Cybersecurity

The U.S. Department of Homeland Security’s (DHS’s) Cybersecurity and Infrastructure Security Agency (CISA) has posted an advisory on how to secure new internet connected devices. As described in the advisory, these devices include smart cameras, TVs, watches, phones, and tablets, all of which are popular gifts during the holiday season. Of course, this means that many people are likely to have recently come into possession of such devices. In some cases, they may be bringing these devices to work, potentially introducing new security vulnerabilities to their organizations.

Given the continuing, if not increasing, threats to state and local governments from ransomware, device security company Forescout has published an article containing advice for how to prevent as well as respond to and recover from potentially costly and debilitating attacks.

With the 2010s coming to a close, Wired magazine takes its readers on “an anxiety-inducing stroll” through a review of some of the worst hacks that occurred in the last decade. It notes that these hacks demonstrated that cyber incidents have become less of a novelty and more of a fact of life for billions of people around the world. One of the incidents revisited by Wired is that involving the Stuxnet malware that caused physical damage to equipment at a nuclear enrichment facility, a kind of attack that experts have warned could be conducted in other industrial settings.

Quantifying OT cyber risk requires empirical facts. In a compendium to WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities, industrial cybersecurity firm Verve Industrial proposes the best way to gain empirical knowledge of OT environments is through comprehensive asset inventories based on real time, multi-contextual parameters. Verve’s article aims to help separate fact from fiction and varying opinions on what components are the most important when trying to secure OT environments.