ICEFALL: a set of OT vulnerabilities. Thermal camera vulnerabilities. Vulnerabilities in access control panels.

News Roundup

At a glance.

Ukrainian energy firm reports Russian cyberattack.
Iranian steel mill suspends production due to cyberattack.
ICEFALL: a set of OT vulnerabilities.
Thermal camera vulnerabilities.
Vulnerabilities in access control panels.
Smart factories are unprepared to defend against cyberattacks.
US TSA issues relaxed pipeline cybersecurity directives.
CISA hosts cybersecurity exercises.
US cybersecurity bill focuses on training.
Slovenia conducts cybersecurity exercises for nuclear facilities.

Cyberattack hits Ukrainian energy provider.

Last Friday, DTEK Group, Ukraine's largest private energy firm, an operator of power plants in various parts of Ukraine, said that it had been the victim of a cyberattack. The attack, in CNN's account, had complicated goals. It aimed to, as DTEK put it, “'destabilize the technological processes' of its distribution and generation firms, spread propaganda about the company’s operations, and 'to leave Ukrainian consumers without electricity.'” XakNet ("HackNet"), a hacktivist organization that's transparently a GRU front (whatever its denials on Telegram may say), claimed last week to have penetrated DTEK's networks and published some screenshots as coup-counting evidence of its success, but the actual consequences of the operation, if any, remain unclear.

Vosvete IT, relying in part on information from Slovakia's National Security Authority, makes two points that seem to position the incident in the larger context of both lawfare and kinetic combat. "These cyber attacks on the consortium occurred just days after Rinat Akhmetov, one of the richest men in Ukraine and a shareholder of DTEK, sued Russia at the European Court of Human Rights for causing billions in damages to his assets," and they also occurred at about the same time Russian forces shelled a DTEK power plant in Kryvyi Rih, a mining and industrial city in Dniepro region.

Iranian steel mill suspends production due to cyberattack.

A cyberattack hit one of Iran’s major steel companies last week, forcing it to halt production, SecurityWeek reports. The attack struck the state-owned Khuzestan Steel Co. and two other major steel producers. An anonymous hacking group, “Gonjeshke Darande” ("Predatory Sparrow," in the Jerusalem Post's translation), has claimed responsibility for the attack, saying that it was done to target the “aggression of the Islamic Republic.” The group shared alleged closed-circuit footage from the Khuzestan Steel Co. in which a piece of heavy machinery on a steel billet production line malfunctioned and caused a fire. The CEO of Khuzestan Steel, Amin Ebrahimi, claimed that the attack was thwarted, saying, “Fortunately with time and awareness, the attack was unsuccessful,” and noting that everything should return to normal by the end of Monday. Neither of the other steel producers targeted in the attack noted damage or production issues.

Predatory Sparrow has been heard from before, CyberScoop observes, notably in 2021's wiper attacks against Iran's rail system, and Check Point has obtained samples from the most recent incident that link it to the earlier attack. Relatively little is known about the group, beyond, that is, their self-presentation as hacktivist opposed to the Islamic Republic.

ICEFALL: a set of OT vulnerabilities.

Researchers at Forescout have disclosed a set of fifty-six vulnerabilities they’ve called “ICEFALL,” and that affect OT devices from ten vendors. “The vulnerabilities are divided into four main categories,” Forescout says, “insecure engineering protocols, weak cryptography or broken authentication schemes, insecure firmware updates and remote code execution via native functionality.” Several of the issues flagged in the report have been known within the community for some time.

It’s worth noting that some of the vulnerabilities collected under ICEFALL represent design choices that don’t lend themselves to simple, straightforward patching. Completely mitigating the ICEFALL vulnerabilities will require vendor-delivered system updates, not all of which are immediately available. In the meantime, network isolation (particularly isolation of OT and industrial control systems from business networks and the wider Internet), restricting network connections to specifically selected engineering workstations, and, of course "focusing on consequence reduction" are the sensible practices affected organizations should follow.

