You are here

Home » Cybersecurity

Cybersecurity

Collaboration Efforts Promote Secure-By-Design Standards for Industrial Connected Devices

Automation.com recently reached out to Eaton on the status of a strategic partnership they entered with Underwriters Laboratories (UL) in February 2018, to advance cybersecurity for power management technologies, and help establish measurable cybersecurity standards for network-connected power management products and systems. The first fruits of their labor include a research and testing facility where Eaton’s products are tested in a specialized lab for compliance with industry cybersecurity requirements before they are installed in critical systems.

Chlorine Facility for Drinking Water and Sewage Treatment Targeted by Russia, Alleges Ukraine

The Security Service of Ukraine, or SBU, claims to have stopped a Russian cyber attack on a Ukrainian facility that provides chlorine for drinking water and sewage treatment. In its allegation, the SBU indicates the attack involved the VPNFilter malware (reported on by WaterISAC initially in late May – read more here) and was intended to disrupt operations.

Schweitzer Engineering Laboratories, Inc. Compass and AcSELerator Architect (ICSA-18-191-02) – Products Used in the Energy Sector

The NCCIC has released an advisory on incorrect default permissions, XXE, and resource exhaustion vulnerabilities in Schweitzer Engineering Laboratories, Inc. Compass and AcSELerator Architect. Compass Version 3.0.5.1 and prior and AcSELerator Architect Version 2.2.24.0 and prior are affected. Successful exploitation of these vulnerabilities could allow modification/replacement of files within the Compass installation directory, disclosure of information, or denial of service. Schweitzer Engineering Laboratories recommends users upgrade to the latest release of both products.

Universal Robots Robot Controllers (ICSA-18-191-01)

The NCCIC has released an advisory on hard-coded credentials and missing authentication for critical function vulnerabilities in Universal Robots Robot Controllers. CB 3.1, SW Version 3.4.5-100 is affected. Successful exploitation of these vulnerabilities could allow a remote attacker to run arbitrary code on the device. Universal Robots has recommended a series of remedial actions to address these vulnerabilities.

The Worst Cybersecurity Breaches of 2018 So Far

Looking back on the cyber incidents that occurred in the first six months of 2018, an article from Wired magazine concludes that corporate security isn't getting better fast enough, critical infrastructure security hangs in the balance, and state-backed hackers from around the world are getting bolder and more sophisticated. It cites Russia’s deployment of the NotPetya malware and hacking of the U.S. electric grid (activity that also affected water and wastewater utilities), rampant data exposures, and the breach of Under Armor’s fitness app to support its assertions.

Businesses Collect More Data Than They Can Handle, Only Half Know Where Sensitive Data Is Stored

Gemalto has released its findings into research it conducted about how companies use the data they collect from customers. One of the most surprising and alarming findings is that nearly two-thirds (65%) of organizations said they don’t possess the necessary resources to analyze all the consumer data they collect. If companies can’t analyze all of the data they collect, they likely don’t know all of the types of data they are collecting. And if they don’t know the types of data they are collecting, how can they classify it and apply the appropriate security controls for the data?

Cyber Attacks Affecting Operations of Critical Infrastructure Have High Probability of Becoming Routine

An article from VPN Compass points to statistics from Akamai’s latest State of the Internet report as a sign that high impact cyber attacks, such as those that affect the operations of critical infrastructure facilities, are starting to occur more frequently and that there

ICS Cybersecurity – The Time is Now

With greater awareness and emphasis on industrial cybersecurity over the past 12-18 months, ICS cybersecurity expert Galina Antova suggests next steps for organizations on the path toward greater situational awareness and industrial cybersecurity risk reduction. Now that asset owners are accepting this new reality, Ms. Antova encourages that it is time to effect change and prioritize a cybersecurity strategy. Part of the basic strategy involves understanding the environment, expanding risk and governance models, and keeping executives and boards apprised of the evolving threat landscape.

Pages

Subscribe to Cybersecurity