why it has been difficult to go to a Liverpool game in the last few years and not hear the crowd’s famous song for him.
“They loved that work ethic, that sheer desire, and the fact that he had almost a sense of mischief about him in the manner of his goals as well,” Atkinson said. “And I think that very much endeared him to the supporters.”
The Portuguese international was vocal about his philosophy of hard work on the pitch.
“As a fan – I was a fan myself – you want to see a player fighting for the club, for the badge that they both love,” he said in a video which was released by Liverpool on Thursday following the news of his death.
In pictures: Remembering Diogo Jota
But that tenacity was not just limited to his attitude on the field. As a young player struggling for games at one of the biggest clubs in the world – Atlético Madrid – the forward opted to join Wolverhampton Wanderers, a team which, at that time, was in the Championship, the second tier of English soccer.
His bravery was rewarded as he became one of the best players in the team, eventually signing for Liverpool in 2020.
It was at Liverpool where Jota appeared to find particular kinship with a city that, like him, has often had to fight.
In 1981, after riots began in Liverpool as a result of tensions between police and the Black community, then British Prime Minister Margaret Thatcher was secretly urged by her finance minister, Geoffrey Howe, to pursue a policy of “managed decline” with reference to the city.
According to Howe, spending public money on the city would be like “trying to make water flow uphill.”
Eight years later, when the Hillsborough disaster claimed the lives of 97 Liverpool supporters at an FA Cup semifinal, the city once again felt the brunt of the establishment.
Both the local police and some sections of the British media blamed Liverpool fans. Despite tireless campaigning by the victims’ families, it would take until 2016 for an inquest to rule that those who died were unlawfully killed and that fan behavior did not cause or contribute to the disaster.
Liverpool is a club that has had more than its fair share of tragedy. Less than six weeks ago, a car rammed into a crowd of people at a parade to celebrate the club’s Premier League title win, injuring dozens of people, including children.
In the face of this latest tragedy Thursday morning, the city will once again come together to grieve.
“The only way to get through this is to get through it together,” Atkinson said.
The importance of that collectiveness was echoed by another Liverpool fan, Sally – who did not give her surname when she spoke to CNN Sports’ Matias Grez outside Anfield on Thursday.
“You stick together because that’s the only way it’s going to work,” she said. “That’s the community spirit. It’s not just Liverpool, it’s Everton as well. Rivalries aside, times like this everyone comes together. It doesn’t matter who you support.”
Indeed, among the hundreds of scarves, flowers and messages that were left for Jota and his brother outside Anfield, items laid by fans of Everton, Liverpool’s local rival, were visible.
“I’m not really a massive one for social media, so I hadn’t seen any of what I’m now seeing in front of me,” another supporter, Simon Walker, told CNN in reference to the tributes left at the stadium. “But I’m not surprised in the slightest because this is how this club and this city operates.”
To say that Jota – a man who grew up in a small town outside Porto, 886 miles (1426 kilometers) away – fit well in Liverpool would be an understatement.
That affinity extended to some of the less-Portuguese pastimes. In tribute posts on social media, former teammates Andy Robertson and Caoimhín Kelleher both referenced their surprise at Jota’s enjoyment of darts and horse racing, with Robertson even jokingly referring to him as “Diogo MacJota.”
“You could relate to him,” Sally, the Liverpool supporter who spoke to CNN, said Thursday. “You could tell he was a down-to-earth fella. He was very humble. He wasn’t showy-offy. He was just very much a family man.
“I think that’s what relates everyone in the city to him, because we’re all like a family.”
The funeral for the 28-year-old and his brother took place in their hometown of Gondomar on Saturday morning. The pain that their family, Jota’s wife and their three children are experiencing far exceeds that of those who marveled from afar at his performances on a soccer pitch.
But it is a testament to Jota’s spirit and tenacity that Liverpool too is grieving the loss of one of its most beloved sons.
