Control Loop: The OT Cybersecurity Podcast

Radiation sensor reports from Chernobyl may have been manipulated. South African power generator hit with malware. APT31 linked to attacks on industrial systems in Eastern Europe. Environmental regulation and increased maritime cyber risk. CISA Director warns of Chinese infrastructure attack staging. Threats to the power grid. CODESYS vulnerabilities. 

Today's guest is Dragos’ Lesley Carhart, sharing their RSAC 2023 talk on real world stories of incident response and threat intelligence. 

The Learning Lab continues the conversation between Dragos’ Mark Urban and Kimberly Graham about the convergence.

Control Loop News Brief.

Radiation sensor reports from Chernobyl may have been manipulated.

Seeing Through the Invisible: Radiation Spikes Detected in Chernobyl During the Russian Invasion Show Possible Evidence of Fabrication (Ruben Santamarta)

The Mystery of Chernobyl’s Post-Invasion Radiation Spikes (WIRED)

CISA Director warns of Chinese infrastructure attack staging.

Top U.S. cyber official offers 'stark warning' of potential attacks on infrastructure if tensions with China escalate (NBC News)

China's Volt Typhoon snoops into US infrastructure, with special attention to Guam. (CyberWire)

CODESYS vulnerabilities.

Microsoft reveals severe vulnerabilities in CODESYS industrial automation software (The Record)

Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS (Microsoft)

South African power generator hit with malware.

Focus on DroxiDat/SystemBC (Kaspersky)

Ransomware Trends in the HPH Sector - Q1 2022 (HHS)

Environmental regulation and increased maritime cyber risk.

Navigating Cybersecurity's Seas: Environmental Regulations, OT & the Maritime Industry's New Challenges (Dark Reading)

Threats to the power grid.

EXCLUSIVE: ‘Release our men’: Far-right used power grid threats to try and blackmail government into freeing neo-Nazi bank robbery suspects (The Daily Dot)

APT31 linked to attacks on industrial systems in Eastern Europe.

Common TTPs of attacks against industrial organizations. Implants for uploading data (Kaspersky)

Control Loop Interview.

Our guest is Dragos’ Technical Director for Industrial Incident Response, Lesley Carhart, sharing real world stories of incident response and threat intelligence from their RSAC 2023 talk. 

Control Loop Learning Lab.

On the Learning Lab, Mark Urban is joined by Dragos Vice President of Product Management Kimberly Graham in part two of their discussion on the convergence of OT and IT. 

Control Loop OT Cybersecurity Briefing.

A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The Five Eyes outline the top exploited vulnerabilities. The Brunswick Corporation loses millions to cyberattack. Ransomware in the industrial space. The US Transportation Security Administration (TSA) updates security rules for oil and natural gas pipeline operators.

Our guest is Mea Clift of Woodard & Curran sharing her perspective on mentorship, internships, and apprenticeships with an eye on OT security.

The Learning Lab has the first part of a discussion about the convergence of OT and IT with Dragos’ Mark Urban and Kimberly Graham, Dragos’ VP of Product Management. 

Control Loop News Brief.

Five Eyes outlines top exploited vulnerabilities.

2022 Top Routinely Exploited Vulnerabilities (CISA)

Brunswick Corporation loses millions to cyberattack.

Marine industry giant Brunswick Corporation lost $85 million in cyberattack, CEO confirms (The Record by Recorded Future)

Brunswick Corporation (NYSE:BC) Q2 2023 Earnings Call Transcript (Insider Monkey)

Ransomware in the industrial space.

Dragos Industrial Ransomware Attack Analysis: Q2 2023 (Dragos)

TSA updates security rules for oil and natural gas pipeline operators.

TSA updates, renews cybersecurity requirements for pipeline owners, operators (TSA)

Control Loop Interview.

The interview is with Mea Clift of Woodard & Curran sharing her perspective and efforts around mentorship and internship/apprenticeship with an eye on OT security and her experience in securing the water/utilities space.

Control Loop Learning Lab.

On the Learning Lab, Mark Urban is joined by Dragos Vice President of Product Management Kimberly Graham in part one of their discussion on the convergence of OT and IT. 

Control Loop OT Cybersecurity Briefing.

A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Learn more about your ad choices. Visit megaphone.fm/adchoices

An unnamed APT has a remote code execution exploit for Rockwell Automation ControlLogix communications modules. Court temporarily blocks water system cybersecurity mandate. Industrial controller vulnerabilities pose a risk to critical infrastructure. US Federal government issues voluntary IoT security guidelines.

Our guest is Mea Clift of Woodard & Curran discussing how compliance should not be a checkbox activity with an eye on OT security and shares her experience in securing the water/utilities space.

On the Learning Lab, Mark Urban is joined by Dragos Vulnerability Analyst Logan Carpenter in final part of three segments focused on vulnerabilities in the OT world.

Webinars.

Webinar: Operationalizing OT Threat Intelligence – a Rockwell Automation ControlLogix Case Study

Join us for this exclusive behind-the-scenes look at how Dragos approaches this on a regular basis, using the recently disclosed Rockwell Automation ControlLogix EtherNet/IP (ENIP) communication module vulnerabilities (CVE-2023-3595 and CVE-2023-3596).

Webinar: Securing Digital Transformation: OT Cybersecurity Innovation and Resilience

As business and innovation come together, digital transformation isn’t a future concept - it’s happening right now. Join Dave Bittner and our friends from AWS, Splunk and Dragos on August 3rd @ 2pm EST for a live panel on “Securing Digital Transformation: OT Cybersecurity Innovation and Resilience” where we’ll dive into secure digital transformation, managing OT/IT cyber risk and the value and vision of Cloud resources.

Control Loop News Brief.

ControlLogix RCE exploit.

Rockwell warns of new APT RCE exploit targeting critical infrastructure (BleepingComputer)

Dragos Enabled Defense Against APT Exploits for Rockwell Automation ControlLogix (Dragos)

Court temporarily blocks water system cybersecurity mandate.

EPA ’disappointed’ by hold on agency efforts to spur water systems cybersecurity (The Washington Post)

Industrial controller vulnerabilities pose a risk to critical infrastructure.

Security flaws in Honeywell devices could be used to disrupt critical industries (TechCrunch)

Implementing the US National Cybersecurity Strategy.

National Cybersecurity Strategy Implementation Plan (The White House)

US Federal government issues voluntary IoT security guidelines.

Biden-⁠Harris Administration Announces Cybersecurity Labeling Program for Smart Devices to Protect American Consumers (The White House)

White House, FCC advance efforts to add security labels to connected devices (CyberScoop)

Control Loop Interview.

The interview is with Mea Clift of Woodard & Curran discussing how compliance should not be a checkbox activity with an eye on OT security and her experience in securing the water/utilities space.

Control Loop Learning Lab.

On the Learning Lab, Mark Urban is joined by Dragos Vulnerability Analyst Logan Carpenter in final part of three segments focused on vulnerabilities in the OT world.

Control Loop OT Cybersecurity Briefing.

