It’s easier to trick a person than it is to “hack” a computer – if that weren’t true, security awareness programs wouldn’t be necessary. But with the continually increasing volume of threats targeting users instead of computers, security awareness programs are as vital as asset management in every cybersecurity strategy.
The Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory recommending that operators of SAP systems review an alert released today by security researchers from Onapsis and SAP and apply necessary updates and mitigation measures.
OT Cybersecurity Staffing Challenges – Industry expert Dale Peterson outlines three strategies to addressing the OT cybersecurity shortage, including encouraging women into the field, stop demanding cybersecurity unicorns, and don’t force personnel without interest or acumen into OT cybersecurity. Read more at Dale Peterson.
It’s no secret that small-medium cities, towns, and villages often struggle with cybersecurity despite their implementation of technology solutions. While not the first, nor the last, the incident that occurred in Oldsmar, Florida is a poignant example. Quite simply, cybersecurity is a cost of doing business or providing a critical service in today’s society that just can’t be ignored. Short of an apocalypse, the need for cybersecurity is not going away, regardless of funding and resource constraints.
Today the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI published a Cybersecurity Advisory stating that advanced persistent threat (APT) actors are engaged in activities to exploit Fortinet FortiOS vulnerabilities to gain initial access to government, commercial, and technology services networks for future attacks.
Honeywell just released its USB Threat Report 2020. If your utility uses USB’s in the OT environment, this is a must read report to understand the types of threats Honeywell detected and the potential impact these threats could have on industrial facilities and critical infrastructure.
Key findings from the USB Threat Report 2020 include:
On March 31, Secretary of Homeland Security Alejandro Mayorkas outlined his vision and roadmap for the Department’s cybersecurity efforts in a virtual address. He announced a series of 60-day cybersecurity “sprints” aimed at focusing DHS’s efforts on ransomware and industrial control systems, among other priorities. He called ransomware “a national security threat” and cited the incident at the water treatment plant in Oldsmar, Florida as a “powerful reminder” of the substantial risks to industrial control systems that need to be addressed.
What seemed to begin as a friendly debate between industrial cybersecurity experts Joe Weiss and Dale Peterson, has resulted in a salient three-part series on security controls for Purdue Level 0 and Level 1 devices. While the need for security of Level 0 and Level 1 devices is not in question, some organizations understandably grapple with the priority of implementing proper controls to protect these crucial devices.
According to Dale, this three part article series can be summarized as follows:
Yesterday, Kaspersky ICS CERT released a report on advanced cyber threat groups they track targeting industrial organizations. While APT attacks do not represent the bulk of cyber threat activity against our industrial organizations, they do represent the highest consequence if successful. However, not all APT groups have advanced tradecraft with the capability to disrupt or destroy industrial assets. In other words, just because a group has targeted industrial organizations, does not mean they have advanced capabilities beyond IT-based network actions.
The U.K.’s National Cyber Security Centre (NCSC) has launched new tools for individuals and small businesses to receive advice on improving their cybersecurity. The Cyber Action Plan, divided into one tool for individuals and families and another for small businesses, asks a series of questions on topics like passwords and two-factor authentication. It then presents a customized list of actions to help improve cybersecurity. The news of the tools’ release came on the same day the NCSC announced the results of a survey it had conducted of the British public.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
