You are here

Home » Cybersecurity

Cybersecurity

OT/ICS Security – Understanding, Differentiating, and Reporting OT Infrastructure Compromises

In the interest of incident reporting it is important to be able to identify and differentiate types of incidents being reported. It is also important to be able to understand the difference between an actual attack and an unintentional incident that may have attack-like consequences. Given cross-sector dependencies, some water and wastewater utilities closely track and apply NERC CIP regulations even though they aren’t required. NERC CIP 008-6 became mandatory on January 1, 2021 and requires bulk power system utilities to report attempts to compromise their infrastructure and operations.

OT/ICS Security – Consequence-driven Cyber-informed Engineering (CCE)

In another reference to WaterISAC's 15 Cybersecurity Fundamentals for Water and Wastewater Utilities, you may recall this topic being discussed at #6 Install Independent Cyber-Physical Safety Systems. Consequence-driven Cyber-informed Engineering (CCE) is an advanced topic for critical infrastructure organizations, but one that shouldn't be overlooked.

OT/ICS Security – Network Segmentation and Asset Management

As stated in #3 Minimize Control System Exposure in WaterISAC's 15 Cybersecurity Fundamentals for Water and Wastewater Utilities, critical infrastructure site assessments performed by CISA for the water and wastewater sector cite the most commonly identified network weakness is a lack of appropriate boundary protection controls. Furthermore, as Armis reminds, per NIST, network segmentation and segregation is one of the most effective architectural concepts that an organization can implement to protect ICS.

NIST Releases Guidance on Protecting Highly Sensitive Data from Advanced Persistent Threat Actors

The National Institute for Standards and Technology (NIST) has published guidance that can be used by organizations to protect highly sensitive data from advanced persistent threat (APT) actors, including those affiliated with nation-states. NIST’s Special Publication (SP) 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST SP 800-171, offers a set of tools designed to counter the efforts of state-sponsored hackers and complements another NIST publication.

FBI Tech Tuesday on Building a Digital Defense against Cryptocurrency Scams

As part of its Tech Tuesday series, the FBI's Portland, Oregon office has published an article on building a digital defense against cryptocurrency scams. This article was prompted by the FBI’s Internet Crime Complaint Center having received numerous tips recently from people who received threatening messages demanding digital currency. The targeted victim receives an email from a person or group alleging that they committed some crime that involved the theft of virtual funds from the scammer. The threat actor makes a series of threats demanding the victim pay him back.

Happy Data Privacy Day, Alexa

Today, January 28, 2021 is Data Privacy Day. After this past year, we could all use some data privacy reminders as many of us have willingly acquiesced to greater contactless interactions, often at the detriment of privacy. From smart devices to consumer data, privacy settings and permissions, multifactor authentication, and encryption, there is room for everyone to improve data privacy hygiene.

CISA Releases New Courses on Cloud Security and Cybersecurity for Government and Veteran Users

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of two new cybersecurity courses: Cloud Security and Foundations of Cybersecurity for Management. Federal, state, local, tribal, and territorial government and veteran users can access these courses, track their progress, and store course transcripts.

Pages

Subscribe to Cybersecurity