Mature OT cybersecurity programs span beyond perimeter defenses, with an emphasis on deep visibility, continuous risk assessment, and strong governance reflecting the unique conditions and needs of OT (operational technology) environments. The roadmap accounts for legacy systems, scattered industrial installations, multilayer network segmentation, secure remote access to the plant, and asset inventories that are up to date, even as critical equipment ages. But most industrial companies are still stuck using legacy risk models designed for the way our systems used to be, rather than the way they are today. The question remains, however, is most, if not all, of the installed base is not hardened for modern threats, including ransomware, nation-state, and supply chain compromise, and leaves critical industrial environments at risk.
As cyber threats and attacks increasingly become physically and geographically charged, the responsibility for OT cybersecurity is being redrawn. Formerly the responsibility of control engineers and plant managers, OT security is now the responsibility of CISOs and enterprise security teams. This is not a smooth transition. For those environments that are intolerant of downtime, where production outages are not only cost-prohibitive but physically intolerable, the concept of chaos can seem like anathema to traditional security teams who have been weaned on IT-centric ‘patch and reboot’ playbooks. Even worse, these environments are not simple to secure while still servicing production workloads, requiring expertise, patience, and coordination.
Building OT cybersecurity programs must also deal with the pressure of cultural gaps between IT security practitioners and OT teams. Engineers may see security controls as impediments to safety or productivity, just as security teams may not recognize how arcane industrial systems are. These disconnects can throw even the most well-considered programs off track, creating a breach for attackers to take advantage of unguarded paths.
The CISOs, sometimes now charged with protecting OT, are ill-prepared to make this cross-cultural and technical leap. Policy updates will not be enough to ensure organizational success. Focusing on OT cybersecurity programs that require realizing the operational significance of cyber investments, investing in developing required skills, and leadership that understands the mission to keep production on, as well as recognizes the need for increases in protection as the threat environment continues to change. Anything less risks getting industrial cybersecurity mired in the past.
What makes a mature OT cybersecurity program?
Industrial Cyber reached out to industrial cybersecurity experts to explore what defines a mature OT cybersecurity program today. They also look into why so many industrial organizations still fall short of that standard.
Jeff Johnson, OT cyber program lead at MorganFranklin Cyber
Jeff Johnson, OT cyber program lead at MorganFranklin Cyber, told Industrial Cyber that a mature program should have holistic cybersecurity management that defines governance, roles, and process life cycles. It should follow a risk-based architecture using ISA/IEC 62443-3-2 for risk assessment and set security-level targets, with zoning and segmentation based on the Purdue Model or operational needs. Secure-by-design principles should be built into future architecture as a standard.
He also identified that throughout the ICS/OT lifecycle, product-level controls should enforce defense-in-depth, least privilege, and availability requirements, with security by design integrated into any new infrastructure from the outset. Finally, continual improvement through regular assessments, patching, monitoring, and incident readiness is essential.
On why most industrial organizations lag, Johnson pointed to legacy ecosystems that dominate with proprietary protocols and limited patching capabilities. OT teams are wary of changes that risk availability or safety… ‘This is the way we’ve always done it.’ He also added complexity and cost as formalizing cybersecurity management systems, asset inventories, segmentation, and secure procurement got pushed to the back burner. Additionally, these older devices are expensive and, in most cases, unnecessary in their eyes, from a productivity perspective.
Dino Busalachi director for OT cybersecurity at Barry-Wehmiller Design Group_
Dino Busalachi, director for OT cybersecurity at Barry-Wehmiller Design Group, told Industrial Cyber that mature programs share several key characteristics. Mature organizations typically adopt a security framework, such as NIST, IEC 62443, or NERC CIP, and integrate it across their operations.
He added that a critical gap often emerges when organizations fail to communicate their OT cyber strategy to key suppliers. CIO and CISO leadership need to build stronger relationships with original equipment manufacturers and system integrators, since these suppliers serve as the primary delivery teams responsible for bringing OT assets into manufacturing environments. Beyond designing and building these OT systems, they also handle ongoing support and maintenance, making their involvement essential.
