You are here

Home » Cybersecurity

Cybersecurity

NSA Guidance on Zero Trust Security Model

The National Security Agency (NSA) has released Cybersecurity Information Sheet: Embracing a Zero Trust Security Model, which provides information about, and recommendations for, implementing Zero Trust within networks. The Zero Trust security model is a coordinated system management strategy that assumes breaches are inevitable or have already occurred. The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators and organizations review NSA’s guidance to help secure sensitive data, systems, and services.

Greater Preparedness and Security in Light of Oldsmar, Regardless of Intent or Motivation

Risk management firm, The Gate 15 Company reviews the February 5, 2021 blended threat (cyber-physical) incident at the Oldsmar, Florida Water Treatment Plant in a recent blog post titled, “Blended Threats: Did Florida’s Cyber Attack Whet Your Appetite for Better Preparedness and Security?” The post highlights the blended threat concerns and reviews some best practices and mitigation actions drawn from WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities for greater preparedness.

Dragos 2020 ICS Cybersecurity Year in Review

In case you haven’t seen it yet, Dragos published its 2020 ICS Cybersecurity Year in Review yesterday. This years' report has some cool interactive elements displayed as an executive summary. Based on extensive experience, assessments, and incident response insights, Dragos shares its observations, lessons learned, and recommendations in this annual data-driven analysis of Industrial Control System (ICS)/Operational Technology (OT) focused cyber threats and vulnerabilities.

In addition to several key findings and recommendations for ICS defenders, read the report for more on:

CISA Alert: Exploitation of Accellion File Transfer Appliance

The Cybersecurity and Infrastructure Security Agency (CISA) has published an alert about cyber actors exploiting vulnerabilities in Accellion File Transfer Appliance, noting this activity has impacted organizations globally. According to the alert, the actors have attacked government entities at all levels (federal, state, local, and more) as well as private industry organizations, including those in the telecommunications and energy sectors. The alert contains technical details of the activity and a list of recommendations for organizations that use Accellion FTA.

OT/ICS Security – Going From A(ir Gap) to Z(ero Trust)

Zero trust has become a bit of a buzzword lately, especially since the disclosure of the SolarWinds incident. In addition, it’s possible that the concept of zero trust is thought of as applicable only to IT systems and may have industrial systems operators dismissing it. But as the air-gap continues to erode in favor or greater (remote) access to control systems, zero trust becomes essential.

ACSC Small Business Cybersecurity Guide

The Australian Cyber Security Centre (ACSC) has published a guide intended to help small businesses protect themselves from the most common cybersecurity incidents. It identifies and explains the most common types of cyber threats and what can be done to protect a business, with some examples being malicious software, automatic updates, and multi-factor authentication. It also includes a series of checklists, including on people and procedures, as well as a glossary of terms.

Aperture: A Claroty Podcast, Features WaterISAC to Discuss Oldsmar and Sector Cybersecurity

As the country continues discussing the cyber incident which occurred at the Oldsmar Florida Water Treatment Plant on February 5, 2021, it is important to continue highlighting the need for information sharing across the sector. Michael Mimoso, Aperture’s host and Claroty Editorial Director invited Water ISAC Managing Director Michael Arceneaux and Cyber Threat Analyst Jennifer Lyn Walker to discuss the incident, how it underscores the need for better information-sharing about incidents, and improved security hygiene inside critical infrastructure sectors such as water and wastewater.

DHS Emphasizes CISA’s Role in Announcing Steps to Improve Cybersecurity

Yesterday U.S. Department of Homeland Security (DHS) Secretary Alejandro Mayorkas announced a variety of steps he plans his department to take to further address cyber threats to the nation. Cybersecurity and Infrastructure Security Agency (CISA) will be responsible for or have a significant role in implementing many of these steps, some of which involve building on existing efforts.

FBI PIN: Telephony Denial of Service Attacks Can Disrupt Emergency Call Center Operations

The FBI has published a Private Industry Notification (PIN) to provide awareness regarding Telephony Denial of Service (TDoS) attacks, noting they can affect the availability and readiness of emergency call centers and undermine public trust in these services. The PIN further discusses the impacts these attacks can have on call centers and threat actors’ motives, which can include to advance political or social causes or to extort municipalities for financial gain.

Pages

Subscribe to Cybersecurity