Where Everything Old is New Again: Operational Technology and Ghost of Malware Past

This post was written with contributions from IBM Security’s Sameer Koranne and Elias Andre Carabaguiaz Gonzalez. Operational technology (OT) — the networks that control industrial control system processes — face a more complex challenge than their IT counterparts when it comes to updating operating systems and software to avoid known vulnerabilities. In some cases, implementation […]

The post Where Everything Old is New Again: Operational Technology and Ghost of Malware Past appeared first on Security Intelligence.

Continue reading Where Everything Old is New Again: Operational Technology and Ghost of Malware Past

DOJ unseals charges against Russians in attempted hacks of infrastructure, including Trisis case

One indictment alleges hacking attempts on industrial control systems, and the other involves a separate spree from 2012-17.

The post DOJ unseals charges against Russians in attempted hacks of infrastructure, including Trisis case appeared first on CyberScoop.

Continue reading DOJ unseals charges against Russians in attempted hacks of infrastructure, including Trisis case

New security threats target industrial control and OT environments

A new Dragos report highlights recent threats targeting industrial control systems and operational technology environments and identifies strategies to address them.

The post New security threats target industrial control and OT environments appeared first on CyberScoop.

Continue reading New security threats target industrial control and OT environments

New security threats target industrial control and OT environments

A new Dragos report highlights recent threats targeting industrial control systems and operational technology environments and identifies strategies to address them.

The post New security threats target industrial control and OT environments appeared first on CyberScoop.

Continue reading New security threats target industrial control and OT environments

The Cyberspace Solarium Commission pushed some major policies into law. So what now?

A little more than a year removed from its role in advancing some of the most significant cybersecurity legislation ever enacted, the Cyberspace Solarium Commission is transforming into version 2.0 of itself. With some of its key recommendations now law — such as the creation of the Office of the National Cyber Director in the White House — the remnant of the congressionally created panel is turning its attention to tracking how those ideas are implemented, while studying some of the issues it didn’t get to fully examine before releasing its final report. Those areas of study include protecting the water, maritime transport and health care sectors, as well as strengthening the federal and private sector workforce and ensuring plans to avert disruptions to the economy caused by cyberattacks. Now housed within the Foundation for Defense of Democracies (FDD) think tank, the commission’s 2.0 work should take another two years, […]

The post The Cyberspace Solarium Commission pushed some major policies into law. So what now? appeared first on CyberScoop.

Continue reading The Cyberspace Solarium Commission pushed some major policies into law. So what now?

New research analyzes industrial cybersecurity maturity

As the frequency and severity of cyberattacks on industrial organizations increase, defenders struggle to keep ahead of threats. Security leaders know that a unified IT and operational technology (OT) approach is key to protecting the safety and availability of operations but are faced with cultural and technical differences between IT best practices and OT. A new report, “The 2021 State of Industrial Cybersecurity,” produced by the Ponemon Institute — sponsored by Dragos — reveals key challenges industrial organizations face today and provides actionable solutions on how they can mature their cybersecurity strategies. The report covers: Cybersecurity maturity level for industrial control systems (ICS) and OT How organizations secure their ICS/OT OT cybersecurity investment, priorities and accountability The cause and consequences of an ICS/OT ransomware and cybersecurity incident Learn more on building a unified strategy that secures both IT and OT environments.  This article was produced by CyberScoop for, and sponsored by, […]

The post New research analyzes industrial cybersecurity maturity appeared first on CyberScoop.

Continue reading New research analyzes industrial cybersecurity maturity

Log4Shell Vulnerability Risks for OT Environments — and How You Can Better Protect Against Them

You’d have to look far and wide to find an IT professional who isn’t aware of (and probably responding to) the Log4Shell vulnerability. The Operational Technology (OT) sector is no exception, yet the exact exposure the vulnerability poses to OT technology is yet to be fully uncovered.  The vulnerability was first made public earlier this […]

The post Log4Shell Vulnerability Risks for OT Environments — and How You Can Better Protect Against Them appeared first on Security Intelligence.

Continue reading Log4Shell Vulnerability Risks for OT Environments — and How You Can Better Protect Against Them

Using evolutionary game theory to mitigate ransomware risks

Ransomware attacks on enterprise IT systems — especially those that are integrated with operational technology (OT) — can cause major disruptions for critical industry sectors, cautions a new cybersecurity whitepaper. Not only does ransomware create unusable file systems, but these attacks disrupt production and distribution of goods, and services and end up costing industries millions of dollars in total losses. The whitepaper, produced by Dragos, describes how IT security leaders can apply evolutionary game theory (EGT) to the complex series of events that lead to a ransomware attack. The paper proposes a mathematical approach to predict behaviors and understand how relationships between a system’s parts give rise to its collective behaviors. “Ransomware has become the primary attack vector for many industrial organizations during 2021,” shares the white paper, and “incidents like Colonial Pipeline, Honeywell and JB Foods showed the world that even when industrial control systems, which are integrated with […]

The post Using evolutionary game theory to mitigate ransomware risks appeared first on CyberScoop.

Continue reading Using evolutionary game theory to mitigate ransomware risks

IoT Security: Protecting Food and Agriculture Organizations

Ransomware actors are targeting food and agriculture organizations, potentially disrupting business. Luckily, there are already formal structures in place to boost the IoT security defenses they need. Knowing them keeps the lifeblood of industrial farms and food delivery going. Businesses in the sector could “suffer significant financial loss,” the FBI said. That loss is “resulting […]

The post IoT Security: Protecting Food and Agriculture Organizations appeared first on Security Intelligence.

Continue reading IoT Security: Protecting Food and Agriculture Organizations