Busalachi added that many IT departments have chosen their cybersecurity path without incorporating the broader OT ecosystem, both internally and externally. “This siloed approach prevents organizations from reaching the maturity level required to improve their cybersecurity programs effectively.”
Jason Rivera. Co-Founder & CEO, Cabreza
“A mature program is one with clear expectations, executive support, defined governance, collaborative culture, smart resourcing, dedicated OT security policies, controls and procedures, fit-for-purpose tools, measurable outcomes, a roadmap, and repeatability,” Jason Rivera, co-founder and CEO at Cabreza, told Industrial Cyber. “Any organization can get wrapped around the axle of one of those topics, but if they’re willing to collaborate, communicate, and compromise, maturity gains can be achieved.”
Kevin Kumpf, OT/ICS Strategist OT/ICS Strategist, Hard Hat Cybersecurity Services LLC
“What defines a mature OT cybersecurity program is having a grasp on the people, process, and technologies (including third parties) that make a business function in a safe and secure manner,” Kevin Kumpf, OT/ICS Strategist at Hard Hat Cybersecurity Services, told Industrial Cyber. “It includes C-Level leadership, IT, OT, change management, and third parties all working together and truly understanding the safety, availability, integrity, and confidentiality of their systems and their physical infrastructure.”
Kumpf said that most organizations have not achieved this because it is costly, and many organizations are outsourcing resource-driven driven using contractors to maintain systems and physical plants. “Outsourcing not only task-driven menial roles but also expertise-focused roles as well. While this produces cost savings on the bottom line, it sacrifices safety and security overall.”
Outdated risk models continue to weaken OT cybersecurity defenses
The executives address whether today’s OT cybersecurity programs are truly prepared to defend against modern threats like ransomware and nation-state attacks, or if they’re still relying on outdated risk models that can no longer keep up.
Johnson said that most organizations are in the process of rationalizing what OT means to their risk, business and bottom-lines, while ‘traditional OT verticals’ (utilities, etc.) tend to have more experience than most, the real challenge is creating space for a different kind of security within non-traditional verticals (healthcare, fintech, telecom, etc).
“This assumes that there is an OT cybersecurity program in place in the first place, focusing mainly on safety, downtime, and compliance, and underestimating cyber-physical attack vectors,” according to Johnson. “Modern threats have evolved fast: ransomware now includes extortion, disruption, and kinetic consequences. Gaps remain, as until ISA/IEC 62443 frameworks are fully applied, especially zones, monitoring, and SL-T enforcement, as many OT programs remain vulnerable.”
Busalachi sees a technology readiness vs. implementation issue, as cybersecurity technologies continue to advance and mature, but the problem lies with end users (asset owners) who are not moving the needle on implementation.
He added that proven frameworks remain valid. The SANS 5 OT Cybersecurity Critical Controls are not outdated and provide solid foundations, including defensible architecture, incident response, secure remote access, continuous monitoring, and vulnerability and risk management.
When it comes to critical visibility gaps, Busalachi identified that too many organizations fall short on OT asset discovery. “Many claim they want 100% visibility without understanding what this process truly means. There’s more to a plant than capturing only North-South traffic. The East-West traffic controls are equally critical for comprehensive security.”
Rivera said, “Unfortunately, probably not. A small manufacturer may be better equipped through a few smart, tactical decisions than a global distributor with politics, risk aversion, or special interests prevailing over site defense and resilience measures. This is what happens in the absence of meaningful, sector-specific standardization and benchmarking, apart from maybe the energy sector, with NERC-CIP.”
“That said, one issue with all the risk models is when they end up suggesting untenable efforts focused in one direction, causing the classic front door closed, back door wide open scenario,” he added. “That’s why I advocate for capability-based prioritization: Determining what can be done now, to get to next, and what can be done later, by when. The best equipped OT security programs are also built with achievability in mind, as well as risk reduction, and an unwavering tether to business and security resilience.”
