Collaborate Disseminate
Amid concerns of growing cybersecurity risks, the federal office in charge of hydroelectric dam security only has four employees.
The post Congress sounds alarm on lax dam cybersecurity appeared first on CyberScoop.
Continue reading Congress sounds alarm on lax dam cybersecurity
The hacking group SiegedSed released personal data on thousands of employees at the Idaho National Laboratory, the nuclear research lab.
The post Detailed data on employees of U.S. national security lab leak online appeared first on CyberScoop.
Continue reading Detailed data on employees of U.S. national security lab leak online
A major supplier of U.S. electrical equipment has joined a Department of Energy-funded research program to defend industrial infrastructure from hacking, the Biden administration announced Thursday. As part of the program, Schweitzer Engineering Laboratories, which makes gear that helps power the grid, will submit products for testing to the Idaho National Laboratories (INL). The Department of Energy-backed INL hosts some of the U.S. government’s most talented penetration testers of industrial equipment. The program is “especially [important] now with nation-states paying particular interest to the electric sector,” David Whitehead, Schweitzer’s chief executive, said in an interview. The vulnerability-testing initiative is known as the Cyber Testing for Resilient Industrial Control System (CyTRICS) program, and has been in the works for at least two years. But it has taken on greater importance amid reports of a growing number of foreign hacking groups probing industrial control systems, the hardware and software that underpin energy systems. […]
The post Electric equipment giant Schweitzer joins US testing program to defend grid from hacking threats appeared first on CyberScoop.
The market for previously unknown, or zero-day, software exploits has come out of the shadows in recent years as exploit brokers openly advertise million-dollar payouts. But while zero-day brokers like Zerodium and Crowdfense sometimes outline the types of exploits they buy — whether for mobile or desktop devices — much less has been said about the market for exploits that affect industrial control systems (ICS), which support critical infrastructure sectors like energy and transportation. Sarah Freeman, an analyst at the Department of Energy’s Idaho National Laboratory, is trying to help fill that void in data and, in the process, show how the ICS exploit market can be a bellwether for threats. Freeman’s hypothesis was that “if you track these bounties, you can use them as precursors or tripwires for future adversary activity.” She argues that current tallies of zero-day exploits with ICS implications are undercounted. In the first quarter of 2019, […]
The post Idaho National Lab researcher shines a light on the market for ICS zero-days appeared first on CyberScoop.
Continue reading Idaho National Lab researcher shines a light on the market for ICS zero-days
The U.S. Navy issued an internal warning in 2017 about vulnerabilities in systems made by Chinese-based drone company DJI that could allow adversaries to siphon data from devices, according to a document obtained through the Freedom of Information Act. “Overall, the system should be considered highly vulnerable in the cyber security realm and employed accordingly,” the document, obtained by the George Washington University’s National Security Archive and shared with CyberScoop, reads. In the warning, the Navy pointed out issues with the way a DJI drone communicates and sends data to a ground station. “While encrypted, open source research indicates numerous techniques available to passively view the video and metadata from the air vehicle as well as assume control over the air vehicle by adversaries,” the warning, dated May 2017, reads. The document has been made public as technology made by Chinese-based companies, which powers much of the internet’s underlying infrastructure, […]
The post Navy letter shows military worried about unknown vulnerabilities in DJI drones appeared first on CyberScoop.
Continue reading Navy letter shows military worried about unknown vulnerabilities in DJI drones
The last few years have been an awakening for Election Systems & Software. Before 2016, very few people were publicly pressing the company to change the way it handled its cybersecurity practices. Now, the nation’s leading manufacturer of election technology has become a lightning rod for critics. Security experts say the small number of companies that dominate the nation’s election technology market, including ES&S, have failed to acknowledge and remedy vulnerabilities that lie in systems used to hold elections across the country. Once left to obscurity, the entire ecosystem has been called into question since the Russian government was found to have interfered with the 2016 presidential campaign. While there has never been any evidence to suggest that any voting machines were compromised, the Department of Homeland Security and FBI recently issued a memo that all 50 states were at least targeted by Russian intelligence. The peak of the criticism came after the Voting Village exhibition […]
The post Election tech vendors say they’re securing their systems. Does anyone believe them? appeared first on CyberScoop.
Continue reading Election tech vendors say they’re securing their systems. Does anyone believe them?
Charging stations for electric cars have sprung up across the country in recent years as hybrid vehicles continue to gain popularity. As those stations carry more wattage, their potential effect on local power flows has grown. The trend caught the eye of researchers at a top government cybersecurity lab, who have embarked on a multiyear project to learn how hacking a charging station might disrupt the quality and flow of power through a local grid. Kenneth Rohde, a cybersecurity researcher at the Idaho National Laboratory, explained the project to a room of engineers and hard-hat hackers at the S4 Conference last month in Miami. In a video, Rohde approached a charging station and ran an attack on the human machine interface (HMI), which affects the charging process by communicating with a control system. “Now you’ll see this power meter is jumping all over the place,” Rohde said. He executed […]
The post Power struggle: Government-funded researchers investigate vulnerabilities in EV charging stations appeared first on CyberScoop.