27 Jul 2020

NSA Urgently Warns on Industrial Cyberattacks, Triconex Critical Bug

The US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released a joint advisory that foreign adversaries could be actively targeting US critical infrastructure across the nation. The alert states that infrastructure such as power plants, factories, oil, and gas refineries could be among the

Read More
20 Mar 2020

Identifying Critical Infrastructure During COVID-19

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) published a detailed guide on how to identify critical infrastructure during the pandemic. The publication states that functioning critical infrastructure is paramount to effectively responding to the COVID-19 outbreak for health and safety reasons. The DHS states that specific

Read More
02 Dec 2019

Is Space Critical Infrastructure?

The establishment of the Space Information Sharing and Analysis Center (ISAC) was announced earlier this year with the mission to enhance the space community’s ability to prepare for and respond to cyber vulnerabilities, incidents, and threats. Although the Space ISAC won’t be fully up and running until early 2020, the industry group is already pursuing a hefty agenda item: lobby the federal government to designate commercial space systems as critical infrastructure (CI). While a partnership with federal agencies provides undeniable value, I do not believe the establishment of a new CI sector will result in the prioritized government action that industry is seeking.

Read More
25 Nov 2019

Critical Flaws in VNC Threaten Industrial Environments

Researchers with Kaspersky have uncovered a total of 37 security vulnerabilities, including several critical flaws, in Virtual Network Computing, a graphical desktop-sharing system that is frequently used in industrial environments. The issues impact up to 600,000 Internet-facing servers. Kaspersky warns that the use of VNC and other potentially vulnerable solutions

Read More
04 Nov 2019

Solar, Wind Power Utility Disrupted in Rare Cyberattack

In March of this year, Utah-based renewable energy provider sPower suffered a denial-of-service (DoS) attack resulting in multiple short periods of downtime at the firm’s main control center. According to Phil Neray of CyberX, the attack “disrupted the organization’s ability to monitor the current status of its power-generation systems,” an

Read More
31 Oct 2019

Indian nuclear power plant’s network was hacked, officials confirm

Threat actors have managed to infect the network of an Indian nuclear power plant with malware, the Nuclear Power Corporation of India Limited (NPCIL) has admitted, adding that India’s national computer emergency response team (CERT-In) discovered the issue last month. NPCIL stated that an investigation by India’s Department of Atomic

Read More
23 Oct 2019

Outdated OSs Still Present in Many Industrial Organizations: Report

Systems running outdated Windows versions are present on 62% of industrial networks, although that number is 71% if Windows 7 is taken into account, a new report by CyberX shows. Microsoft will stop supporting Windows 7 in January of next year. Suspicious activity was detected on 22% of networks. Examples

Read More
11 Oct 2019

ICS cybersecurity investment should be a priority in protecting operations from disruption

A new Tripwire study reveals that the overwhelming majority (93%) of ICS security professionals are worried about disruptive cyberattacks impacting business operations or resulting in downtime of customer-facing services. 77% of companies have invested in ICS cybersecurity in the last 2 years in order to mitigate these threats. However, about

Read More
10 Oct 2019

Many in Utilities Sector Expect Attacks on Critical Infrastructure: Survey

In the past 12 months, 56% of utility companies around the world suffered at least one cyberattack resulting in the loss of private data or downtime affecting their operational technology (OT) systems, a recent survey by Siemens and Ponemon Institute found. More than half are anticipating a cyberattack targeting critical

Read More
07 Oct 2019

Iran Caught Targeting US Presidential Campaign Accounts

Iranian hackers recently targeted a US presidential campaign as well as various government officials (including former officials) and journalists, an investigation by Microsoft found. Between August and September of this year, a total of 241 user accounts were attacked by the infamous Iranian state-backed hacking group known as APT 25,

Read More