You are here

Home » Cybersecurity

Cybersecurity

If Your Utility Qualifies for a “.gov” Top-Level Domain (TLD), Consider This

On Tuesday, administration of the “.gov” top-level domain (TLD) was officially transferred to CISA. Organizations that qualify as a government entity but do not currently use a .gov TLD can be confusing to the public as to whether the website is legitimate. Reasons vary for why some government entities do not use a .gov. Often that reason is due to the cost of registering and maintaining .gov, especially for small municipalities.

Emotet Effectively Exhausted – Uninstall Command Executed on April 25

The uninstall code planted by the German Bundeskriminalamt (BKA) federal police agency instructing Emotet to uninstall from roughly one million remaining infected systems executed on Sunday. This action cleans up the Windows registry key that enabled the Emotet modules to run automatically and stops and deletes associated services, but does not remove other files, nor does it erase additional malware that might have been installed through the botnet.

OT Cybersecurity – ICS Unicorns are an Endangered Species

It is certainly not impossible to maintain an air gapped control system network, but all too often risk assessments and penetration tests reveal they are a dying breed. Likewise, numerous case studies and research into ICS-focused adversaries reveal many threat groups leveraging IT exploits to traverse into the OT network. Both scenarios confirm the fact that OT and IT cybersecurity need each other for a holistic security posture.

OT and IT Cybersecurity – We Need Each Other

Cybersecurity is an organizational initiative; a necessity. It’s not us (OT) versus them (IT). Cybersecurity is not solely a technology problem. IT standards do not always translate well to secure ICS/SCADA systems and processes; however, much can be gained by understanding IT security principles and how they may or may not relate to OT security. Likewise, IT security needs to know/understand the engineering and operations of control systems so together they can better architect secure solutions.

OT Cybersecurity Compendium – Staffing, Securing IIoT, and OPC Security, Oh My!

OT Cybersecurity Staffing Challenges – Industry expert Dale Peterson outlines three strategies to addressing the OT cybersecurity shortage, including encouraging women into the field, stop demanding cybersecurity unicorns, and don’t force personnel without interest or acumen into OT cybersecurity. Read more at Dale Peterson.

Cyber Resiliency – National League of Cities Helping Municipalities Do More with Less

It’s no secret that small-medium cities, towns, and villages often struggle with cybersecurity despite their implementation of technology solutions. While not the first, nor the last, the incident that occurred in Oldsmar, Florida is a poignant example. Quite simply, cybersecurity is a cost of doing business or providing a critical service in today’s society that just can’t be ignored. Short of an apocalypse, the need for cybersecurity is not going away, regardless of funding and resource constraints.

ICS Cybersecurity Recommendations for Level 0 and Level 1 Devices

What seemed to begin as a friendly debate between industrial cybersecurity experts Joe Weiss and Dale Peterson, has resulted in a salient three-part series on security controls for Purdue Level 0 and Level 1 devices. While the need for security of Level 0 and Level 1 devices is not in question, some organizations understandably grapple with the priority of implementing proper controls to protect these crucial devices.

According to Dale, this three part article series can be summarized as follows:

Pages

Subscribe to Cybersecurity