A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Japan’s largest port disrupted by ransomware. Cl0p breaches Schneider Electric and Siemens Energy. Solar panel vulnerabilities. Threats and risks to electric vehicle charging stations. RedEnergy ransomware and information stealer targets industrial sectors. CISA advisories.

Our guest is Christopher Ebley from Blackwood returns to discuss the IT/OT cultural divide in the federal space and IT threats that are impacting OT systems.

The Learning Lab continues with part 2 of the 3-part discussion between Dragos’ Mark Urban and Vulnerability Analyst Logan Carpenter talking about vulnerabilities in the OT world.

Control Loop News Brief.

Japan’s largest port disrupted by ransomware.

Japan’s largest port stops operations after ransomware attack (BleepingComputer)

Japan's biggest port, Nagoya, hit by suspected cyberattack (Nikkei Asia)

Pro-Russian hackers target Port of Nagoya, disrupting loading of Toyota parts (The Japan Times)

Nagoya Port Resumes Some Operations After Ransomware Attack (Bloomberg)

Cl0p breaches Schneider Electric and Siemens Energy.

Schneider Electric and Siemens Energy are two more victims of a MOVEit attack (SecurityAffairs)

Siemens Energy confirms data breach after MOVEit data-theft attack (BleepingComputer)

Solar panel vulnerabilities.

Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks (SecurityWeek)

IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits (Unit 42)

Actively Exploited Industrial Control Systems Hardware - SolarView Series (VulnCheck)

Threats and risks to electric vehicle charging stations.

EV Charger Hacking Poses a ‘Catastrophic’ Risk (WIRED)

RedEnergy ransomware and information stealer targets industrial sectors.

Ransomware Redefined: RedEnergy Stealer-as-a-Ransomware attacks (Zscaler)

CISA advisories.

CISA Releases Three Industrial Control Systems Advisories (CISA)

Control Loop Interview.

The interview is with Christopher Ebley of Blackwood talking about the IT/OT cultural divide in the federal space and IT threats impacting OT systems.

Control Loop Learning Lab.

On the Learning Lab, Mark Urban is joined by Dragos Vulnerability Analyst Logan Carpenter in part two of three segments on vulnerabilities in the OT world.

Control Loop OT Cybersecurity Briefing.

A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The US Department of Energy was affected by Cl0p exploitation of MOVEit Transfer. Canada’s oil-and-gas sector is a likely target for Russian cyberattacks. Nuclear weapons cybersecurity is lacking. Access to a US satellite is being hawked in a Russophone cybercrime forum. ICS patches.

Today’s guest is Christopher Ebley from Blackwood talking with us about OT cybersecurity concerns for Federal IT leaders.

The Learning Lab has part one of a 3-part discussion between Dragos’ Mark Urban and Vulnerability Analyst Logan Carpenter talking about vulnerabilities in the OT world.

Control Loop News Brief.

US Department of Energy affected by Cl0p exploitation of MOVEit Transfer.

US government hit by Russia's Clop in MOVEit mass attack (The Register)

Energy Department among ‘several’ federal agencies hit by MOVEit breach (Federal News Network)

Canada’s oil-and-gas sector a likely target for Russian cyberattacks.

The cyber threat to Canada’s oil and gas sector (Canadian Centre for Cyber Security)

Nuclear weapons cybersecurity is lacking.

Nuclear Weapons Cybersecurity: Status of NNSA's Inventory and Risk Assessment Efforts for Certain Systems (GAO)

Access to a US satellite is being hawked in a Russophone cybercrime forum.

Military Satellite Access Sold on Russian Hacker Forum for $15,000 (HackRead)

ICS patches.

ICS Patch Tuesday: Siemens Addresses Over 180 Third-Party Component Vulnerabilities (SecurityWeek)

CISA Releases Four Industrial Control Systems Advisories (CISA)

Lessons learned from the electrical power sector.

Electric Industry Cybersecurity: Lessons Learned from the Frontlines (Dragos)

Control Loop Interview.

The interview is with Christopher Ebley of Blackwood talking about OT cybersecurity concerns for Federal IT leaders.

Control Loop Learning Lab.

On the Learning Lab, Mark Urban is joined by Dragos Vulnerability Analyst Logan Carpenter in the first of three segments to discuss vulnerabilities in the OT world.

Control Loop OT Cybersecurity Briefing.

A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The Cyberspace Solarium Commission looks at obstacles to public-private collaboration in the industrial sector. Malware in the industrial sector increases. Organizations plan to increase their OT cybersecurity budgets. CISA and its partners have released a Joint Guide to Securing Remote Access Software. And the US DoD holds its Cyber Yankee exercise.

Today’s guest is Will Edwards of Schweitzer Engineering Labs discussing cyber awareness syndrome.

The Learning Lab has the conclusion off the discussion between Dragos’ Mark Urban, Principal Adversary Hunter Kyle O’Meara, and Principal Intelligence Technical Account Manager Michael Gardner on threat hunting. 

Control Loop News Brief.

Obstacles to public-private collaboration in the industrial sector.

Revising Public-Private Collaboration to Protect U.S. Critical Infrastructure (CSC 2.0)

NERC’s role in public-private security collaboration can deter utilities from sharing information: report (Utility Dive)

Malware in the industrial sector increases.

2023 Unit 42 Network Threat Trends Research Report (Unit 42)

CISA and partners release Joint Guide to Securing Remote Access Software.

Guide to Securing Remote Access Software (CISA)

US DoD holds Cyber Yankee exercise.

Cyber Yankee Prepares Military, Business for Cyber Threats (Air National Guard)

Control Loop Interview.

The interview is with Will Edwards of Schweitzer Engineering Labs discussing cyber awareness syndrome.

Control Loop Learning Lab.

On the Learning Lab, Mark Urban is joined by Dragos Principal Adversary Hunter Kyle O’Meara and Dragos Principal Intelligence Technical Account Manager Michael Gardener to conclude their discussion on threat hunting. 

Control Loop OT Cybersecurity Briefing.

A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Learn more about your ad choices. Visit megaphone.fm/adchoices

China's Volt Typhoon snoops into US infrastructure, with special attention to Guam. Is CosmicEnergy just red-teaming, or is it a threat straight out of Red Square? Siemens patches a vulnerability endemic to the energy sector. An update on the Vulkan Papers. A cyberattack leads Suzuki to shut down its Indian production line. BlackBasta conducts ransomware attack against Swiss technology company ABB, and claims responsibility for Rheinmetall attack. Food and Agriculture Information Sharing and Analysis Center stands up.

Control Loop News Brief.

China's Volt Typhoon snoops into US infrastructure, with special attention to Guam.

People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection (Joint Cybersecurity Advisory)

Volt Typhoon targets US critical infrastructure with living-off-the-land techniques (Microsoft)

Chinese hackers spying on US critical infrastructure, Western intelligence says (Reuters)

CosmicEnergy, from Russia.

COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises (Mandiant)

This newly-discovered malware could disrupt power generation — and do physical damage (Washington Post)

Siemens patches a vulnerability endemic to the energy sector.

