Cybersecurity

If you are reading this, you understand the devastation that can occur when critical infrastructure fails. Whether the compromise is due to a mechanical failure or a cyber attack, societal ramifications can be dire. In a recent post, Sergio Caltagirone, Vice President of Threat Intelligence at industrial cybersecurity firm Dragos, presents several interconnected reasons we may expect important humanitarian consequences from cyber operations over the next decade.

CISA has published an advisory on an unquoted search path or element vulnerability in Reliable Controls LicenseManager. Versions 3.4 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to crash the system, view sensitive data, or execute arbitrary commands. Reliable Controls has released RC-LicenseManager Version 3.5, which is bundled for use within the latest RC-Studio software. Reliable Controls recommends users upgrade to RC Studio 3.6.3. CISA also recommends a series of measures to mitigate the vulnerabilities.

ZDNet has posted an enlightening summary about some of the most influential cyber events during the past decade. Not all of the events are the biggest, but each incident represents a new trend, watershed moment, or paradigm shift in the field of cybersecurity. Several incidents are relevant to industrial cybersecurity, such as Stuxnet (2010), Flame (2012), Ukraine (2015), and even Wannacry and NotPetya (2017).

In this “assume breach” world, survival usually means having a response plan in place before an incident occurs. Matthew J. Scwartz, Executive Editor of DataBreachToday, asked seven cybersecurity experts how organizations can better detect, defend, and mitigate cyber attacks; the overwhelming responses revolved around incident response plans. Given that you will not detect an attack if you cannot see it, investing in intrusion detection and monitoring is fundamental to being able to respond timely.