Cybersecurity

Aperture: A Claroty Podcast, Features WaterISAC to Discuss Oldsmar and Sector Cybersecurity

As the country continues discussing the cyber incident which occurred at the Oldsmar Florida Water Treatment Plant on February 5, 2021, it is important to continue highlighting the need for information sharing across the sector. Michael Mimoso, Aperture’s host and Claroty Editorial Director invited Water ISAC Managing Director Michael Arceneaux and Cyber Threat Analyst Jennifer Lyn Walker to discuss the incident, how it underscores the need for better information-sharing about incidents, and improved security hygiene inside critical infrastructure sectors such as water and wastewater.

Read more about Aperture: A Claroty Podcast, Features WaterISAC to Discuss Oldsmar and Sector Cybersecurity

Even the Basics are Critical for Critical Infrastructure

The dust (new details/disclosures) seems to be settling on the incident at the Oldsmar, Florida Water Treatment Plant that occurred on February 5, 2021. If you haven’t already, now is a good time to assess that your utility is not as vulnerable to the same basic cybersecurity shortcomings that reportedly contributed to the incident and/or have been identified during the investigation.

Read more about Even the Basics are Critical for Critical Infrastructure

All Eyes on Oldsmar

All eyes are on the Oldsmar, Florida Water Treatment Plant incident at the moment, and not just the security community’s.

Read more about All Eyes on Oldsmar

Considerations Regarding Oldsmar, Florida Water Treatment Plant Compromise

What we know about this incident has been widely published and shared across countless mediums - including a WaterISAC advisory to members yesterday - so we will not belabor posting every source.

Read more about Considerations Regarding Oldsmar, Florida Water Treatment Plant Compromise

OT/ICS Security – Understanding, Differentiating, and Reporting OT Infrastructure Compromises

In the interest of incident reporting it is important to be able to identify and differentiate types of incidents being reported. It is also important to be able to understand the difference between an actual attack and an unintentional incident that may have attack-like consequences. Given cross-sector dependencies, some water and wastewater utilities closely track and apply NERC CIP regulations even though they aren’t required. NERC CIP 008-6 became mandatory on January 1, 2021 and requires bulk power system utilities to report attempts to compromise their infrastructure and operations.

Read more about OT/ICS Security – Understanding, Differentiating, and Reporting OT Infrastructure Compromises

OT/ICS Security – Consequence-driven Cyber-informed Engineering (CCE)

In another reference to WaterISAC's 15 Cybersecurity Fundamentals for Water and Wastewater Utilities, you may recall this topic being discussed at #6 Install Independent Cyber-Physical Safety Systems. Consequence-driven Cyber-informed Engineering (CCE) is an advanced topic for critical infrastructure organizations, but one that shouldn't be overlooked.

Read more about OT/ICS Security – Consequence-driven Cyber-informed Engineering (CCE)

OT/ICS Security – Network Segmentation and Asset Management

As stated in #3 Minimize Control System Exposure in WaterISAC's 15 Cybersecurity Fundamentals for Water and Wastewater Utilities, critical infrastructure site assessments performed by CISA for the water and wastewater sector cite the most commonly identified network weakness is a lack of appropriate boundary protection controls. Furthermore, as Armis reminds, per NIST, network segmentation and segregation is one of the most effective architectural concepts that an organization can implement to protect ICS.

Read more about OT/ICS Security – Network Segmentation and Asset Management

Security Awareness Compendium for Identity Theft Awareness Week (February 1-5, 2021)

View the Security Awareness Compendium for Identity Theft Awareness Week on topics such as protecting digital lives, rethinking passwords, research on the cybercrime email infrastructure, and a business email compromise (BEC) investigation resource you NEED to have at your fingertips!

Read more about Security Awareness Compendium for Identity Theft Awareness Week (February 1-5, 2021)

Threat Awareness – Emotet, the Everlasting Email Enemy, Eradicated?

The famous jingle, “Ding-dong! The witch is dead” keeps coming to mind. But in a globally coordinated effort dubbed “Operation LadyBird,” law enforcement has dealt a crippling blow to the kingpin of email adversaries, Emotet. Europol released this statement yesterday and it was swiftly shared across numerous cyber news outlets.

Read more about Threat Awareness – Emotet, the Everlasting Email Enemy, Eradicated?

Happy Data Privacy Day, Alexa

Today, January 28, 2021 is Data Privacy Day. After this past year, we could all use some data privacy reminders as many of us have willingly acquiesced to greater contactless interactions, often at the detriment of privacy. From smart devices to consumer data, privacy settings and permissions, multifactor authentication, and encryption, there is room for everyone to improve data privacy hygiene.

Read more about Happy Data Privacy Day, Alexa

You are here

Cybersecurity

Aperture: A Claroty Podcast, Features WaterISAC to Discuss Oldsmar and Sector Cybersecurity

Even the Basics are Critical for Critical Infrastructure

All Eyes on Oldsmar

Considerations Regarding Oldsmar, Florida Water Treatment Plant Compromise

OT/ICS Security – Understanding, Differentiating, and Reporting OT Infrastructure Compromises

OT/ICS Security – Consequence-driven Cyber-informed Engineering (CCE)

OT/ICS Security – Network Segmentation and Asset Management

Security Awareness Compendium for Identity Theft Awareness Week (February 1-5, 2021)

Threat Awareness – Emotet, the Everlasting Email Enemy, Eradicated?

Happy Data Privacy Day, Alexa

Pages

You are here

Cybersecurity

Pages

Footer Email Signup