Kumpf said that while the programs / regulatory standards themselves are attempting to align with cyber threats and risks, the organizations themselves are lacking a true understanding of what their risks truly are.
“As an example, while many organizations know what systems control OT resources, they do not have the depth of understanding on the interconnection of that system to others or how it impacts both upstream and downstream people, process, technologies, supply chain, etc.,” according to Kumpf. “Without clearly defined baselines, interconnectivity models, business risk quantifications, etc., there is no way to truly define a proper risk model.”
Industrial cybersecurity sees changing lines of responsibility
The executives examine who traditionally owns OT cybersecurity within industrial organizations, and how that ownership is shifting as cyber risks grow more physically and geopolitically charged.
“OT security historically has sat with plant engineering or operations teams—aligned to safety/process reliability. And from what I’m seeing, the majority still do,” Johnson said. “However, I do see a shift underway where CISOs, or embedded OT security leads, are now increasingly leading programs supported by cross-functional governance boards (OT Centers of Excellence in some cases).”
He added that cyber risk is rapidly merging with physical and geopolitically driven threats. Centralized cyber oversight ensures a coherent risk posture spanning IT, OT, supply chain, and geopolitical contingencies.
Busalachi said that ownership varies by sector. In critical infrastructure organizations, OT teams usually take responsibility for OT cybersecurity. However, they face significant challenges with limited resources and budget, especially in smaller organizations and municipalities.
He also identified an authority vs. responsibility disconnect. “IT departments may have cybersecurity responsibility, but they lack authority in OT environments. Ultimately, OT teams own the OT assets, not the other way around.”
From an engagement imperative, Busalachi said that IT leadership must decide whether to engage the OEMs and system integrators who are the primary deliverers of OT assets on the plant floor. “If these groups aren’t providing a clear path forward for their clients (OT asset owners), there’s a critical gap. IT is not currently engaging them effectively.”
“The CISO or CSO usually ‘owns’ programs, but that’s not to say they call every shot, or should. The most accountable and responsible parties need to listen, ask questions, and collaborate to prevent their program from dying on the vine,” Rivera said. “So, the evolved successful model of ownership is distributed between global security and the local, more operational teams.”
Kumpf said that cybersecurity risk is owned at the Board and C-suite level. “The C suite is responsible for the execution of the program, and in most organizations, this aligns to a CISO of IT. While some high areas of critical infrastructure (oil and gas, power, air and rail, etc) have an OT CISO, it is not the norm.”
“Implementation of the program resides with the plant manager or operational management of an OT area. There is a disconnect between this level and the levels above in nearly every organization I have worked with,” according to Kumpf. “There are not two communications, and this inhibits the true flow of information regarding physical and geopolitical risks. A CISO does not know where things are produced at the intimate level of a plant manager. A CISO does not understand the physical consequences of not having redundancy in core systems and why, in many instances, you cannot (digital twins are attempting to become a solution to this).”
Coping with cyber risk in downtime-averse OT environments
The executives explore how organizations are managing visibility and risk in legacy-heavy OT environments where downtime is intolerable and many assets remain difficult to identify.
Johnson said that organizations often start with asset inventory, using agentless discovery and network traffic analysis to map devices without disrupting operations. Risk-prioritized segmentation is then enforced through zoning and conduits to limit lateral movement.
In cases where patching is impossible, Johnson leaned towards hybrid compensating controls being deployed, including DMZs for devices that require both OT and IT access, along with firewall rules and other network-based protections. Finally, continuous monitoring and incident response provide situational awareness through network detection and response, anomaly detection, and response plans aligned with service-level agreements.
Busalachi said that maturity levels vary significantly, as less than 80% of organizations are mature enough to have developed comprehensive metrics. “Some sophisticated clients use Overall Equipment Effectiveness (OEE) to benchmark and improve manufacturing productivity.”
