August 20, 2020
CISA has updated this advisory with additional information on mitigation measures. Read the advisory at CISA.
August 4, 2020
CISA has updated this advisory with additional information on mitigation measures. Read the advisory at CISA.
July 21, 2020
Researchers from the University of California have announced the discovery of a method to spoof solar inverters, which are a critical part of the solar electrical generation process. This technique depends on exploiting electromagnetic sensors that are based upon older, less secure technologies and that are often used in commercial solar inverters. The attack requires a device, smaller than a coffee cup, to be placed within range of the inverter, which then can be activated remotely to cause surges in the attached grid.
Researchers from New York University and the National University of Singapore have published a paper discussing the potential for disinformation campaigns to affect human behavior enough to cause blackouts in metropolitan electrical grids. Through surveys and modeling, the authors were able to demonstrate how creating false electronic communications from electrical companies could influence customer behavior, causing an increase in power consumption that could cause significant damage to a city’s power grid.
When ransomware strikes a company, it is easy for pundits to say, “don’t pay the ransom.” But in reality, that is not always a practical choice. If you have not been impacted by ransomware yet, you are fortunate. Furthermore, if you think you know what you will do when you are (and even if you don’t know), you might want to read this recent post by Mailguard. The article includes a quick timeline of events regarding the WastedLocker ransomware attack on Garmin last month and thoughts on navigating the critical quandary to pay or not to pay.
Cybersecurity challenges brought on by COVID-19 have been covered ad-nauseum and are largely unsurprising; however, a recent survey by cybersecurity firm Malwarebytes revealed a few things that make you go 'hmmmm.' In its latest report, Enduring from Home: COVID-19’s Impact on Business Security, Malwarebytes Labs summarizes respondents’ concerns about transitioning to work-from-home, the impacts suffered due to the pandemic, and plans to implement long-term security changes moving ahead.
With vulnerability management being a pillar of every successful cyber risk management strategy, the latest report by industrial cybersecurity firm Claroty provides material evidence for member utilities challenged with prioritizing cybersecurity in the OT environment. According to findings in the Claroty Biannual ICS Risk & Vulnerability Report: 1H 2020, the water and wastewater sector falls just below energy and critical manufacturing for the critical infrastructure sectors most affected by vulnerabilities published in ICS-CERT advisories.
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have published a new Malware Analysis Report (MAR) on BLINDINGCAN, a malware variant used by North Korean actors. In addition to providing a description of BLINDINGCAN, the MAR contains suggested response actions and recommended mitigation techniques.
In Day 4 of its Mobility Month mini series, Control Global shares the experience of John D’Aoust, water treatment plant manager, City of Haverhill, Massachusetts. D’Aoust outlines how his 10-member staff is prepared to operate with just one onsite staffer. “If you put the proper plans in place and have the right hardware to enable the necessary security, you can do this safely and securely,” adds D’Aoust, who says his team is prepared if fully remote monitoring is ever required.
NIST recently announced the final publication of Special Publication (SP) 800-207, Zero Trust Architecture, which discusses the core logical components that make up a zero trust architecture (ZTA). Zero trust refers to an evolving set of security paradigms that narrows defenses from wide network perimeters to individual or small groups of resources.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