Command Injection Vulnerability in CPCI85 Firmware of SICAM A8000 Devices (Siemens)

An update on Russia’s NTC Vulkan: SIGINT, EW, and cyber ops.

7 takeaways from the Vulkan Files investigation (Washington Post)

Russian Software Programs Threatening Critical Civilian Infrastructure (Dragos)

A cyberattack leads Suzuki to shut down its Indian production line.

Suzuki Motorcycle India plant shut down after cyber attack, production affected (Hindustan Times)

Suzuki motorcycle plant shut down by cyber attack (Bitdefender)

BlackBasta conducts ransomware attack against Swiss technology company ABB.

Multinational tech firm ABB hit by Black Basta ransomware attack (BleepingComputer)

BlackBasta claims responsibility for Rheinmetall attack.

Arms maker Rheinmetall confirms BlackBasta ransomware attack (BleepingComputer)

Food and Agriculture Information Sharing and Analysis Center stands up.

The food and agriculture industry gets a new center to share cybersecurity information (Washington Post)

Control Loop Interview.

The interview is with Gerry Glombicki of Fitch Ratings talking about cyber insurance and his opinions on industrial space.

Control Loop Learning Lab.

On the Learning Lab, Mark Urban is joined by Dragos Principal Adversary Hunter Kyle O’Meara and Dragos Principal Intelligence Technical Account Manager Michael Gardner to continue their discussion on threat hunting. 

Control Loop OT Cybersecurity Briefing.

A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Ukraine argues that cyberattacks against civilian infrastructure should be classified as war crimes. The Five Eyes take down Turla and its Snake malware. An Iranian threat actor turns its attention to infrastructure. The Bitter APT may be targeting Asia-Pacific energy companies. A Colonial Pipeline retrospective. ETHOS: a new private-sector OT risk information-sharing platform. CISA requests comment on software self-attestation form. Guest is Patrick Miller, CEO of Ampere Industrial Security, discussing INSM (Internal Network Security Monitoring) as a concept for the electric sector. In the Learning Lab, Dragos’ Mark Urban is joined by Dragos Principal Adversary Hunter Kyle O’Meara and Dragos Principal Intelligence Technical Account Manager Michael Gardner to discuss threat hunting. 

Control Loop News Brief.

Ukraine argues that cyberattacks against civilian infrastructure should be classified as war crimes.

Russia attacks civilian infrastructure in cyberspace just as it does on ground - watchdog (UKRINFORM)

Russians launch mass cyber attack on online service for queueing to cross border by trucks (Ukrainska Pravda)

Europe’s Air-Traffic Agency Under Attack From Pro-Russian Hackers (Wall Street Journal)

#RSAC: Cyber-Attacks on Civilian Infrastructure Should Be War Crimes, says Ukraine Official (Infosecurity Magazine)

Five Eyes take down Turla and its Snake malware.

Hunting Russian Intelligence “Snake” Malware (Joint Cybersecurity Advisory)

Iranian threat actor exploits N-day vulnerabilities, turns its attention to infrastructure.

Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets (Microsoft)

Bitter APT may be targeting Asia-Pacific energy companies.

Phishing Campaign Targets Chinese Nuclear Energy Industry (Intezer)

The Colonial Pipeline ransomware attack, two years later.

The Attack on Colonial Pipeline: What We’ve Learned & What We’ve Done Over the Past Two Years (CISA)

ETHOS: a new private-sector OT risk information-sharing platform.

OT Cybersecurity Leaders to Deliver First Open-Source Information Sharing for Collective Early Warning in Critical Infrastructure (Globe Newswire)

CISA requests comment on software self-attestation form.

Request for Comment on Secure Software Self-Attestation Common Form (CISA)

OMB, CISA set to release common form for software self-attestation (Infosecurity Magazine)

Control Loop Interview.

The interview is with Patrick Miller, CEO of Ampere Industrial Security, discussing INSM (Internal Network Security Monitoring) as a concept for the electric sector.

Control Loop Learning Lab.

On the Learning Lab, Mark Urban is joined by Dragos Principal Adversary Hunter Kyle O’Meara and Dragos Principal Intelligence Technical Account Manager Michael Gardner to discuss threat hunting. 

Control Loop OT Cybersecurity Briefing.

A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Hacktivists versus irrigation. Maritime cybersecurity. JCDC and pre-ransomware notification. Ransomware at Fincantieri Marinette Marine. NSA warns of Russian ransomware disrupting supply chains. Guest Mike Hoffman is Technical Leader Global Services at Dragos & a SANS instructor. Mike will be discussing IT/OT misalignment.. In the Learning Lab, Dragos’ Mark Urban is joined by Dragos’s Senior Product Manager Jordan Wilkerson to dig into ICS network visibility and monitoring, which is the third of the SANS Institute’s 5 ICS Cybersecurity Critical Controls. 

Control Loop News Brief.

Hacktivists versus irrigation. 

Irrigation Systems in Israel Hit with Cyber Attack that Temporarily Disabled Farm Equipment (CPO Magazine)

Maritime cybersecurity. 

Full Steam Ahead: Enhancing Maritime Cybersecurity (CSC 2.0)

Cyber experts call for CISA to establish maritime equipment test bed (FedScoop)

JCDC and pre-ransomware notification. 

JCDC Cultivates Pre-Ransomware Notification Capability. (CISA)

Ransomware at Fincantieri Marinette Marine.

Ransomware Attack Hits Marinette Marine Shipyard, Results in Short-Term Delay of Frigate, Freedom LCS Construction (USNI News)

Russian ransomware operations aim at disrupting supply chains into Ukraine.

NSA sees ‘significant’ Russian intel gathering on European, U.S. supply chain entities (CyberScoop)

ETHOS: a new private-sector OT risk information-sharing platform.

OT Cybersecurity Leaders to Deliver First Open-Source Information Sharing for Collective Early Warning in Critical Infrastructure (Globe Newswire)

Control Loop Interview.

The interview is with Mike Hoffman, Technical Leader Global Services at Dragos & SANS instructor, discussing the IT/OT misalignment that often occurs when IT counterparts take on the responsibility of carrying out vulnerability management in the OT space.

Control Loop Learning Lab.

On the Learning Lab, Mark Urban is joined by Dragos Senior Product Manager Jordan Wilkerson to discuss the third of the SANS Institute’s 5 ICS Cybersecurity Critical Controls: ICS network visibility and monitoring.

Background link: 

• The Five ICS Cybersecurity Critical Controls

Control Loop OT Cybersecurity Briefing.

A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyberattacks against Canada’s agriculture sector. Hitachi ransomware incident. Africa’s industrial sector under cyberattack. TSA issues new aviation cybersecurity requirements. Ransomware Vulnerability Warning Pilot supports critical infrastructure operators. Patch Tuesday and OT. Guest JD Christopher, Dragos’ Director of Cyber Risk, discusses ICS security standards and regulations and how efforts finalized in 2022 will shape the OT programs of the next decade. In the Learning Lab, Dragos’ Mark Urban is joined by their CEO Robert M. Lee to talk about the unique characteristics of OT and points of IT convergence.