He added that the OT cybersecurity value proposition is that many organizations fail to realize these technologies actually help prevent events that cause unplanned and unscheduled downtime, improving OEE and overall operational efficiency.
“Well, organizations with programs should have control (and compensating control) criteria and requirements established for asset, detection/monitoring, and risk management,” Rivera said. “They’re entity-level exercises with outcomes that can be iterated on as people and technologies change. But for the organizations that just passed ‘Go’ and grabbed a tool off the shelf, they’re probably not managing well.”
“The only absolute way you can resolve this is to walk the plant floor and take a physical inventory. Once that inventory is collected, you need to ensure it is given to an owner (not an outside third party) who will continually update, maintain, and control its existence,” according to Kumpf. “You need to understand the who, what, when, where, and why of the asset. Who owns it, what it does for the organization, when it is used (non stop running, once a week, etc.), where it is located and how it is connected/accessed, and why the organization needs it (can another device already in place do the same function or task). Lastly, you need to understand its BIA/BCP if that device has an event/issue.”
The executives look into the cultural disconnects that exist between operations and cybersecurity teams, and how these tensions impact the success or failure of security initiatives.
Using the ‘Apples and Oranges’ analogy, Johnson said that OT leaders emphasize uptime and safety; cyber teams emphasize defense and confidentiality. “Both are good on their own, but I don’t want warm orange juice with spices in the fall, or cold apple juice with my cereal in the morning.”
“OT sees cyber as a threat to physical continuity, especially when misconceived as IT-centric. Cyber side frames standards/tools in IT jargon, while OT values safety, functional continuity, and risk-driven practices,” according to Johnson. “This friction leads to stalled segmentation, delayed patching, and token compliance. Using ISA/IEC 62443 ‘s shared language—zoning, risk scores tied to operational impact, measurable controls—to translate requirements into operational benefits for both sides, you can bridge the gap and provide a win for everyone.”
Highlighting the visibility problem, Busalachi said that too often, “when visiting manufacturing facilities to tour plant floors (OT environments), it’s the first time many IT team members (infosec, networking) have been onsite. In many cases, they haven’t visited the plant in years or have never been on the plant floor to review industrial control system architecture, applications, infrastructure, and networks.”
He added that IT departments have significant blind spots related to OT environments. “The critical question is – what is IT’s relationship with internal OT teams and their third parties (vendors, OEMs, and system integrators)? If these relationships don’t exist, cybersecurity initiatives will inevitably fall short.”
“Disconnects in responsibilities, expectations, decisions, risks, and feedback loops are going to happen. They can become some of the most defining moments of an organization’s OT security journey,” Rivera said. “But they’re also where the juiciest work is, which pays off greatly for any organization serious about doing OT security the right way. It’s important to learn from them and continuously strengthen relationships. On that note, incentivization models go a long way.”
Noting that there is a disconnect between plant-level operations and the C-suite, Kumpf said that “They do not have a true voice or advocate at the table. People at the C-level are dollar and risk-driven. Can we do it cheaper (put things in the cloud, outsource, etc.) and by the need to automate security through instant patching, AI-driven threat mitigation, shutting down systems that are outdated?”
“I equate this to the vision of the smartphone in today’s world. Why do you need a phone, camera, computer, desk calendar, etc., when you can do it all in one device (IT thinking)? OT is not built like that,” Kumpf added. “You would not expect a photographer you hired at a special event to show up with a cell phone and begin to take pictures or a person you paid to build you a custom cabinet to just go to a home improvement store and buy one, and just add hardware you selected.”
He also mentioned that OT is driven by many unique processes and situations. “There is always room to improve and streamline, but every plant and OT operation is unique and with its own challenges. It is not a ‘one size fits all.’”
CISOs struggle to bridge IT-OT cyber divide
The executives assess whether CISOs are well-positioned to lead OT cybersecurity efforts or whether a cultural and technical divide between IT and OT still hinders effective leadership.