CISA, the US Cybersecurity and Infrastructure Security Agency noted the report on ICEFALL, and the agency has advised attention to both the report and the mitigation recommendations it contains. CISA also pointed out that five of its recent alerts address issues associated with ICEFALL: ICSA-22-172-02 (JTEKT TOYOPUC), ICSA-22-172-03 (Phoenix Contact Classic Line Controllers), ICSA-22-172-04 (Phoenix Contact ProConOS and MULTIPROG), ICSA-22-172-05 (Phoenix Contact Classic Line Industrial Controllers) and ICSA-22-172-06 (Siemens WinCC OA). Each of those advisories contains actionable mitigations, and users of these products should review CISA’s material and determine where the recommendations apply to their environment.

Ron Fabela, CTO & co-founder at SynSaber commented on ICEFALL:

"Harkening back to S4's Project Basecamp over a decade ago, Forescout's Vedere Labs lists in detail the continued challenge of 'insecure by design' in industrial control systems. Hardcoded passwords and lack of authentication may be known knowns within OT security circles but the OT ICEFALL report lists them out in black and white for all to see. Like Project Basecamp, OT ICEFALL focuses on the low hanging exploitation fruit of ICS, where exploitation isn't really necessary at all in most cases. Simply sending the correct command, knowing how to run strings against firmware, or often times just reading the manual will yield the necessary information for attacking these systems.

"But the community needs to ask the question: does generating CVEs for engineering decisions move the ball forward in securing ICS? While the work of researchers is beneficial from an awareness stance asset owners are left with more 'vulnerabilities' that are most likely un-patchable during their operational period. For a community already over taxed with compliance, breach reporting, and "threat actor of the month" FUD, the hope is that these vulnerability reports motivate real change: improved security from the product vendors and better procurement requirements in the future. Until then, we have to monitor and protect the critical systems in place now, CVEs or not."

Roger Hill, Senior Director of Product Security, Kudelski Security, offered the following thoughts:

“While there are nuances that impact the severity of the risks identified, this report highlights the continued need for the industry to focus on OT security. The report should also serve as great motivation for companies to implement OT network threat monitoring to detect malicious activity early. We believe manufacturers with known vulnerabilities will take action to mitigate risks, but we still recommend organizations have a professional risk assessment performed on ICS systems, develop a security roadmap and ensure funding to execute their plan.

"Efforts to harden ICS technologies should be a key priority for companies, as there are real risks with them given that many were invented before internet connectivity was envisioned. At a minimum, we recommend organizations segment OT networks from IT networks with Industrial DMZ firewalls. Further segmentation with automation firewalls should segment the process network from the controls network, as such controls deliver the ability to define least privilege policy at the device and protocol level.”

Thermal camera vulnerabilities.

Researchers at SEC Consult have discovered vulnerabilities in InfiRay thermal cameras that could allow hackers to interfere with industrial processes. Steffen Robertz from SEC Consult told SecurityWeek, “The camera is used in industrial environments to check/control temperatures. The test device was located in a factory, where it verified that metal pieces arriving on a conveyor belt were still hot enough for the next process step. An attacker would be able to report wrong temperatures and thus create inferior products or halt the production. The temperature output might also be fed in a control loop. By reporting a lower temperature, the temperature of, for example, a furnace might be increased automatically.”

The researchers noted, “The vendor was unresponsive during the disclosure process. Hence it is unclear whether patches are available. Customers are urged to approach their vendor contact and request security reviews and updates.”

Vulnerabilities in access control panels.

Trellix has identified critical vulnerabilities affecting HID Mercury access control panels sold by Carrier subsidiary LenelS2. The risk here is to plant physical security and access control, but note that access to production systems within a plant has been used before to introduce malware into control systems.

These control panels are widely used for physical security, and the researchers were able to exploit the flaws to remotely manipulate door locks. The most serious of the vulnerabilities can allow for unauthenticated remote code execution and received a CVSS score of 10. SecurityWeek points out that, “Most of these vulnerabilities can be exploited without authentication, but exploitation requires a direct connection to the targeted system.”