Control Loop News Brief.

Cyberattacks against Canada’s agriculture sector.

Safety Net: A flock of chickens, held for ransom — Growing cyberattacks on Canada's food system threaten disaster (Financial Post)

Hitachi ransomware incident.

Hitachi Energy confirms data breach after Clop GoAnywhere attacks (BleepingComputer)

Africa’s industrial sector targeted with malware.

Threat landscape for industrial automation systems. Statistics for H2 2022 (Kaspersky ICS CERT)

A border-hopping PlugX USB worm takes its act on the road (Sophos)

TSA issues new cybersecurity requirements for the aviation industry.

TSA issues new cybersecurity requirements for airport and aircraft operators (PRNewswire)

Ransomware Vulnerability Warning Pilot supports critical infrastructure operators.

CISA Establishes Ransomware Vulnerability Warning Pilot Program (CISA)

CISA now warns critical infrastructure of ransomware-vulnerable devices (BleepingComputer)

Patch Tuesday and ICS.

ICS Patch Tuesday: Siemens, Schneider Electric Address Dozens of Vulnerabilities (SecurityWeek)

Control Loop Interview.

The interview is with JD Christopher, Director of Cyber Risk at Dragos, sharing ICS security standards and regulations and how the efforts finalized in 2022 will shape OT programs of the next decade.

Control Loop Learning Lab.

On the Learning Lab, Mark Urban is joined by Dragos CEO Robert M. Lee to discuss unique OT characteristics and points of IT convergence.

Control Loop OT Cybersecurity Briefing.

A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The Vulkan Papers. The Cyberspace Solarium Commission recommends that CISA set up a test bed to improve maritime cybersecurity. Dragos CEO on critical infrastructure cybersecurity. The JCDC’s pre-ransomware notification efforts. Guest Mike Hoffman, Technical Leader Global Services at Dragos & a SANS instructor, discusses challenges carrying out vulnerability management. In the Learning Lab, Dragos’ VP Product & Industry Market Strategy Mark Urban concludes his two-part discussion about industrial cyber threat intel & collective intelligence with Seth Lacy, Principal Threat Hunter at Dragos.

Control Loop News Brief.

The Vulkan Papers.

A Look Inside Putin's Secret Plans for Cyber-Warfare (Der Spiegel)

Secret trove offers rare look into Russian cyberwar ambitions (The Washington Post)

Maritime cybersecurity.

Full Steam Ahead: Enhancing Maritime Cybersecurity (Cyberspace Solarium Commission 2.0)

Cyber experts call for CISA to establish maritime equipment test bed (FedScoop)

Dragos CEO on critical infrastructure cybersecurity.

Full Committee Hearing to Examine Cybersecurity Vulnerabilities to the United States' Energy Infrastructure (Senate Committee on Energy and Natural Resources)

JCDC and pre-ransomware notification.

JCDC Cultivates Pre-Ransomware Notification Capability (CISA)

Getting Ahead of the Ransomware Epidemic: CISA’s Pre-Ransomware Notifications Help Organizations Stop Attacks Before Damage Occurs (CISA)

Control Loop Interview.

The interview is with Mike Hoffman, Technical Leader Global Services at Dragos & SANS instructor, discussing challenges carrying vulnerability management.

Control Loop Learning Lab.

In Part 2 of 2, Dragos’ VP Product & Industry Market Strategy Mark Urban speaks with Seth Lacy, Principal Threat Hunter at Dragos, about industrial cyber threat intel & collective intelligence. 

Industrial Cyber Threat Intel & Collective Intelligence links:

• Neighborhood Keeper in the Broader Context of Cyber Threat Intelligence
• Using Trend Analysis to Operationalize OT Threat Intelligence with Neighborhood Keeper

Control Loop OT Cybersecurity Briefing.

A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyberattacks against Canada’s agriculture industry. HItachi ransomware incident. African industrial sector targeted with malware. TSA issues new cybersecurity requirements for the aviation industry. CISA issues a guide for resilience in the maritime industry. Ransomware Vulnerability Warning Pilot supports critical infrastructure operators. Guest is JD Christopher, Dragos’ Director of Cyber Risk, talking about the CISO evolution. In the Learning Lab, Dragos’ VP Product & Industry Market Strategy Mark Urban kicks off his two-part discussion about industrial cyber threat intel & collective intelligence with Seth Lacy, who is a Principal Threat Hunter at Dragos.

Control Loop News Brief.

Cyberattacks against Canada’s agriculture industry.

Safety Net: A flock of chickens, held for ransom — Growing cyberattacks on Canada's food system threaten disaster (Financial Post)

HItachi ransomware incident.

Hitachi Energy confirms data breach after Clop GoAnywhere attacks (BleepingComputer)

African industrial sector targeted with malware.

Threat landscape for industrial automation systems. Statistics for H2 2022 (Kaspersky)

A border-hopping PlugX USB worm takes its act on the road (Sophos)

TSA issues new cybersecurity requirements for the aviation industry.

TSA issues new cybersecurity requirements for airport and aircraft operators (TSA)

CISA issues a guide for resilience in the maritime industry.

Marine Transportation System Resilience Assessment Guide (CISA)

Ransomware Vulnerability Warning Pilot supports critical infrastructure operators.

CISA Establishes Ransomware Vulnerability Warning Pilot Program (CISA)

CISA now warns critical infrastructure of ransomware-vulnerable devices (BleepingComputer)

Control Loop Interview.

The interview is with JD Christopher, Director of Cyber Risk at Dragos, discussing the CISO evolution.

Control Loop Learning Lab.

In Part 1 of 2, Dragos’ VP Product & Industry Market Strategy Mark Urban speaks with Seth Lacy, Principal Threat Hunter at Dragos, about industrial cyber threat intel & collective intelligence. 

Industrial Cyber Threat Intel & Collective Intelligence links:

• Neighborhood Keeper in the Broader Context of Cyber Threat Intelligence
• Using Trend Analysis to Operationalize OT Threat Intelligence with Neighborhood Keeper

Control Loop OT Cybersecurity Briefing.

A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The White House has released its National Cybersecurity Strategy. MKS Instruments discloses a ransomware incident that spread to some of its vendors. Ransomware hits the Dole Food Company. CISA runs a red team assessment against a critical infrastructure organization. And LockBit has claimed responsibility for an attack on a water utility in Portugal. The CyberWire's Tré Hester shares the news this week. Guest Tom Winston, Dragos’ Director of Intelligence Content, recently spoke with Dave Bittner about Dragos’ recently released 2022 Year in Review report. In the Learning Lab, Dragos’ VP Product & Industry Market Strategy Mark Urban completes his two-part discussion about the importance of incident response planning with Vern McCandlish, who is a Principal Industrial Incident Responder at Dragos.

Control Loop News Brief.

White House releases the National Cybersecurity Strategy.