“CISO leadership is increasingly essential as they bring board-level visibility, governance expertise, and a holistic risk mindset,” Johnson said. “However, many CISOs lack deep OT fluency, without operational credibility, and OT teams resist their guidance.” He added that CISOs with dedicated OT deputies or cross-functional steering committees bridge domain knowledge gaps. “CISOs must speak OT’s language— connecting cyber measures to safety, reliability, and business continuity.”
Identifying that the clear answer is ‘no,’ Busalachi said that CISOs are not well-positioned to lead OT cybersecurity efforts if they’re not engaging the external OT ecosystem operating in their manufacturing facilities. “This engagement gap represents a fundamental barrier to effective OT cybersecurity leadership. The technical and cultural divide between IT and OT continues to hinder progress until leadership bridges these gaps through meaningful engagement with all stakeholders in the OT ecosystem,” he added.
Rivera said that barring a substantial rise in CSO surpassing CISO roles within industrial organizations, “the CISO is the best positioned to lead, even despite being classically trained in IT security first. If there is some great divide, that’s the CISO allowing that kind of culture to exist, and they need to address it.”
He concluded that every moment of division is really just a moment for collaboration that’s lost its way.
In a new study, researchers demonstrated long-term, non-invasive monitoring of blood sodium levels using a system that combines optoacoustic detection with terahertz spectroscopy. Accurate measurement of blood sodium is essential for diagnosing and managing conditions such as dehydration, kidney disease and certain neurological and endocrine disorders.
Terahertz radiation, which falls between microwaves and the mid-infrared region of the electromagnetic spectrum, is ideal for biological applications because it is low-energy and non-harmful to tissues, scatters less than near-infrared and visible light and is sensitive to structural and functional biological changes.
“For biomedical applications, terahertz spectroscopy still faces two key challenges: detecting molecules other than water in complex biological samples and penetrating thick tissue layers to enable detection inside the body,” said research team leader Zhen Tian from Tianjin University in China. “By adding optoacoustic detection, we were able to overcome these challenges and demonstrate the first in vivo detection of ions using terahertz waves. This is an important step toward making terahertz-based techniques practical for clinical use.”
In Optica, Optica Publishing Group’s flagship journal for high-impact research, the researchers describe their new multispectral terahertz optoacoustic system and show that it can be used for noninvasive, long-term monitoring of sodium concentration in live mice without the need for any labels. Preliminary tests performed with human volunteers were also promising.
“With further development, this technology could be used to monitor sodium levels in patients without the need for blood draws,” said Tian. “The real-time sodium measurements could be used to safely correct imbalances in critical patients while avoiding dangerous neurological complications that can occur when sodium levels rapidly change.”
Using sound to cut the noise
The new work is part of a larger project aimed at advancing and implementing terahertz technology in the biomedical field using terahertz optoacoustic techniques. One key aim of the project is to reduce signal interference caused by water, which strongly absorbs terahertz radiation.
To overcome this interference, the researchers developed a modular system that irradiates the sample with terahertz waves. As the sample absorbs these waves, it vibrates the sodium ions connected to water molecules in the blood, creating ultrasound waves that are detected with an ultrasonic transducer. This technique, known as optoacoustic detection, converts the absorbed terahertz energy into sound waves for measurement.
“Terahertz optoacoustic technology represents a groundbreaking advancement for biomedical applications by effectively overcoming the water absorption barrier that has historically limited these applications,” said Tian. “The broader significance of this work extends far beyond blood sodium detection. This technology has the capability to identify various biomolecules — including sugars, proteins, and enzymes — by recognizing their unique terahertz absorption signatures.”
Tracking sodium without needles
To test their new system, the researchers showed that it could measure increases in blood sodium levels in blood vessels under the skin of living mice on the millisecond timescale for over 30 minutes. These measurements were taken from the ear, with the skin surface cooled to 8 °C to dampen the background optoacoustic signal from water.
