Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

ICS

Chinese Hacking Group Targets US Critical Infrastructure

Earlier this month, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint warning that the hacking group known as “Volt Typhoon” has been lurking in US critical infrastructure systems for at least five years.

Strengthening small utilities: The power of public-private partnership

In the wake of recent cyber attacks against US water utilities, the vulnerability of local entities dependent on operational technology (OT) has been starkly highlighted. This danger was further emphasized last week when Congress held a hearing titled Securing Operational Technology: A Deep Dive into the Water Sector. Witnesses at the hearing painted a stark picture of the significant cybersecurity risks facing small utility companies today.

Bolstering Cyber Resilience in the US Water Sector: A Call to Action

Tomorrow, February 6, 2024, the House Homeland Security Committee will hold a hearing on securing US water systems from cyberattacks. Following last year’s widely publicized attack on the municipal water system in Aliquippa, Pennsylvania, Congress, the Cybersecurity and Infrastructure Security Agency (CISA), and industry leaders have rightly increased their focus on the unique risks facing water systems across the country.

Cybersecurity for Industrial Control Systems: Best practices

Network segmentation, software patching, and continual threats monitoring are key cybersecurity best practices for Industrial Control Systems (ICS). Although ICSs significantly improve health and safety by automating dangerous tasks, facilitating remote monitoring and control, and activating safety protocols in the case of emergency, they’re increasingly exposed to cybersecurity threats.

WaterISAC: 15 Security Fundamentals You Need to Know

2023 saw two concerning attacks on public water systems, highlighting the fragility and risk to utility systems. In Pennsylvania, malicious hackers breached the Municipal Water Authority of Aliquippa system the night after Thanksgiving. The criminals were making a political statement: the technology used to manage water pressure was developed by Israel, and the criminals used this opportunity to choose a side in the ongoing conflict.

US Agencies Issue Cybersecurity Guide in Response to Cybercriminals Targeting Water Systems

US federal agencies have teamed up to release a cybersecurity best practice guidance for the water and wastewater sector (WWS). The Cybersecurity and Infrastructure Security Agency (CISA), United States Environmental Protection Agency (EPA), and Federal Bureau of Investigation (FBI) have published the guide in an attempt to promote cybersecurity resilience and improve incident response in the WWS sector.

Industrial Control Systems Security: ISA 62443-2-1:2009

The ISA-62443 series of standards, developed by the International Society of Automation (ISA), is a comprehensive set of guidelines for ensuring the security of Industrial Automation and Control Systems (IACS). ISA 62443-2-1:2009 is one specific standard within this series that focuses on establishing an industrial automation and control systems security system.

Industrial Control Systems are Exposed: Breaking Down the Risks

The world had a security wake-up call recently. Organizations were alerted to nearly 100,000 exposed industrial control systems (ICS), potentially allowing an attacker to access and control physical infrastructure such as power grids, traffic light systems, security and water systems, and more. That’s not only a stark statistic but a critical call-to-action for organizations around the world.

Top 7 Technical Resource Providers for ICS Security Professionals

Attacks against industrial control systems (ICS) are on the rise. Cyberattacks are more prevalent, creative and faster than ever. So, understanding attackers’ tactics is crucial. The IBM Security X-Force Threat Intelligence Index 2023 highlights that backdoor deployments enabling remote access to ICS systems were the most common type of attacker action in 2022.

What is NERC? Everything you need to know

Electric grids are part of every nation’s critical infrastructure. Every societal activity and business depends on reliable and safe electricity distribution. The US electric grid is a huge network of powerlines, distribution hubs, and renewable and non-renewable energy generators that is increasingly exposed to cyber-physical risks due to the accelerated reliance on cyber-enabled systems and IoT-connected devices, such as smart meters.