National Cybersecurity Strategy (The White House)

Cranes as a security threat.

Pentagon Sees Giant Cargo Cranes as Possible Chinese Spying Tools (Wall Street Journal)

EPA Memo requires water systems to include cybersecurity in their safety audits.

EPA Takes Action to Improve Cybersecurity Resilience for Public Water Systems (EPA)

MKS Instruments discloses ransomware incident.

Applied Materials will take a $250M hit to sales this quarter, thanks to a cyberattack at one of its suppliers (Silicon Valley Business Journal)

Semiconductor industry giant says ransomware attack on supplier will cost it $250 million (The Record)

Ransomware hits a major food producer.

Cyberattack on food giant Dole temporarily shuts down North America production, company memo says (CNN)

Dole Experiences Cybersecurity Incident (Dole)

Red-teaming critical infrastructure.

CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks (CISA)

LockBit claims attack on water utility in Portugal.

LockBit gang takes credit for attack on water utility in Portugal (The Record)

Control Loop Interview.

The interview is with Tom Winston, Director of Intelligence Content at Dragos, sharing their recently released 2022 Year in Review report.

Control Loop Learning Lab.

In Part 2 of 2, Dragos’ VP Product & Industry Market Strategy Mark Urban speaks with Vern McCandlish, Principal Industrial Incident Responder at Dragos, about the importance of incident response planning. 

Industrial Cyber Threat Intel & Collective Intelligence links:

• Neighborhood Keeper in the Broader Context of Cyber Threat Intelligence
• Using Trend Analysis to Operationalize OT Threat Intelligence with Neighborhood Keeper

Control Loop OT Cybersecurity Briefing.

A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Dragos has released its ICS/OT Cybersecurity Year in Review for 2022, finding a rise in ransomware attacks targeting industrial organizations. Forescout discloses two vulnerabilities affecting the Unity line of Schneider Electric’s Modicon programmable logic controllers. Dozens of vulnerabilities in industrial internet-of-things (IIoT) devices. Tim Starks from the Washington Post's Cybersecurity 202. discusses the upcoming White House National Cyber Strategy and its possible effects on critical infrastructure. In the Learning Lab, Dragos’ VP Product & Industry Market Strategy Mark Urban begins his two-part discussion about the importance of incident response planning with Vern McCandlish, who is a Principal Industrial Incident Responder at Dragos.

Control Loop News Brief.

Dragos releases its ICS/OT Cybersecurity Year in Review for 2022.

2022 ICS/OT Cybersecurity Year in Review (Dragos)

Russian-linked malware was close to putting U.S. electric, gas facilities ‘offline’ last year (Politico)

Schneider PLC vulnerabilities.

Deep Lateral Movement in OT Networks: When Is a Perimeter Not a Perimeter? (Forescout)

The return of ICEFALL: Two critical bugs revealed in Schneider Electric tech (The Record)

Wireless IIoT devices at risk from vulnerabilities.

Industrial Wireless IoT - The direct path to your Level 0 (Otorio)

Control Loop Interview.

The interview is with Tim Starks from the Washington Post's Cybersecurity 202 discussing the upcoming White House National Cyber Strategy and its possible effects on critical infrastructure.

Control Loop Learning Lab.

In Part 1 of 2, Dragos’ VP Product & Industry Market Strategy Mark Urban speaks with Vern McCandlish, Principal Industrial Incident Responder at Dragos, about the importance of incident response planning. 

Industrial Cyber Threat Intel & Collective Intelligence links:

• Neighborhood Keeper in the Broader Context of Cyber Threat Intelligence
• Using Trend Analysis to Operationalize OT Threat Intelligence with Neighborhood Keeper

Control Loop OT Cybersecurity Briefing.

A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Multiple strains of Russian wiper malware are targeting entities in Ukraine. A high-severity command injection vulnerability affects Cisco devices. The IoT supply chain is threatened by exploitation of Realtek Jungle SDK vulnerability. And US Congressman Andrew Garbarino will serve as the new Chairman of the Subcommittee on Cybersecurity and Infrastructure Protection. In Part 2 of 2 in our interview segment from Dragos’ Ask the ISACs discussion led by Dawn Cappelli, Dragos’ Head of OT-CERT, panelists Tim Chase from the MFG-ISAC, Eugene Kipniss from MS-ISAC, Jennifer Lyn Walker from Water ISAC, and Matt Duncan from E-ISAC return. In the Learning Lab, Dragos’ VP Product & Industry Market Strategy Mark Urban concludes his discussion with Lesley Carhart, Dragos’ Director of Incident Response for North America, about creating an ICS/OT specific incident response plan. 

Control Loop News Brief.

Russian wiper malware targets Ukraine.

Russia’s Sandworm hackers blamed in fresh Ukraine malware attack (CyberScoop)

APT Activity Report for T3 2022 (ESET)

Cyber ​​attack on the Ukrinform information and communication system (CERT-UA)

Command injection vulnerability affects Cisco devices.

When Pwning Cisco, Persistence is Key - When Pwning Supply Chain, Cisco is Key (Trellix)

Cisco IOx Application Hosting Environment Command Injection Vulnerability (Cisco)

Congressman Andrew Garbarino to serve as Chairman of the Subcommittee on Cybersecurity and Infrastructure Protection.

Garbarino Selected To Chair Cybersecurity Subcommittee (Office of Andrew Garbarino)

IoT supply chain threatened by exploitation of Realtek Jungle SDK vulnerability.

Network Security Trends: August-October 2022 (Unit 42)

Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats (Unit 42)

Control Loop Interview.

The interview is the second part from Dragos’ Ask the ISACs discussion led by Dawn Cappelli, Dragos’ Head of OT-CERT, with panelists Tim Chase from the MFG-ISAC, Eugene Kipniss from MS-ISAC, Jennifer Lyn Walker from Water ISAC, and Matt Duncan from E-ISAC. 

Control Loop Learning Lab.

In Part 2 of 2, Dragos’ VP Product & Industry Market Strategy Mark Urban speaks with Lesley Carhart, Dragos’ Director of Incident Response for North America, about creating an ICS/OT specific incident response plan. 

Control Loop OT Cybersecurity Briefing.

A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The NOTAM outage was reportedly caused by a corrupted file. The World Economic forum sees geopolitical instability as a source of cyber risk. The Copper Mountain Mining Corporation is working to recover its IT systems following a ransomware attack. DNV's fleet management software sustains a ransomware attack. Ukrainian hacktivists conducted DDoS attacks against Iranian sites. And a cyberattack against a Nunavut power utility.Our interview segment is part one of two from Dragos’ Ask the ISACs discussion led by Dawn Cappelli, Dragos’ Head of OT-CERT, with panelists Tim Chase from the MFG-ISAC, Eugene Kipniss from MS-ISAC, Jennifer Lyn Walker from Water ISAC, and Matt Duncan from E-ISAC. On part 1 of 2 in the Learning Lab, Dragos’ VP Product & Industry Market Strategy Mark Urban speaks with Lesley Carhart, Dragos’ Director of Incident Response for North America, about creating an ICS/OT specific incident response plan. 

