HackDig : Dig high-quality web security articles for hackers

So You Want to Achieve NERC CIP-013-1 Compliance…

Is an electricity provider’s supply chain its weakest link in the event of a cyberattack? The evidence is compelling that third parties often play unwitting roles. For example, the NotPetya ransomware attacks in mid-2017 originally gained a foothold via a backdoor in third-party accounting software. To safeguard North America’s electricity supply, the North
Publish At:2020-02-09 10:21 | Read:1156 | Comments:0 | Tags:ICS Security CIP-013-1 compliance _NERC

Survey: 93% of ICS Pros Fear Digital Attacks Will Affect Operations

Digital attackers are increasingly targeting industrial environments these days. Take manufacturing organizations, for instance. Back in late-August, FortiGuard Labs discovered a malspam campaign that had targeted a large U.S. manufacturing company with a variant of the LokiBot infostealer family. It wasn’t long thereafter when Bloomberg reported on the effo
Publish At:2019-10-18 10:10 | Read:1155 | Comments:0 | Tags:ICS Security experts ics Industrial Survey

What is NEI 08-09?

Most organizations with industrial control systems (ICS) fall into one of two categories: regulated and non-regulated. For those subject to government imposed regulatory requirements, the selection of a cybersecurity framework is obviously compelling. Such is the case with the nuclear energy industry and NEI 08-09.The nuclear energy industry is one of the sa
Publish At:2019-10-18 10:10 | Read:1021 | Comments:0 | Tags:ICS Security Regulatory Compliance ics NEI 08-09 nuclear

NIST SP 1800-23, Energy Sector Asset Management: Securing Industrial Control Systems

Industrial organizations face a growing list of digital threats these days. Back in April 2019, for instance, FireEye revealed that it had observed an additional intrusion by the threat group behind the destructive TRITON malware at another critical infrastructure. This discovery came less than two years after the security firm discovered an attack in which
Publish At:2019-10-18 10:10 | Read:1257 | Comments:0 | Tags:ICS Security Regulatory Compliance Energy Sector NIST

3 Trends in Support of a More Nuanced Approach to ICS Security

The security community has seen multiple high-profile incidents targeting industrial control systems (ICS) over the past few years. No one can forget Christmas 2015, when a threat actor linked to the Russian government sent spear-phishing emails to the Western Ukrainian power company Prykarpattyaoblenergo.Those messages were laced with BlackEnergy, a form of
Publish At:2017-03-27 12:15 | Read:6022 | Comments:0 | Tags:Featured Articles ICS Security ics malware security

The Subversive Six – Hidden Risk Points in Your ICS

I was lucky enough to be at the event at which Sean McBride initially spoke about potatoes. Who doesn’t love a good potato? It was actually a succinct outline of a process in agriculture that takes place every day, outlining pinch points of a potato harvester that could illicit physical harm to the workers performing their everyday jobs.It was a nice metapho
Publish At:2017-03-15 05:05 | Read:7625 | Comments:0 | Tags:Featured Articles ICS Security ics organization risk

More than 90% of IT Pros Expect More Attacks, Risk, and Vulnerability with IIoT in 2017

The Internet of Things (IoT) embodies great promise and risk. On the one hand, ordinary users view IoT as a means of streamlining their activities across billions of “smart” devices. They hope such connectivity will ultimately translate into better and easier lives. On the other hand, IoT devices aren’t always designed with security in mind
Publish At:2017-03-13 16:15 | Read:4465 | Comments:0 | Tags:Featured Articles ICS Security IIoT IT OT Vulnerability

Common Solutions for DevOps and Discrete Manufacturing

Near the bleeding edge of technology, there’s a lot of talk (and work) around DevOps and the use of containers for delivering services. This is a fast-paced environment where services are spun up and down to meet demand in an elastic cloud and code is shipped to production multiple times a day. It’s also an area where security is far from ‘figured out,’ but
Publish At:2017-03-08 04:11 | Read:5025 | Comments:0 | Tags:Featured Articles ICS Security DevOps Docker security

4 Tips for a Successful OT & IT Security Marriage

Securing critical infrastructure is becoming a priority for the public and private sectors. Cyber professionals everywhere are rejoicing about the increasing investments in protecting the networks and systems that keep us safe at night. The Oval Office has even signaled its intentions to make security a priority.We welcome the new administration’s desire for
Publish At:2017-02-15 03:15 | Read:6138 | Comments:0 | Tags:Featured Articles ICS Security IT OT security

ICS Sandbox: Diving into the ICS Threat Landscape at RSA Conference

During the second week of February, information security professionals will head over to San Francisco to attend RSA, one of The State of Security’s top 13 conferences for 2017. The conference is primarily focused on information security-related topics and typically draws over 45,000 attendees per year, making it one of the largest information security
Publish At:2017-02-02 01:45 | Read:5162 | Comments:0 | Tags:Featured Articles ICS Security Conference ics security

2016 Reflections on ICS Security

As the year approaches the end, it is a time to reflect on 2016 and industrial control systems (ICS) security. Why ICS security? Because securing ICS should be everyone’s concern. Consider the impact on this critical infrastructure and what it means to you.ImpactWhy?Your entertainment—watching movies on your TV or laptop, listening to music, etc.ICS are a cr
Publish At:2016-12-28 10:55 | Read:4261 | Comments:0 | Tags:Featured Articles ICS Security backdoor ics security spear-p

How to Approach Cyber Security for Industrial Control Systems

Today’s industrial control systems (ICS) face an array of digital threats. Two in particular stand out. On the one hand, digital attackers are increasingly targeting and succeeding in gaining unauthorized access to industrial organizations. Some actors use malware, while others resort to spear-phishing (or whaling) and other social engineering techniqu
Publish At:2016-11-14 12:05 | Read:3947 | Comments:0 | Tags:Featured Articles ICS Security controllers Cyber endpoints i

Passively Pilfering Pages: How Beepers Threaten ICS Security

In today’s interconnected world, malicious actors take no issue in targeting industrial control systems (ICS). Just look at what’s happened in the past two years alone.Actors have sent spear-phishing emails to a number of industrial organizations in the Middle East; gained unauthorized access to a dam in upstate New York; leveraged BlackEnergy ma
Publish At:2016-11-03 07:45 | Read:7584 | Comments:0 | Tags:Featured Articles ICS Security beepers ics Industrial page T

3 ICS Security Incidents that Rocked 2016 and What We Should Learn from Them

Physical and digital systems are increasingly linked together in modern industrial environments like those seen in the United States. While this connectivity automates the management of industrial control systems (ICS), it also means a digital attack against our nation’s critical infrastructure could negatively affect users’ physical health and s
Publish At:2016-11-01 00:45 | Read:6704 | Comments:0 | Tags:Featured Articles ICS Security CISR ics malware NCSAM securi

Lessons from the Frontlines of Power Utility Attacks

Security experts have been warning companies and policymakers that systems protecting power utilities and other critical infrastructure are vulnerable to cyber attacks. Those intrusions could produce widespread damage, if they proved to be successful.In fact, as reported by Dark Reading, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)
Publish At:2016-10-06 12:20 | Read:3840 | Comments:0 | Tags:Featured Articles ICS Security ics ICS-CERT malware power ra

Tools

Tag Cloud