Control Loop: The OT Cybersecurity Podcast

National Cybersecurity Strategy released.

The White House has released its National Cybersecurity Strategy. MKS Instruments discloses a ransomware incident that spread to some of its vendors. Ransomware hits the Dole Food Company. CISA runs a red team assessment against a critical infrastructure organization. And LockBit has claimed responsibility for an attack on a water utility in Portugal. The CyberWire's Tré Hester shares the news this week. Guest Tom Winston, Dragos’ Director of Intelligence Content, recently spoke with Dave Bittner about Dragos’ recently released 2022 Year in Review report. In the Learning Lab, Dragos’ VP Product & Industry Market Strategy Mark Urban completes his two-part discussion about the importance of incident response planning with Vern McCandlish, who is a Principal Industrial Incident Responder at Dragos.

Transcript

Adding some color to incident response.

Dragos has released its ICS/OT Cybersecurity Year in Review for 2022, finding a rise in ransomware attacks targeting industrial organizations. Forescout discloses two vulnerabilities affecting the Unity line of Schneider Electric’s Modicon programmable logic controllers. Dozens of vulnerabilities in industrial internet-of-things (IIoT) devices. Tim Starks from the Washington Post's Cybersecurity 202. discusses the upcoming White House National Cyber Strategy and its possible effects on critical infrastructure. In the Learning Lab, Dragos’ VP Product & Industry Market Strategy Mark Urban begins his two-part discussion about the importance of incident response planning with Vern McCandlish, who is a Principal Industrial Incident Responder at Dragos.

Transcript

Gleaning OT insight from the ISACs.

Multiple strains of Russian wiper malware are targeting entities in Ukraine. A high-severity command injection vulnerability affects Cisco devices. The IoT supply chain is threatened by exploitation of Realtek Jungle SDK vulnerability. And US Congressman Andrew Garbarino will serve as the new Chairman of the Subcommittee on Cybersecurity and Infrastructure Protection. In Part 2 of 2 in our interview segment from Dragos’ Ask the ISACs discussion led by Dawn Cappelli, Dragos’ Head of OT-CERT, panelists Tim Chase from the MFG-ISAC, Eugene Kipniss from MS-ISAC, Jennifer Lyn Walker from Water ISAC, and Matt Duncan from E-ISAC return. In the Learning Lab, Dragos’ VP Product & Industry Market Strategy Mark Urban concludes his discussion with Lesley Carhart, Dragos’ Director of Incident Response for North America, about creating an ICS/OT specific incident response plan.

Transcript

ICS/OT incident response plans: Don't get caught unprepared.

The NOTAM outage was reportedly caused by a corrupted file. The World Economic forum sees geopolitical instability as a source of cyber risk. The Copper Mountain Mining Corporation is working to recover its IT systems following a ransomware attack. DNV's fleet management software sustains a ransomware attack. Ukrainian hacktivists conducted DDoS attacks against Iranian sites. And a cyberattack against a Nunavut power utility.Our interview segment is part one of two from Dragos’ Ask the ISACs discussion led by Dawn Cappelli, Dragos’ Head of OT-CERT, with panelists Tim Chase from the MFG-ISAC, Eugene Kipniss from MS-ISAC, Jennifer Lyn Walker from Water ISAC, and Matt Duncan from E-ISAC. On part 1 of 2 in the Learning Lab, Dragos’ VP Product & Industry Market Strategy Mark Urban speaks with Lesley Carhart, Dragos’ Director of Incident Response for North America, about creating an ICS/OT specific incident response plan.

Transcript

Shifting into the OT space.

A Canadian mining company shuts down its mill following a ransomware attack. The Port of Lisbon has sustained a cyberattack, with the LockBit ransomware gang claiming credit. Rail company Wabtec begins notifying victims of data breach following a ransomware attack. New York’s governor signs legislation seeking to secure power grids. And an upcoming NATO study will analyze hybrid warfare. Guest Kaleb Flem, Senior Cyber Threat Intel Analyst at Southern California Edison, returns for the second part of his interview to discuss the transition from the military and Intelligence Community to the OT space. The Learning Lab segment will return in our next episode.

Transcript