Control Loop News Brief.

NOTAM outage appears to have been caused by a system error.

US Aviation System Meltdown Tied to Corrupted Digital File (Bloomberg)

Here's the latest on the NOTAM outage that caused flight delays and cancellations (NPR)

The WEF’s Cybersecurity Outlook for 2023.

Global Cybersecurity Outlook 2023 (World Economic Forum)

Mining company resumes operations after ransomware attack.

Copper Mountain Mining Provides Operational Update on Ransomware Attack (Copper Mountain Mining Corporation)

DNV's fleet management software sustains ransomware attack.

Cyber-attack on ShipManager servers – update (DNV)

Ukrainian hacktivists conduct DDoS against Iranian sites.

Iranian websites impacted by pro-Ukraine DDoS attacks (SC Media)

Iran’s support of Russia draws attention of pro-Ukraine hackers (The Record)

Cyberattack hits Nunavut energy company’s IT systems.

Quilliq Energy Corporation Impacted by a Cyberseurity Incident (QEC)

Premier comments on QEC cyber-security incident (Nunavut Department of Executive and Intergovernmental Affairs)

Control Loop Interview.

The interview is part one of two from Dragos’ Ask the ISACs discussion led by Dawn Cappelli, Dragos’ Head of OT-CERT, with panelists Tim Chase from the MFG-ISAC, Eugene Kipniss from MS-ISAC, Jennifer Lyn Walker from Water ISAC, and Matt Duncan from E-ISAC. 

Control Loop Learning Lab.

In Part 1 of 2, Dragos’ VP Product & Industry Market Strategy Mark Urban speaks with Lesley Carhart, Dragos’ Director of Incident Response for North America, about creating an ICS/OT specific incident response plan. 

Learn more about your ad choices. Visit megaphone.fm/adchoices

A Canadian mining company shuts down its mill following a ransomware attack. The Port of Lisbon has sustained a cyberattack, with the LockBit ransomware gang claiming credit. Rail company Wabtec begins notifying victims of data breach following a ransomware attack. New York’s governor signs legislation seeking to secure power grids. And an upcoming NATO study will analyze hybrid warfare. Guest Kaleb Flem, Senior Cyber Threat Intel Analyst at Southern California Edison, returns for the second part of his interview to discuss the transition from the military and Intelligence Community to the OT space. The Learning Lab segment will return in our next episode.

Control Loop News Brief.

Canadian mining company hit by ransomware.

Copper Mountain Mining Subject to Ransomware Attack and Implements Risk Management Systems and Protocols (Canada NewsWire)

Canadian copper mine suffers ransomware attack, shuts down mills (The Record)

Port of Lisbon sustains cyberattack.

LockBit claims an attack on the Port of Lisbon (CyberNews)

Rail company begins notifying victims of data breach.

Data Security Incident Update – Personal Data Breach Public Communication (Wabtec Corporation)

Billion-dollar rail firm confirms data breach after suspected ransomware attack (The Record)

New York legislation seeks to secure power grids.t

Governor Hochul Signs Nation-leading Legislation to Protect Energy Grid from Cyber Threats (Governor Kathy Hochul)

NATO study will analyze hybrid warfare.

How NATO can keep pace with hybrid threats in the Black Sea region and beyond (Atlantic Council)

Control Loop Interview.

Kaleb Flem, Senior Cyber Threat Intel Analyst at Southern California Edison, returns for the second part of his interview to discuss the transition from the military and Intelligence Community to the OT space.

Control Loop Learning Lab.

The Learning Lab will return in our next episode.

Learn more about your ad choices. Visit megaphone.fm/adchoices

This interview from December 2nd, 2022 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Maria Varmazis sits down and interviews Brandon Bailey about Space Attack Research and Tactic Analysis, or SPARTA matrix.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft offers predictions for Russia’s war in Ukraine. A wiper targets the diamond industry. New version of Babuk ransomware hits manufacturing company. Cyberattacks against the manufacturing industry. Cybersecurity for farming equipment. CISA issues ICS advisories. Guest Kaleb Flem, Senior Cyber Threat Intel Analyst at Southern California Edison, discusses maximizing threat intelligence at a utility. And, in Part 2 of 2 on the Learning Lab, Mark Urban and Dragos’ CISO Steve Applegate talk about starting an OT cybersecurity program.

Control Loop News Brief.

Predictions for Russia’s war in Ukraine.

Preparing for a Russian cyber offensive against Ukraine this winter (Microsoft)

A wiper targets the diamond industry.

Fantasy – a new Agrius wiper deployed through a supply‑chain attack (ESET)

New version of Babuk ransomware hits manufacturing company.

Morphisec Discovers Brand New Babuk Ransomware Variant in Major Attack (Morphisec)

Cyberattacks against the manufacturing industry.

BlackBerry/Make UK Research Reveals UK Manufacturing Sector Under Threat as Almost Half Suffer Cyberattack in the Last 12 Months (BlackBerry)

Cybersecurity for farms.

Tractors vs. threat actors: How to hack a farm (ESET)

CISA’s ICS advisories.

CISA Releases Three Industrial Control Systems Advisories (CISA)

Iguana triggers blackout.

Rogue iguana causes widespread power outage in Lake Worth Beach (The Sun Sentinel)

Control Loop Interview.

Guest Kaleb Flem, Senior Cyber Threat Intel Analyst at Southern California Edison, discusses maximizing threat intel at a utility.

Control Loop Learning Lab.

Part 2 of 2 has Dragos CISO Steve Applegate talking with Dragos' Mark Urban about starting an OT cybersecurity program. 

Learn more about your ad choices. Visit megaphone.fm/adchoices

The US Government Accountability Office issues a report on offshore oil and gas cybersecurity. The Oak Ridge National Laboratory seeks to secure power grids. Boa web server vulnerabilities used to target energy organizations. CISA updates its Infrastructure Resilience Planning Framework. And CISA issues advisories for ICS vulnerabilities. Guests Mara Winn and Guohui Yuan join us from the Department of Energy to discuss their report, "Cybersecurity Considerations for Distributed Energy Resources on the U.S. Electric Grid.” In Part 1 of 2 on the Learning Lab, Mark Urban and Dragos’ CISO Steve Applegate talk about starting an OT cybersecurity program.

Control Loop News Brief.

GAO issues report on offshore oil and gas cybersecurity.

Offshore Oil and Gas: Strategy Urgently Needed to Address Cybersecurity Risks to Infrastructure (US Government Accountability Office)

ORNL seeks to secure power grids.

DarkNet: Lighting up a secure grid communication network (ORNL)

Boa web server vulnerabilities.

Vulnerable SDK components lead to supply chain risks in IoT and OT environments (Microsoft)

Continued Targeting of Indian Power Grid Assets by Chinese State-Sponsored Activity Group (Recorded Future)

Sandworm renews ransomware activity against Ukrainian targets.

New ransomware attacks in Ukraine linked to Russian Sandworm hackers (BleepingComputer)

CISA updates its Infrastructure Resilience Planning Framework.

