Credit rating agency Fitch Ratings published an advisory last week announcing that cybersecurity attacks and preparedness efforts “could pose financial and operating risks that ultimately affect utility credit quality.”
The Cybersecurity and Infrastructure Security Agency (CISA) has published its 2020 Year in Review report, discussing its activities in the past year in support of the physical security and cybersecurity of the nation, including its critical infrastructure. The report includes a timeline of events, which include a number of emergency directives CISA released, including one in December to address the SolarWinds exploitation campaign.
It’s easier to trick a person than it is to “hack” a computer – if that weren’t true, security awareness programs wouldn’t be necessary. But with the continually increasing volume of threats targeting users instead of computers, security awareness programs are as vital as asset management in every cybersecurity strategy.
The Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory recommending that operators of SAP systems review an alert released today by security researchers from Onapsis and SAP and apply necessary updates and mitigation measures.
OT Cybersecurity Staffing Challenges – Industry expert Dale Peterson outlines three strategies to addressing the OT cybersecurity shortage, including encouraging women into the field, stop demanding cybersecurity unicorns, and don’t force personnel without interest or acumen into OT cybersecurity. Read more at Dale Peterson.
It’s no secret that small-medium cities, towns, and villages often struggle with cybersecurity despite their implementation of technology solutions. While not the first, nor the last, the incident that occurred in Oldsmar, Florida is a poignant example. Quite simply, cybersecurity is a cost of doing business or providing a critical service in today’s society that just can’t be ignored. Short of an apocalypse, the need for cybersecurity is not going away, regardless of funding and resource constraints.
Today the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI published a Cybersecurity Advisory stating that advanced persistent threat (APT) actors are engaged in activities to exploit Fortinet FortiOS vulnerabilities to gain initial access to government, commercial, and technology services networks for future attacks.
Honeywell just released its USB Threat Report 2020. If your utility uses USB’s in the OT environment, this is a must read report to understand the types of threats Honeywell detected and the potential impact these threats could have on industrial facilities and critical infrastructure.
Key findings from the USB Threat Report 2020 include:
On March 31, Secretary of Homeland Security Alejandro Mayorkas outlined his vision and roadmap for the Department’s cybersecurity efforts in a virtual address. He announced a series of 60-day cybersecurity “sprints” aimed at focusing DHS’s efforts on ransomware and industrial control systems, among other priorities. He called ransomware “a national security threat” and cited the incident at the water treatment plant in Oldsmar, Florida as a “powerful reminder” of the substantial risks to industrial control systems that need to be addressed.
What seemed to begin as a friendly debate between industrial cybersecurity experts Joe Weiss and Dale Peterson, has resulted in a salient three-part series on security controls for Purdue Level 0 and Level 1 devices. While the need for security of Level 0 and Level 1 devices is not in question, some organizations understandably grapple with the priority of implementing proper controls to protect these crucial devices.
According to Dale, this three part article series can be summarized as follows:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