Trellix states, “Customers using HID Global Mercury boards should contact their Mercury OEM partner for access to security patches prior to weaponization by malicious threat actors, which could lead to both digital or physical breaches of sensitive information and protected locations.” The researchers note that Carrier was very helpful and cooperative in getting the vulnerabilities patched.

CISA issued an alert regarding the vulnerabilities, stating, “Carrier recommends updating these access panels to the most current released firmware via the LenelS2 Partner Center. Please contact a Carrier support channel partner for instructions. The controller can also be configured to disable web access, which prevents remote login into the controller’s webpage.”

Smart factories are unprepared to defend against cyberattacks.

A report from the Capgemini Research Institute found that only 6% of smart factory organizations have "established mature practices of cybersecurity":

"We found organizations in general to be inadequately prepared in terms of awareness, governance, protection, detection, and resilience. Our analysis indicates that governance is a particular area of concern, with this area demonstrating the lowest level of preparedness across multiple parameters. Response preparedness is also strikingly low: 54% of executives say they don’t have (or do not know whether they have) a team dedicated to preparing for and responding to cyberattacks at their organization’s smart factories."

US TSA issues relaxed pipeline cybersecurity directives.

After last year’s unprecedented Colonial Pipeline attack, the US Transportation Security Administration (TSA) responded by issuing a set of strict cyber security directives for pipelines and other surface transportation industries. The first-of-their-kind directives received pushback from companies and industry lobbyists who felt that the rules, written in the heat of the moment, were too extreme and could disrupt business operations. Now the TSA has released updated, less stringent directives that industry experts say could indicate how the administration plans to write permanent rules going forward.

One revised directive allows designated pipeline operators a full twenty-four hours to report an attack (twice the time allotted in the original rules). An update to a second directive is expected to be less stringent about required security measures like multi-factor authentication password-reset requirements, which work in traditional business settings but would prove nearly impossible for pipelines’ more complicated systems.

TSA says they consulted with industry and government partners in drafting the new rules, explaining, “The goal is to move to a “performance-based model that will enhance security and provide the flexibility needed to ensure cybersecurity advances with improvements in technology.” Suzanne Lemieux, director of operations security and emergency response policy at the American Petroleum Institute, told the Wall Street Journal, “We’re encouraged by the changes they’ve made. There were a lot of things that weren’t well thought out in the urgency of getting this out [last year].”

CISA's tabletop exercises are now being made available to qualified partners.

The Cybersecurity and Infrastructure Security Agency (CISA) hosted a workshop last month providing an overview of the CISA Tabletop Exercises Packages (CTEP), an unclassified, adaptable exercise resource focused on facilitating discussion around a scripted hazard or threat scenario. Robert Lauer, the workshop facilitator, explained that the CTEP is “designed to assist government and industry partners in developing your own tabletop exercises with pre-built templates.” There are over a hundred scenarios to choose from that encompass both cyber and physical security. Several of them involve both. The CTEP exercise materials include a situation manual, an exercise planner handbook, a facilitator and evaluator handbook, and various templates that can be used throughout the exercise. The ultimate goal of the resource is to “help facilitate understanding, identify strengths and areas for improvement, and/or changes in policies and procedures.”

GovTech reports that workshops on CTEP will be held monthly and hosted by CISA Exercises Infrastructure Security & Exercise Branch, with participation from private stakeholders and critical infrastructure owners and operators. There is no registration required for these workshops, which are open to the public. To use the CTEP exercises, however, you need a Critical Infrastructure community account on the Homeland Security Information Network (HSIN-CI), and you can learn how to create an account here.

For those interested in how to approach wargaming for cybersecurity, SearchSecurity offers some thoughts on how to plan and conduct an exercise.

US cybersecurity bill focuses on training.