Infrastructure Resilience Planning Framework (CISA)

CISA issues ICS advisories.

CISA Releases Eight Industrial Control Systems Advisories (CISA)

CISA Releases Seven Industrial Control Systems Advisories (CISA)

Control Loop Interview.

Guests Mara Winn and Guohui Yuan from the Department of Energy discuss their report, "Cybersecurity Considerations for Distributed Energy Resources on the U.S. Electric Grid.”

Control Loop Learning Lab.

In Part 1 of 2 on the Learning Lab, Mark Urban and Dragos’ CISO Steve Applegate talk about starting an OT cybersecurity program.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The US Department of Energy seeks to improve visibility into ICS environments. NIST has issued a proposal for upgrading cybersecurity at water plants in the US. A patch has been issued for a critical vulnerability that affects flow computers from ABB. Guest Ashif Samnani of Cenovus Energy shares insights from his nearly two decade career in the OT world. In the Learning Lab, hear the third in a series with Mike Hoffman, a Principal Industrial Consultant at Dragos, teaching infosec professionals how to think about OT security. This segment discusses looking at crown jewel analysis and understanding what really matters within your environment.

Control Loop News Brief.

US Department of Energy seeks to improve visibility into ICS environments.

“DOE Pivots Security Strategy as 'Smart' Tech Use Soars,” (GovCIO)

NIST proposal for upgrading cybersecurity at water plants.

“NIST proposes project to improve cybersecurity at water utilities,” (FedScoop)

“[Project Description] Securing Water and Wastewater Utilities: Cybersecurity for the Water and Wastewater Systems Sector,” (NIST)

“Securing Water and Wastewater Utilities,” (National Cybersecurity Center of Excellence)

Critical vulnerability affects flow computers.

ABB Oil and Gas Flow Computer Hack Can Prevent Utilities From Billing Customers (SecurityWeek)

CISA releases twenty ICS Security Advisories.

CISA Releases Twenty Industrial Control Systems Advisories (CISA)

Control Loop Interview.

Guest Ashif Samnani, Industrial Control System Cyber Security Leader at Cenovus Energy, shares some insights from his nearly two decade career across the OT world.

Control Loop Learning Lab.

Our Learning Lab segment is the third in a series of three with Mike Hoffman, Principal Industrial Consultant at Dragos, teaching infosec professionals how to think about OT security. This segment discusses looking at crown jewel analysis and understanding what really matters within your environment.

Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA releases cross-sector cybersecurity performance goals. A look at the ransomware threat to industrial organizations. The TSA says it will issue new aviation cybersecurity requirements, and announces a railway cybersecurity directive. The White House focuses on cybersecurity in the chemical sector. Guest Jim Richberg of Fortinet addresses the evolving threat landscape and coming supply chain risks. In the Learning Lab, hear the second in a series with Mike Hoffman, a Principal Industrial Consultant at Dragos, teaching infosec professionals how to think about OT security. This segment discusses the critical aspects of OT systems that have to be considered before thinking about security.

Control Loop News Brief.

CISA releases cross-sector cybersecurity performance goals. 

“Cross-sector Cybersecurity Performance Goals,” (CISA)

The ransomware threat to industrial organizations.

“Dragos Industrial Ransomware Analysis: Q3 2022,” (Dragos)

Leading European metals producer hit with malware.

“Aurubis says it was hit in wider cyberattack on metals industry” (Reuters)

Copper Giant Aurubis Shuts Down Systems Due to Cyberattack (SecurityWeek)

TSA says it will issue new aviation cybersecurity requirements.

“U.S. to issue new cybersecurity requirements for critical aviation systems,” (Reuters)

TSA announces railway cybersecurity directive.

“Rail Cybersecurity Mitigation Actions and Testing,” (TSA)

White House focuses on cybersecurity in the chemical sector.

“FACT SHEET: Biden-⁠Harris Administration Expands Public-Private Cybersecurity Partnership to Chemical Sector,” (The White House)

“White House Adds Chemical Sector to ICS Cybersecurity Initiative,” (SecurityWeek)

Control Loop Interview.

Guest Jim Richberg of Fortinet joins us to discuss the evolving threat landscape and coming supply chain risks.

Control Loop Learning Lab.

Our Learning Lab segment is the first in a series of three with Mike Hoffman, Principal Industrial Consultant at Dragos, teaching infosec professionals how to think about OT security. IN this segment, he discusses the critical aspects of OT systems that have to be considered before thinking about security.

Learn more about your ad choices. Visit megaphone.fm/adchoices

An assessment of port and terminal cybersecurity in the US. Tata Power discloses a cyberattack. The White House issues statements on cybersecurity. India’s power company collaborates on energy sector cybersecurity. Guests Special Agent in Charge, Tom Sobocinski, and Supervisory Special Agent for Cyber, Tom Breeden, of the FBI Baltimore Field Office, discuss the FBI's collaborative approach to working with industry. In the Learning Lab, Mike Hoffman of Dragos kicks off the first of 3 segments on teaching infosec professionals how to think about OT security with the fundamental differences between IT security and OT security.

Control Loop News Brief.

Port and terminal cybersecurity.

“US Ports and Terminals Sustain Increased Cybersecurity Attacks,”(Jones Walker LLP)

Cyber attack against Tata Power.

“Indian energy company Tata Power announces cyberattack affecting IT infrastructure,” (The Record)

“Tata Power says hit by cyber attack, says critical system functioning,” (Mint)

“Tata Power says hit by cyber attack,” (The Economic Times)

Sabotage and terrorism directed against infrastructure.

“Russia’s MFA summons German, Danish, Swedish envoys over Nord Stream probe,” (TASS)

White House statement on cybersecurity.

“FACT SHEET: Biden-⁠Harris Administration Delivers on Strengthening America’s Cybersecurity,” (The White House)

India collaborates on energy sector cybersecurity.

“New collaboration to tackle cybersecurity issues in power transmission systems,” (India Science Wire)

Control Loop Interview.

Guests are FBI Baltimore Special Agent in Charge, Tom Sobocinski, and Supervisory Special Agent for Cyber, Tom Breeden, sharing the FBI's collaborative approach to working with industry.

Control Loop Learning Lab.

Our Learning Lab segment is the first in a series of three with Mike Hoffman, Principal Industrial Consultant at Dragos, teaching infosec professionals how to think about OT security. This episode's segment is about the fundamental differences between IT security and OT security.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Nord Stream pipelines sabotaged in a kinetic attack. NSA and CISA issue guidance on ICS threats. Ukraine anticipates Russian cyberattacks against the energy sector. Dragos receives CVE numbering authority. CISA's ICS Advisories. Guest Dawn Cappelli of Dragos shares an update on OT-CERT. In the Learning Lab, Mark Urban and Phil Tonkin of Dragos talk about where does all that electricity that is generated go?

Control Loop News Brief.

Nord Stream pipelines sabotaged in a kinetic attack.