The researchers also demonstrated that the terahertz optoacoustic system could quickly distinguish between high and low sodium levels in human blood samples. Finally, they noninvasively measured sodium ion levels in the blood vessels of the hands of healthy volunteers. They found that the detected optoacoustic signal from sodium was proportional to the amount of blood flow under the skin surface, even though measurements were collected without any skin cooling. While more work is needed, these results suggest that the system could be useful for non-invasive real-time monitoring.
The researchers say that adapting the system for human use will require identifying suitable detection sites on the human body — such as inside of the mouth — that can tolerate rapid cooling and allow strong signal detection with minimal water background noise. They are also exploring alternative signal processing methods that might make it possible to suppress water interference without the need for cooling, making the approach more practical for clinical diagnostics.
The Mamyshev oscillator (MO) is a type of fiber laser capable of producing high-energy laser pulses at a tunable repetition rate. It is a mode-locked laser which uses light travelling within a closed-loop cavity to produce laser emission. Harmonic mode-locking (HML) is an advanced form of mode-locking process where multiple laser pulses are produced within one round trip of light. MOs employing HML are used for several advanced applications such as optical communication, frequency metrology, and micromachining.
Despite increasing applications of HML MOs, understanding the light buildup dynamics of HML within these lasers is experimentally challenging. In a recent study published in Journal of Lightwave Technology, researchers from Hunan University, China have uncovered the buildup dynamics of HML in an all-fiberized erbium-doped MO. They successfully obtained HML pulse outputs of different orders. In these results, the signal-to-noise ratio of all harmonic pulse trains from the all-fiber MO exceeded 80 dB, demonstrating the high stability of the output. Moreover, they investigated the transient dynamics during the startup process of HML in the MO.
“The starting dynamics of HML in the MO, characterized by the time-stretch dispersive Fourier transform technique (TS-DFT) revealed that the generation of HML is not dominated by the splitting effect of the single pulse but the amplification of the multiple seeding pulses in the oscillator,” explains author Dr. Ning Li.
Using carefully designed experiments, the researchers identified five distinct ultrafast phases that occur between the injection of seed pulses into the laser cavity and the stable emission of HML pulses from the MO. These phases include relaxation oscillation, multi-pulses operation, pulse collapse reconstruction, unstable HML, and a stable HML state. Notably, the identified process of stable HML generation was different from the conventional pulse splitting effect thought to result in laser emission dynamics in MOs. The experimental findings were further supported using numerical simulations.
Using the TS-DFT technique, they monitored the spectra evolution within the MO cavity in real-time and performed a detailed analysis of the dynamic process during HML initiation. Observations revealed that the generation of HML in the MO was not dominated by the conventional single pulse splitting effect but rather by the amplification of multiple seeding pulses within the oscillator.
“Our experimental and simulation results showed that under these conditions, the initial seed pulses within the cavity evolve into stable independent pulses through processes such as gain amplification and energy redistribution, eventually leading to a stable HML state within the resonator,” observes Dr. Li. “Results from our study can deepen the understanding of HML operation in MOs, and may provide an active way to control the transient pulse dynamics in the high-performance ultrafast laser systems,” he adds.
Overall, this study has extended our understanding of light buildup dynamics in MOs, specifically for advanced lasers using HML. Furthermore, the study challenges the conventional understanding of the light buildup and emission process in MOs.
Besides clarifying the underlying physics, the insights offered by the study may lead to improved designs of MOs – advancing their use across several fields.
I guess it was on Lap 51 of the 1995 British GP at Silverstone that the penny finally began to drop. There’d been a false dawn five laps earlier, but now it looked like it really was going to happen.
Johnny Herbert – ‘The Imp’ as Perry McCarthy had christened him in F3 – was actually going to win a Grand Prix… and on his home ground to boot.
Winning at home is the greatest buzz. Just ask Lewis Hamilton, or Nigel Mansell.