The US House of Representatives passed the “Industrial Control Systems Cybersecurity Training Act,” a cybersecurity bill introduced in May aimed at strengthening US cybersecurity protections after a government-issued warning back in April about Russia-linked malware targeting industrial processes. SecurityWeek reports that the legislation would amend the Homeland Security Act of 2002 to allow the Cybersecurity and Infrastructure Security Agency (CISA) to create a free training program both for government agencies and the private sector; it would focus on cyber defense strategies for industrial control systems. Representative Eric Swalwell (Democrat, California 15th District), who introduced the bill, explained, “With the increased threat of Russian cyberattacks, we must be cognizant of cyberwarfare from state-sponsored actors. This bill would help train our information technology professionals in the federal government, national laboratories, and private sector to better defend against damaging foreign attacks.”

Slovenia conducts cybersecurity exercises for nuclear facilities.

The Slovenian Nuclear Safety Administration (SNSA) conducted a large-scale exercise focused on cybersecurity for nuclear facilities. According to the International Atomic Energy Agency (IAEA), “The scenario involved real operational technology systems with insider threats, external cyber-attacks, and physical intrusions to a hypothetical nuclear facility exhibiting the impacts of a computer security compromise of critical operational control systems leading to a nuclear security event.”

Elena Buglova, Director of the IAEA Division of Nuclear Security, stated, “Increasing awareness about the response capabilities needed to secure nuclear facilities from cyber-attacks is one of the objectives of such exercises. The identification of any existing vulnerabilities, the testing of internal procedures and the strengthening of collaboration among involved stakeholders are some of the practical benefits for the host countries. The interest for computer security exercises is growing and the IAEA stands ready to support countries’ requests in this area of nuclear security.”

Igor SIRC, Director of SNSA, added, “The organising team and the participants were extremely engaged. The well-tailored scenario offered all of them a first-hand experience on the interconnections between safety, security, and emergency preparedness functions during a highly sophisticated cyber security incident. Our national capabilities for response to emergencies, triggered by cyber security events at nuclear facilities, have been further strengthened after this exercise.”

Recent ICS security advisories.

The US Cybersecurity and Infrastructure Security Agency (CISA) on June 9th issued an industrial control system (ICS) advisory affecting Mitsubishi Electric Air Conditioning Systems.

POn the 14th of June CISA released three industrial control system (ICS) security advisories, for Johnson Controls Metasys ADS ADX OAS Servers, Meridian Cooperative Meridian, and Mitsubishi Electric MELSEC-Q/L and MELSEC iQ-R.

Other ICS issues were also addressed that day. SecurityWeek reports that Siemens and Schneider Electric between them patched eighty-three vulnerabilities in their products. Siemens addressed fifty-nine vulnerabilities in fourteen advisories, and Schneider Electric fixed twenty-four vulnerabilities, covered in eight advisories.

On June 21st CISA released six industrial control system (ICS) advisories, for OFFIS DCMTK ("mitigations for a path traversal, relative path traversal, NULL pointer reference vulnerability in DCMTK, an OFFIS product of libraries and software that process DICOM image files"), Yokogawa STARDOM ("mitigations for Cleartext Transmission of Sensitive Information, and Use of Hard-coded Credentials vulnerabilities in the Yokogawa STARDOM network control system"), Yokogawa CAMS for HIS ("mitigations for a Violation of Secure Design Principles vulnerability in the Yokogawa Consolidation Alarm Management Software for Human Interface Station"), Secheron SEPCOS Control and Protection Relay ("mitigations for Improper Enforcement of Behavioral Workflow, Lack of Administrator Control over Security, Improper Privilege Management, and Insufficiently Protected Credentials vulnerabilities in the Secheron SEPCOS Control and Protection Relay"), Pyramid Solutions EtherNet/IP Adapter Development Kit ("mitigations for an Out-of-bounds Write vulnerability in the Pyramid Solutions EtherNet/IP Adapter Development Kit"), and Elcomplus SmartICS ("mitigations for Improper Access Control, Relative Path Traversal, and Cross-site Scripting vulnerabilities in the Elcomplus SmartICS web-based HMI").

