The U.S. Cybersecurity and Infrastructure Security Agency has begun issuing alerts about 56 flaws across operational technology equipment built by 10 different vendors. Researchers at Forescout Technologies say the flaws trace to poor design decisions by vendors.
Critical infrastructure providers face a unique set of challenges when it comes to securing their environment from the cruciality of uptime to complying with new federal directives, according to Mark Cristiano, commercial director for Rockwell Automation's global services business.
As information technology - aka IT - and operational technology - aka OT - continue to converge, organizations must stay ahead of new security challenges and threats, says Mex Martinot, vice president and global head of industrial cybersecurity at Siemens Energy.
Former Rockwell Automation CISO Dawn Cappelli discusses the mission of the new Dragos OT-CERT - a cybersecurity resource designed to help industrial asset owners and operators build their OT cybersecurity programs, improve their security postures and reduce OT risk - and her role as its director.
The 2021 Dragos ICS/OT Cybersecurity Year in Review report says the number of industrial organizations with external connections to their industrial control systems has doubled, yet 86% of organizations report limited to no visibility of ICS environments. Tom Winston outlines the top challenges.
U.S. government agencies, including the Department of Energy, CISA, the NSA and the FBI issued a joint cybersecurity advisory about advanced persistent threat actors using new tools and malwares to target industrial control systems and supervisory control and data acquisition devices.
For organizations with legacy systems, effective security and risk management remain essential as they transition to cloud or hybrid environments, says Davanathan "Devan" Naidoo, CIO of New Dimension Corp. He shares essential strategies and lessons learned.
A water trade association, at a congressional hearing Tuesday, urged the federal government to institute minimum cybersecurity standards for water systems. This comes as water providers see a big increase in the risk they face by connecting their legacy machines to the internet.
Deriving Value From ISACA’s CMMI Cybermaturity Platform
By baselining cyber maturity, one can create an organization’s risk profile
– and that is the key to being able to build a road map for prioritizing
and addressing business risk. ISACA’s Brian Fletcher shares insights on
establishing the maturity...
"All too often we hear that our industrial control systems have no security. That's not true," says Kevin Jones, group CISO of Airbus. In fact, he states, "some of these systems have been designed with security encapsulating them and security around them." He discusses enhancing cyber resilience.
In a U.S. Senate hearing on Tuesday, the Apache Software Foundation and leaders from Cisco, Palo Alto Networks and The Atlantic Council discussed open-source software security, urging both government and private sector entities to recognize the breadth of the free-to-use software and adversaries' willingness to...
In the midst of accelerated modernization, increased cybersecurity risks, and the new normal of hybrid work and learning environments, technology leaders in higher education have had to meet enormous challenges. As we enter the new year, what’s on their minds when it comes to issues of cybersecurity, hybrid...
ISMG's global editorial team reflects on the top cybersecurity news and analysis from 2021 and looks ahead to the trends already shaping 2022. From ransomware to Log4j, here is a compilation of major news events, impacts and discussions with leading cybersecurity experts on what to expect in the new year.
The Belgian Ministry of Defense, which is responsible for national defense and the Belgian military, announced on Monday that it has fallen victim to a cyberattack officials say relates to the widespread Apache Log4j vulnerability. The attack "paralyzed the ministry's activities for several days."
The year is ending with a cybersecurity bang - not whimper - due to the widespread prevalence of the Apache Log4j vulnerability. Researchers warn that at least 40% of corporate networks have been targeted by attackers seeking to exploit the flaw. More than 250 vendors have already issued security advisories.