A look at a Whole-of-State cybersecurity strategy.

Microsoft on the state of OT security. Israeli and Palestinian hacktivists target ICS. Coinmining as an (alleged, potential) front for espionage or stage for sabotage. EPA withdraws water system cybersecurity memorandum. Colonial Pipeline says new ransomware claims are due to unrelated third-party breach. Most organizations are struggling with IoT security. CISA views China as the top threat to US critical infrastructure. Improving security for open-source ICS software. CISA ICS advisories. Guest Kuldip Mohanty, CIO of North Dakota, joins us from the CyberCon 2023 event in Bismarck, North Dakota. Kuldip shares how critical infrastructure is treated within the "Whole-of-State” cybersecurity strategy his team implements in North Dakota. On the Learning Lab, Mark Urban shares the first part of his conversation about cyber threat intelligence with Paul Lukoskie, who is Dragos’ Director of Intelligence Services.

Control Loop News Brief.

Microsoft on the state of OT security.

Microsoft Digital Defense Report 2023 (Microsoft)

Microsoft Digital Defense Report: Behind the Scenes Creating OT Vulnerabilities (aDolus)

Zero-days affect industrial routers.

10 zero-day vulnerabilities in industrial cell router could lead to code execution, buffer overflows (Cisco Talos)

Israeli and Palestinian hacktivists target ICS.

Hacktivists in Palestine and Israel after SCADA and other industrial control systems (Cybernews)

Coinmining as an (alleged, potential) front for espionage or stage for sabotage.

Across U.S., Chinese Bitcoin Mines Draw National Security Scrutiny (The New York Times)

EPA withdraws water system cybersecurity memorandum.

EPA withdraws cyber audit requirement for water systems (Nextgov)

Colonial Pipeline says new ransomware claims are due to unrelated third-party breach.

Reports of second cyberattack on Colonial Pipeline false, company says (Fox 5 Atlanta)

Colonial Pipeline attributes ransomware claims to ‘unrelated’ third-party data breach (The Record)

Most organizations are struggling with IoT security.

New Global Survey Reveals 97% of Organizations Face Challenges Securing IoT and Connected Devices (Keyfactor)

Ransomware attack on Clorox.

Clorox Security Breach Linked to Group Behind Casino Hacks (Bloomberg)

Clorox Warns of a Sales Mess After Cyberattack (The Wall Street Journal)

CISA views China as the top threat to US critical infrastructure.

China is top cyber threat to US utilities, other critical infrastructure: CISA (Utility Dive)

Improving security for open-source ICS software.

Improving Security of Open Source Software in Operational Technology and Industrial Control Systems (CISA)

CISA’s ICS advisories.

Mitsubishi Electric MELSEC-Q Series PLCs (Update A) (CISA)

CISA Releases Nineteen Industrial Control Systems Advisories (CISA)

Control Loop Interview.

Guest is Kuldip Mohanty, CIO of North Dakota, discussing how critical infrastructure is treated within the “whole of state” security strategy used in North Dakota.

Control Loop Learning Lab.

On the Learning Lab, Mark Urban is joined by Dragos’ Director of Intelligence Services, Paul Lukoskie, to examine cyber threat intelligence. 

Control Loop OT Cybersecurity Briefing.

A companion monthly newsletter is available through free subscription and on the CyberWire's website.