The agency also issued six industrial control system (ICS) security advisories, for Mitsubishi Electric MELSEC Q and L Series (with "mitigations for an Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC Q and L Series CPUs"), JTEKT TOYOPUC ("mitigations for a Missing Authentication for Critical Function vulnerability in the JTEKT TOYOPUC programmable logic controller"), Phoenix Contact Classic Line Controllers ("mitigations for an Insufficient Verification of Data Authenticity vulnerability in the Phoenix Contact Classic Line Controllers"), Phoenix Contact ProConOS and MULTIPROG (addressing "an Insufficient Verification of Data Authenticity vulnerability in the Phoenix Contact ProConOS and MULTIPROG software development kit"), Phoenix Contact Classic Line Industrial Controllers ("mitigations for a Missing Authentication for Critical Function Insufficient Verification of Data Authenticity vulnerability in the Phoenix Contact Classic Line Industrial Controllers), and, finally, Siemens WinCC OA (with "mitigations for a Use of Client-side Authentication vulnerability in the Siemens SIMATIC WinCC OA software management platform").

CISA released six ICS security advisories on June 28th, for:

ABB e-Design ("mitigations for an Incorrect Default Permissions vulnerability in ABB e-Design engineering software").
Omron SYSMAC CS/CJ/CP Series and NJ/NX Series ("mitigations for Cleartext Transmission of Sensitive Information, Insufficient Verification of Data Authenticity, and Plaintext Storage of a Password vulnerabilities in Omron SYSMAC CS/CJ/CP Series and NJ/NX Series programmable logic controllers").
Advantech iView ("mitigations for a SQL Injection, Missing Authentication for Critical Function, Relative Path Traversal, and Command Injection vulnerabilities in Advantech iView management software").
Motorola Solutions MOSCAD IP and ACE IP Gateways ("mitigations for a missing authentication for critical function vulnerability in the Motorola Solutions MOSCAD IP and ACE IP Gateways products").
Motorola Solutions MDLC ("mitigations for Use of a Broken or Risky Cryptographic Algorithm, and Plaintext Storage of a Password vulnerabilities in the Motorola Solutions MDLC protocol parser").
Motorola Solutions ACE1000 ("mitigations for Use of Hard-coded Cryptographic Key, Use of Hard-coded Credentials, and Insufficient Verification of Data Authenticity vulnerabilities in the Motorola Solutions ACE1000 remote terminal unit").

On June 30th, CISA released six more ICS advisories:

Exemys RME1 ("mitigations for an Improper Authentication vulnerability in the Exemys RME1 analog acquisition module").
Yokogawa Wide Area Communication Router ("mitigations for a Use of Insufficiently Random Values vulnerability in the Yokogawa Wide Area Communication Router").
Emerson DeltaV Distributed Control System ("mitigations for Missing Authentication for Critical Function, Use of Hard-coded Credentials, Insufficient Verification of Data Authenticity, and Use of a Broken or Risky Cryptographic Algorithm vulnerabilities in the Emerson DeltaV Distributed Control System software management platform").
Distributed Data Systems WebHMI ("mitigations for Cross-site Scripting, and OS Command Injection vulnerabilities in the Distributed Data Systems WebHMI SCADA system").
Mitsubishi Electric FA Engineering Software (Update A) ("[A] follow-up to the original advisory titled ICSA-21-350-05 Mitsubishi Electric FA Engineering Software that was published December 16, 2021, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Out-of-bounds Read, and Integer Underflow vulnerabilities in Mitsubishi Electric's FA Engineering Software products").
CODESYS Gateway Server (Update A) ("[A] follow-up to the original advisory titled ICSA-15-258-02 3S CODESYS Gateway Server Buffer overflow Vulnerability that was published September 15, 2015, on the ICS webpage at cisa.gov/ics. This advisory provides mitigation details for a Heap-based Buffer Overflow vulnerability in CODESYS Gateway Server products").

