You are here

Home

Cybersecurity

Federal Ransomware Resources

With ransomware having direct and indirect impact on OT environments and industrial operations in recent weeks, there has been no shortage of guidance and resources being posted. To that end, CISA and NIST independently published two resources on June 9, 2021 to help critical infrastructure asset owners and operators bolster their preparedness against this national crisis.

Donuts and Data Types – Compromised Credentials Findings from the 2021 Verizon DBIR

For those of us who still have not made time to delve into the data, details, and drollery that is the 2021 Verizon DBIR, our partners at Flashpoint have dared to dredge the delightful document. After diligent dissection, Flashpoint declares one theme jumps out: compromised credentials are an issue for organizations of all industries, regions, and sizes. Specifically, according to the 2021 DBIR, “We’ve said it before, and we’ll say it again—everyone loves credentials.

IoT Privacy Awareness – Amazon Sidewalk Goes Live Today

Always on IoT certainly has its benefits, but typically not without some risk. The key is to understand and weigh the risk versus reward, including the default (enabled or disabled) status of “said” benefits. To that end, Amazon rolled out its Sidewalk feature today across supported Alexa and Ring devices and enabled it by default. Amazon Sidewalk uses Bluetooth Low Energy (BLE) to broadcast low-bandwidth wireless signals, potentially up to a half-mile away.

ICS Security and the Insider Threat – Misconfiguration Issues are a Threat to Safety

Misconfigurations of an IT system might shut systems down, misroute traffic, or bring communications to a halt. Those outcomes are frustrating and negatively impact the availability of data, but misconfigurations within OT/ICS networks have the potential to go beyond a little annoyance and inconvenience and could expose industrial operations to hazardous scenarios that threaten the safety of the system, the environment, or human life. Misconfigurations are caused by people, and people make unintentional mistakes.

Critical Infrastructure Still Under Fire – Two Passenger Transportation Entities Impacted by Cyber Attacks

In a seeming continuously growing list of attacks on critical infrastructure, two major passenger transportation entities reported yesterday they had fallen victim. The Steamship Authority, the largest ferry service to the Massachusetts Islands of Martha’s Vineyard and Nantucket from Cape Cod, reported that ransomware disrupted its services causing delays and taking the web-based and phone-based reservation systems offline. According to a tweet by The Steamship Authority, there was no impact to the safety of vessel operations, as the issue did not affect radar or GPS functionality.

Cybersecurity Resilience – Protective DNS, a Consideration for Network Security

The Domain Name System (DNS) is the backbone of the internet and is what makes navigating to websites and sending emails seamless to humans. Unfortunately, like many internet protocols, DNS is also abused by threat actors – from exploiting user domain name typos to transmitting malicious data over what appears to be legitimate and expected DNS network traffic. The U.S. National Security Agency (NSA) Central Security Service has released an InfoSheet on adopting encrypted (protective) DNS in enterprise environments.

Managing OT Cyber Insurance

While cyber insurance has matured during the past few years, there are still many lesser understood facets, especially OT needs and requirements. In a recent post, Verve Industrial poignantly states, even as threats to critical controls systems grow exponentially, cyber insurance underwriters have been slow to update rating tables to incorporate growing cyber-physical risks. Organizations, likewise, often fail to adequately account for OT/ICS risks and basic controls in their overall assessment strategies.

Pages

Subscribe to Cybersecurity