Cybersecurity

CISA has published an advisory on an unquoted search path or element vulnerability in Reliable Controls LicenseManager. Versions 3.4 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to crash the system, view sensitive data, or execute arbitrary commands. Reliable Controls has released RC-LicenseManager Version 3.5, which is bundled for use within the latest RC-Studio software. Reliable Controls recommends users upgrade to RC Studio 3.6.3. CISA also recommends a series of measures to mitigate the vulnerabilities.

ZDNet has posted an enlightening summary about some of the most influential cyber events during the past decade. Not all of the events are the biggest, but each incident represents a new trend, watershed moment, or paradigm shift in the field of cybersecurity. Several incidents are relevant to industrial cybersecurity, such as Stuxnet (2010), Flame (2012), Ukraine (2015), and even Wannacry and NotPetya (2017).

In this “assume breach” world, survival usually means having a response plan in place before an incident occurs. Matthew J. Scwartz, Executive Editor of DataBreachToday, asked seven cybersecurity experts how organizations can better detect, defend, and mitigate cyber attacks; the overwhelming responses revolved around incident response plans. Given that you will not detect an attack if you cannot see it, investing in intrusion detection and monitoring is fundamental to being able to respond timely.

The National Institute of Standards and Technology (NIST) is seeking input between now and January 13, 2020 for the National Initiative for Cybersecurity Education’s (NICE’s) Cybersecurity Workforce Framework. First published in August 2017, the document is intended to define and provide guidance on different aspects of cybersecurity workforce development, planning, training, and education.