Dragos Setpoint

What’s New from OT-CERT

Dragos OT-CERT is designed to provide free resources to the OT community, including information and materials to help organizations prepare for cyber threats, build an OT cybersecurity program, improve their security posture, and drive down risks in their OT environment. ICS/OT environments and their cybersecurity risks are often not as well understood as IT environments, and many organizations don’t have the resources or expertise to address these unique risks. More information is available here.

Certification and Training

Free Guide | 5 Critical Controls for World-Class OT Cybersecurity | Dragos

How to Align Your Leadership and Implement a Successful Operational Technology (OT) Security Posture. As operational technology (OT) cybersecurity becomes a top priority from boardrooms to the manufacturing floor, CISOs and their teams must implement proven strategies to protect the business.

On the Podcast

ICS training and education is a maturing domain.

Tim Conway from SANS discusses his path to OT cybersecurity, workforce and cyber skills development for OT personnel, and new developments in cybersecurity education for industrial security. In the Learning Lab, Mark Urban is joined by Nick Shaw for part one of an intro to OT. Listen now.

The OT-CERT provides critical resources to the industrial community.

Dawn Cappelli joins us to discuss how the OT Cyber Emergency Readiness Team is planning to address cybersecurity resource gaps for industrial infrastructure. And in the Learning Lab, Nick Shaw joins us for part two of OT fundamentals, where he explains the Purdue reference model for industrial cybersecurity. Listen now.

Attacks, Threats, and Vulnerabilities

OT:ICEFALL: 56 Vulnerabilities Caused by Insecure-by-Design Practices in OT (Forescout) Forescout’s Vedere Labs has disclosed OT:ICEFALL, a set of 56 vulnerabilities affecting devices from 10 manufacturers caused by insecure-by-design practices in OT. Many of these products have been certified with OT security standards.

Dozens of vulnerabilities threaten major OT device makers (Cybersecurity Dive) Researchers from Forescout’s Vedere Labs found 56 vulnerabilities across big names like Honeywell and Motorola raising design-level security concerns.

Researchers disclose 56 vulnerabilities impacting thousands of OT devices (Help Net Security) Forescout's Vedere Labs disclosed OT:ICEFALL, 56 vulnerabilities affecting devices from 10 operational technology (OT) vendors.

From Basecamp to Icefall: Secure by Design OT Makes Little Headway (SecurityWeek) Forescout has identified a set of 56 vulnerabilities affecting devices from 10 major operational technology (OT) vendors that are collectively calling OT:ICEFALL.

15 vulnerabilities discovered in Siemens industrial control management system (The Record by Recorded Future) Fifteen vulnerabilities affecting a Siemens' industrial control management system were unveiled this week.

Nearly 90% utility firms hit by cyber attacks - Business Insurance (Business Insurance) A survey by Japan-based cybersecurity firm Trend Micro Inc. found that 89% of electricity, oil and gas, and manufacturing companies suffered cyber attacks that affected production and energy supply in the past 12 months, IT Brief reported. The average financial damage to the companies.

InfiRay Thermal Camera Flaws Can Allow Hackers to Tamper With Industrial Processes (SecurityWeek) Vulnerabilities in InfiRay thermal cameras can be exploited by hackers to tamper with industrial processes, including to disrupt production or create lower quality products.

Request for Final Action--Audit 2022-17340--Non-Power Dam Control Cybersecurity (Tennessee Valley Authority Office of the Inspector General) As part of our annual audit plan, we performed an audit of Tennessee Valley Authority's (TVA) non-power dam cybersecurity

Cyber attacks on industrial assets cost firms millions (SecurityBrief Asia) Some 89% of electricity, oil & gas, and manufacturing firms have experienced cyber attacks impacting production and energy supply over the past year.

Agrifood cyberattack threats on the rise (WattAgNet) Ever since JBS USA experienced a cyberattack in May 2021, the threat of such attacks against the agrifood sector has only increased.

