Announcement.
Control Loop is going on a temporary hiatus. Thank you for being a loyal reader. N2K CyberWire will be back soon with more ICS/OT news and analysis that you rely on. Please stay tuned for more updates.
At a glance.
- UK will propose law to ban ransom payments for critical infrastructure entities.
- EPA outlines enforcement measures to protect water utilities against cyberattacks.
- Rockwell advises customers to disconnect ICS devices from the internet.
- Senator Vance asks CISA for information on Volt Typhoon.
UK will propose law to ban ransom payments for critical infrastructure entities.
The United Kingdom will propose a law that would ban critical infrastructure entities from making ransomware payments, the Record reports. The UK hopes this will remove incentives for ransomware gangs to target these entities. The law would also require all ransomware victims to report attacks, and non-critical infrastructure entities will need to obtain licenses before paying a ransom.
The proposed legislation is still in very early stages and likely won't move forward until after the next general election later this year. The Record notes, however, that "[e]ven if the proposals are not immediately implemented, they mark a dramatic development in how governments around the world are responding to the ransomware crisis."
EPA outlines enforcement measures to protect water utilities against cyberattacks.
The US Environmental Protection Agency (EPA) has outlined enforcement measures to help water utilities defend against cyberattacks. The EPA says it’s issuing the alert “because threats to, and attacks on, the nation’s water system have increased in frequency and severity to a point where additional action is critical.” The agency added, “Recent EPA inspections have revealed that the majority of water systems inspected – over 70 percent – do not fully comply with requirements in the Safe Drinking Water Act and that some of those systems have critical cybersecurity vulnerabilities, such as default passwords that have not been updated and single logins that can easily be compromised.”
Rockwell advises customers to disconnect ICS devices from the internet.
Rockwell Automation has issued an advisory urging customers to ensure that ICS devices that aren’t specifically designed for internet connectivity are disconnected from the web. The company stated, “Due to heightened geopolitical tensions and adversarial cyber activity globally, Rockwell Automation is issuing this notice urging all customers to take IMMEDIATE action to assess whether they have devices facing the public internet and, if so, urgently remove that connectivity for devices not specifically designed for public internet connectivity.” Rockwell adds, “Removing that connectivity as a proactive step reduces attack surface and can immediately reduce exposure to unauthorized and malicious cyber activity from external threat actors.”
Senator Vance asks CISA for information on Volt Typhoon.
US Senator J.D. Vance (Republican from Ohio) wrote a letter to CISA Director Jen Easterly requesting information on CISA’s understanding of and response to the Chinese threat actor Volt Typhoon’s targeting of US critical infrastructure entities. Vance inquired about how Volt Typhoon gained access to the infrastructure entities, how many entities were affected, and if additional infrastructure sectors were targeted beyond those disclosed by CISA. Vance also asked which Information Sharing and Analysis Centers (ISACs) are aware of Volt Typhoon’s activities and how many Volt Typhoon-related calls were received by CISA’s 24/7 Operations Center since the beginning of 2023.