HackDig : Dig high-quality web security articles for hackers

NIST Cybersecurity Framework – The Key to Critical Infrastructure Cyber Resiliency

In the digital age, organizations and the missions and business processes they support rely on information technology and information systems to achieve their mission and business objectives. Not only is technology used to efficiently enable businesses to carry out operational activities, but it is also the backbone for the United States’ critical infr
Publish At:2021-01-25 01:32 | Read:116 | Comments:0 | Tags:ICS Security Critical Infrastructure cyber resilience framew

Improving Your Security Posture with the Pipeline Cybersecurity Initiative

A few years ago, I worked alongside some oil commodity traders. Environmental concerns aside, I never realized how many parts were required to get the oil out of the ground, not to mention everything else that finally resulted in the production of refined products that surround our lives. As a cybersecurity professional, I was more interested in how all
Publish At:2021-01-20 00:38 | Read:168 | Comments:0 | Tags:Featured Articles ICS Security CISA compliance Critical Infr

5 Key Security Challenges Facing Critical National Infrastructure (CNI)

Digital threats confronting Critical National Infrastructure (CNI) are on the rise. That’s because attackers are increasingly going after the Operational Technology (OT) and Industrial Control Systems (ICS) that shareholders use to protect these assets. In their report “Caught in the Crosshairs: Are Utilities Keeping Up with the Industrial Cyber Threat?,” fo
Publish At:2020-12-17 01:32 | Read:267 | Comments:0 | Tags:ICS Security Critical Infrastructure ICS security Industrial

Key OT Cybersecurity Challenges: Availability, Integrity and Confidentiality

Organisations are still underestimating the risks created by insufficiently secured operational technology (OT).One current example comes from Germany. According to a report by heise.de, external security testers consider it “likely” that a successful serious cyberattack against the publicly owned water company Berliner Wasserbetriebe could lead to a complet
Publish At:2020-12-07 03:38 | Read:330 | Comments:0 | Tags:ICS Security IT Security and Data Protection Availability Co

FERC Releases Staff Report on Lessons Learned from CIP Audits

In October, the Federal Energy Regulatory Commission (FERC) released its “2020 Staff Report Lessons Learned from Commission-Led CIP Reliability Audits.” The report summarizes the Commission’s observations from Critical Infrastructure Protection (CIP) audits performed in conjunction with staff from Regional Entities and the North American Electric Reliability
Publish At:2020-12-02 02:44 | Read:180 | Comments:0 | Tags:ICS Security audits FERC lessons learned NERC CIP

Is Cybersecurity Smart Enough to Protect Automated Buildings?

Hacked air conditioning and plummeting elevators?Imagine that you are in an elevator in a high rise building when suddenly the elevator starts to plummet with no apparent stopping mechanism other than the concrete foundation below.  While this may sound like something from a Hollywood movie, consider the idea that a securely tethered, fully functional e
Publish At:2020-11-25 03:02 | Read:452 | Comments:0 | Tags:Featured Articles ICS Security Automation ICS security IoT I

How to Best Secure the Industrial Network for EMEA Organizations

You don’t have to search very far in the news to see stories of websites being hacked and customer details being stolen. Stories about incidents involving industrial control systems (ICSes) and operational technology (OT) environments aren’t so common. But they are prevalent. Just the other week, for example, an airline company sent out an email letting me k
Publish At:2020-10-27 00:55 | Read:329 | Comments:0 | Tags:ICS Security Industrial Control Systems industrial environme

3 Zones that Require Network Security for Industrial Remote Access

By now, we have a good understanding of what secure remote access (SRA) is and why organizations might choose to enable it for their OT environments. We also know that securing IT-OT collaboration, leveraging guidance from best practice frameworks and using an automated solution can help organizations to implement this type of access. Even so, we still don’t
Publish At:2020-10-19 01:49 | Read:448 | Comments:0 | Tags:ICS Security Industrial operational technology remote access

New ‘MontysThree’ Toolset Used in Targeted Industrial Espionage Attacks

Researchers uncovered a new toolset they’ve dubbed “MontysThree” that has played a role in targeted industrial espionage attacks stretching back to 2018.In the summer of 2020, Kaspersky Lab discovered that an unknown actor had been using a modular C++ toolset called “MT3” to conduct targeted industrial espionage campaigns for ye
Publish At:2020-10-08 08:49 | Read:335 | Comments:0 | Tags:ICS Security Latest Security News espionage Industrial Monty

Zerologon: Tripwire Industrial Visibility Threat Definition Update Released

Today, we released a Threat Definition Update bundle for our Tripwire Industrial Visibility solution to aid in the detection of Zerologon.Otherwise known as CVE-2020-1472, Zerologon made news in the summer of 2020 when it received a CVSSv3 score of 10—the most critical rating of severity.Zerologon is a vulnerability that affects the cryptographic authenticat
Publish At:2020-10-05 10:37 | Read:452 | Comments:0 | Tags:ICS Security Latest Security News Tripwire Industrial Visibi

Joint “CYPRES” Report on Incident Response Released by FERC

Earlier this month, the Federal Energy Regulatory Commission (FERC) published a joint report entitled “Cyber Planning Response and Recovery Study” (CYPRES) in partnership with the North American Electric Reliability Corporation (NERC) and eight of its Regional Entities (REs) in order to review the methods for responding to a cybersecurity event. The report i
Publish At:2020-09-30 12:20 | Read:377 | Comments:0 | Tags:Featured Articles ICS Security FERC Incident Response and Ma

NERC Publishes Practice Guide for Assessing SVCHOST.EXE

One of our customers (You know who you are, thanks!) made us aware of a new practice guide titled “ERO Enterprise CMEP Practice Guide: Assessment of SVCHOST.EXE” published exactly two weeks ago today on September 15th, 2020.North American Electric Reliability Corporation (NERC) seldom releases guidance like this, so they shouldn’t go unnoticed. They’ve publi
Publish At:2020-09-30 12:20 | Read:274 | Comments:0 | Tags:Government ICS Security cybersecurity ICS security SVCHOST.E

CISA, NSA Lay Out Recommendations for Protecting OT Assets

The Cybersecurity & Infrastructure Security Agency (CISA) and the National Security Agency (NSA) laid out a series of recommendations for critical infrastructure owners and operators to protect their operational technology (OT) assets.In an alert published on July 23, CISA published an alert in which it recognized malicious actors’ growing willingn
Publish At:2020-07-27 14:29 | Read:818 | Comments:0 | Tags:ICS Security Latest Security News CISA NSA OT

Using “Update.exe” as a Case Study for Robust OT Cybersecurity

In 2020, car manufacturer Honda fell victim to a ransomware attack. Using a payload called “update.exe,” the attack crippled Honda’s international customer service and Financial Services wing for days. Although it affected two customer facing branches of this global corporation, the ransomware was designed to target and breach Honda’s critical ICS/SCADA envi
Publish At:2020-07-07 00:04 | Read:612 | Comments:0 | Tags:Featured Articles ICS Security cyberattack ICS security malw

Design & Implementation of OEM ICS Cybersecurity Frameworks: The Good, The Bad, and The Ugly

The cyber threat landscape today continues to pose a myriad of unique challenges. This is especially the case for industrial organizations due to factors such as aging equipment, poor design or implementation, skills gaps and a lack of visibility. These shortcomings are exacerbated by the mean time to breach detection, which continues to hover above 150 days
Publish At:2020-07-06 00:55 | Read:1509 | Comments:0 | Tags:Featured Articles ICS Security Center for Internet Security

Tools

Tag Cloud