March 18, 2024 at 11:03AM The UK’s National Cyber Security Centre (NCSC) has released guidance for organizations using operational technology (OT) to assess the potential migration of their supervisory control and data acquisition (SCADA) systems to the cloud. The guidance highlights the need for a risk-based decision, considering unique technical requirements and the increased cybersecurity … Read more
March 13, 2024 at 12:45PM Stephen Ford has joined Rockwell Automation as VP and Chief Information Security Officer. With prior experience at McKesson Corporation, HP, and academic institutions, Ford holds a bachelor’s degree in computer science, an MBA from Prairie View A&M University, and a master’s degree from Harvard University. He will report to Chris … Read more
March 4, 2024 at 08:48AM Increased digital technologies and connectivity in industrial operations raise cybersecurity risks for Operational Technology (OT). Compliance with NIST, NIS2, ISA, and IEC standards is crucial for mitigating OT cybersecurity threats. Join SecurityWeek and Honeywell for a live webinar on March 5th at 11AM ET to gain insights from industry experts … Read more
February 7, 2024 at 03:11PM The Chinese cyber-espionage group Volt Typhoon infiltrated U.S. critical infrastructure networks, remaining undetected for at least five years. They utilize living off the land techniques, stolen accounts, and strong operational security to maintain long-term access. U.S. authorities warn of potential disruption to critical infrastructure, with mitigation advice provided alongside the … Read more
December 19, 2023 at 06:57PM Salvador Technologies, a cyber-attack recovery platform provider, has secured $6m in funding, led by Pico Venture Partners. Founded in 2020, the company offers security failover technology for critical infrastructures, allowing recovery within 30 seconds from cyber-attacks. Their customer base includes multinational corporations and critical infrastructure organizations in various industries and … Read more
December 8, 2023 at 04:49AM US infrastructure may be compromised by Iran-linked attackers targeting PLCs, warns a coalition of US and Israeli agencies. The CyberAv3ngers group, believed to be connected to Iran’s IRGC, attacked a Pennsylvania water authority and may have accessed multiple facilities since November 22, exploiting poorly secured internet-connected devices. Meeting Takeaways: 1. … Read more
December 7, 2023 at 02:05PM Over 75% of industrial firms experienced ransomware attacks last year, with 54% impacting operational technology. Attacks increased due to the industrial sector’s vulnerability and tendency to pay ransoms. Despite increased IT and OT security incidents, industrial sectors remain primary targets, with geopolitical tensions exacerbating threats. Victims often pay ransoms, urging … Read more
December 7, 2023 at 09:52AM Dragos broadens its Community Defense Program to aid underfunded small utilities in protecting their critical infrastructure from advanced cyber threats by offering free access to its cybersecurity tools, training, and the OT-CERT network for entities with annual revenues under $100M. **Meeting Takeaways:** 1. **Expansion of Dragos Community Defense Program:** Dragos … Read more
December 6, 2023 at 10:01AM CISA aims to secure the US’s cyber and physical infrastructure but grapples with precedents for effective strategies. While not setting organizational policies, questions arise about the measurability and impact of its risk reduction efforts and Cyber Performance Goals (CPGs). Critical infrastructure cybersecurity is complex, with proprietary operational technology (OT) posing … Read more
December 4, 2023 at 06:36PM Iran-linked cyber group CyberAv3ngers, tied to the IRGC, exploited default passwords to attack US water systems using Israeli PLCs, as warned by multiple US agencies. No operational impact on water safety was reported. Agencies advise against exposing PLCs online and using default passwords. Meeting Takeaways: 1. Iranian cybercriminals, associated with … Read more