8 zero-day vulnerabilities discovered in popular industrial control system from Carrier (The Record by Recorded Future) Eight zero-day vulnerabilities affecting a popular industrial control provided by Carrier have been identified and patched.

Industroyer: A cyber‑weapon that brought down a power grid | WeLiveSecurity (WeLiveSecurity) It's been five years since ESET researchers released their analysis of the first ever malware that was designed specifically to attack power grids.

OT Cybersecurity Readiness is Dangerously Behind (Industry Week) Manufacturers continue to leave themselves vulnerable to criminal attacks with their operational technology systems.

POLITICO Pro: Why the water sector is America's overlooked cyber risk (Politico) Underfunded and overextended, many water utilities are in no shape to fight hackers.

11 critical security flaws identified in CoDeSys Automation Software (teiss) Chinese cybersecurity firm NSFOCUS has discovered 11 critical security flaws in the CoDeSys Automation Software, used by automation specialists as a development environment for programmable logic controller applications (PLCs).

Latest Cyberattack Against Iran Part of Ongoing Campaign (Threatpost) Iran's steel manufacturing industry is victim to ongoing cyberattacks that previously impacted the country's rail system.

Business and Market Trends

Siemens to buy U.S. software company Brightly in $1.58 bln deal (Reuters) Siemens is buying U.S. tech company Brightly Software from private equity owner Clearlake Capital for $1.58 billion, the German engineering group said on Monday, its latest move to broaden its software credentials and grow faster than rivals.

‘Safeguarding civilisation’: Protecting critical infrastructure against cyberattacks (Intelligent CIO Middle East) Research from Dragos has highlighted that the industrial sector attracted increased unwanted attention from adversaries last year. With attackers continuing to up the ante and the consequences of an attack proving potentially devastating, defenders must review and prioritise their OT security strategies. Seth Enoka, Principal Industrial Incident Responder, Dragos, talks us through the research and […]

OT Security: Has the Industry Made Progress? (Bank Info Security) OT security has been at the center of the security conversation ever since the Colonial Pipeline attacks. Scott Flower, the founder of Pareto Cyber and a former

Technologies, Techniques, and Standards

What to do about inherent security flaws in ICS? (Register) Industrial systems' security got 99 problems and CVEs are one. Or more

Anglo American cyber lead calls for continuity strategies in industrial control space (Cyber Security Hub) Critical national infrastructure continues to be a high-value target for cyber criminals making business continuity plans vital

Traditional IT vs. critical infrastructure cyber-risk assessments (SearchSecurity) Critical infrastructure cyber-risk assessments are more complex than traditional IT cyber-risk assessments. Learn how that's the case and why it matters.

Adapting industrial control system (ICS) security to the new normal (VentureBeat) Malware and ransomware attacks are the new normal -- ICS security needs to adapt to prevent the kinds of attacks seen in 2021.

Hardening the cybersecurity of today’s utilities (Smart Industry) It’s no secret that critical infrastructure systems are at increased risk for cybersecurity attacks. At the federal level, President Biden has made it a priority for his administration and the Cybersecurity & Infrastructure Security Agency has issued repeat warnings that “every organization in the United States is at risk from cyber-threats that can disrupt essential services and potentially result in impacts to public safety.”

Cyber Yankee: The Marine Corps Is Laser Focused On Cyberwar (The National Interest) The Marine Corps’ Cyber Yankee exercises are meant to simulate a cyber attack on the nation’s critical infrastructure.

Design and Innovation

Deloitte Opens New US Smart Factory in Wichita, Kansas, Convenes Ecosystem of Innovators to Make Industry 4.0 a Reality (AiThority) Deloitte announced the grand opening of The Smart Factory @ Wichita. This new experience center marries an ecosystem of world-leading.

Policy, Legislation, and Regulation

Cyberspace Solarium congressman, water officials decry EPA inaction on cybersecurity (CyberScoop) There are about 52,000 drinking water systems in the U.S. and that fragmentation makes the sector harder to defend, experts say.