Sweden Detected Two Underwater Explosions Near Nord Stream Leak (Bloomberg)

Germany Suspects Sabotage Hit Russia’s Nord Stream Pipelines (Bloomberg)

European leaders blame Russian ‘sabotage’ after Nord Stream explosions (The Washington Post)

Kremlin dismisses 'stupid' claims Russia attacked Nord Stream (Reuters)

EU vows to protect energy network after 'sabotage' of Russian gas pipeline (Reuters)

NSA and CISA issue guidance on ICS threats.

NSA, CISA: How Cyber Actors Compromise OT/ICS and How to Defend Against It (NSA)

NSA and CISA explain the potential consequences of these attacks.

Control System Defense: Know the Opponent (NSA/CISA)

Dragos receives CVE numbering authority.

The CVE Program Recognizes Dragos as a Numbering Authority for Common Vulnerabilities and Exposures (Dragos)

CISA's ICS Advisories.

CISA Releases Eight industrial Control Systems Advisories (CISA)

Control Loop Interview.

Dawn Cappelli of Dragos shares an update on OT-CERT now that it's live and providing free resources to small and medium sized organizations with OT environments.

Control Loop Learning Lab.

In Part 2 of the Learning Lab segment on electricity, Mark Urban is joined by Dragos' Senior Director of Strategy Phil Tonkin. Now that we know how much electricity is generated, Phil sheds some light on where it all goes.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The Palestinian hacktivist group GhostSec compromises Israeli PLCs. North Korea’s Lazarus Group targets the energy sector. The White House issues a memorandum on supply chain security. CISA issues advisories on ICS vulnerabilities. Guest Rachael Conrad of Rockwell Automation talks about how industrial automation organizations can achieve their connected enterprise by providing a safe and secure OT infrastructure. In the Learning Lab, Dragos' Mark Urban discusses the scale of the generation of electricity.

Control Loop News Brief.

Palestinian threat actor compromises Israeli PLCs.

“Pro-Palestinian Hacking Group Compromises Berghof PLCs in Israel,” (OTIRO)

Lazarus Group targets the energy sector.

“Lazarus and the tale of three RATs,” (Cisco Talos)

White House issues memorandum on software supply chain security.

“Enhancing the Security of the Software Supply Chain to Deliver a Secure Government Experience,” (The White House)

CISA issues ICS advisories.

MZ Automation libIEC61850 (CISA)

PTC Kepware KEPServerEX (CISA)

Baxter Sigma Spectrum Infusion Pump (CISA)

Hillrom Medical Device Management (Update A) (CISA)

Hitachi Energy TXpert Hub CoreTec 4 Sudo Vulnerability (CISA)

Honeywell SoftMaster (CISA)

Delta Industrial Automation DIAEnergie (CISA)

Kingspan TMS300 CS (CISA)

Paradox IP150 (Update A) (CISA)

Siemens Mobility CoreShield OWG Software (CISA)

Siemens Simcenter Femap and Parasolid (CISA)

Siemens RUGGEDCOM ROS (CISA)

Siemens Mendix SAML Module (CISA)

Siemens SINEC INS (CISA)

Siemens RUGGEDCOM ROS (Update A) (CISA)

Simcenter Femap and Parasolid (CISA)

Siemens Industrial Products Intel CPUs (Update A) (CISA)

Siemens OpenSSL Affected Industrial Products (CISA)

Siemens OpenSSL Vulnerability in Industrial Products (Update E) (CISA)

Siemens SCALANCE (CISA)

Control Loop Interview.

Rachael Conrad of Rockwell Automation joins Dave Bittner to talk about how industrial automation organizations can achieve their connected enterprise by providing a safe and secure OT infrastructure.

Control Loop Learning Lab.

The Learning Lab has Mark Urban of Dragos, in part one of a two-part segment on electricity, explores the scale of the generation of electricity. For more detail, check out this blog post on Electricity by the Numbers.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Cybersecurity for the food industry. Montenegro works to recover from Russian cyber offensive. NSTAC recommends cataloging Federal OT assets. Chemical sector cybersecurity. Kinetic attacks affect Ukrainian nuclear power plant. CISA ICS alerts. Guest Dean Parsons from SANS joins us to discuss attacks against critical infrastructure. The Learning Lab finds Dragos' Mark Urban joined by Miriam Lorbert breaking down the fundamentals of the control loop.

Control Loop News Brief.

Food industry cybersecurity.

Food Processing Special Report Reveals Increasing Concern of Cyber Attacks for Food & Beverage Industry (Dragos)

Montenegro works to recover from Russian cyber offensive.

FBI's team to investigate massive cyberattack in Montenegro (AP NEWS)

US issues rare security alert as Montenegro battles ransomware (TechCrunch)

Cuba ransomware group claims attack on Montenegro government (IT PRO)

Cuba Ransomware Team claims credit for attack on Montenegro (Databreaches.net)

Montenegro blames Cuba ransomware for cyberattack (Cybernews)

Montenegro Sent Back to Analog by Unprecedented Cyber Attacks (Balkan Insight)

Montenegro blames criminal gang for cyber attacks on government (EU Reporter)

Ransomware Attack Sends Montenegro Reaching Out to NATO Partners (Bloomberg)

NSTAC recommends cataloging Federal OT assets.

NSTAC Urges CISA Action to Boost Security of Feds’ OT Systems (MeriTalk)

Chemical sector cybersecurity.

Chemical Sector Next in Line for White House Plan to Incentivize Cybersecurity (Nextgov.com)

Kinetic attacks affect Ukrainian nuclear power plant.

Ukraine says nuclear plant offline after Russian shelling (AP NEWS)

Russia-Ukraine war: Ukraine accuses Russia of shelling town by Zaporizhzhia nuclear plant as inspectors arrive – live (the Guardian) 

UN inspectors arrive at Ukraine nuclear plant amid fighting (AP NEWS)

U.N. Inspectors Gauge Risks at Nuclear Plant as Ukraine and Russia Trade Accusations (New York Times)

IAEA head ignores gunfire to visit Ukraine nuclear plant, says experts to stay (Reuters)

CISA ICS alerts.

Hitachi Energy FACTS Control Platform (FCP) Product (CISA)

Hitachi Energy Gateway Station (GWS) Product (CISA)

Hitachi Energy MSM Product (CISA)

Hitachi Energy RTU500 series (CISA)

Fuji Electric D300win (CISA)

Honeywell ControlEdge (CISA)

Honeywell Experion LX (CISA)

Honeywell Trend Controls Inter-Controller Protocol (CISA)

Omron CX-Programmer (CISA)

PTC Kepware KEPServerEX (CISA)

Sensormatic Electronics iSTAR (CISA)

Mitsubishi Electric GT SoftGOT2000 (CISA)

Contec Health CMS8000 (CISA)

Delta Electronics DOPSoft (CISA) 

Dragos Industrial Security Conference 2022.

Mark your calendar for Saturday, November 5, 2022, for the next Dragos Industrial Security Conference (DISC), 100% free as a thank you to the ICS asset owner and operator community. You’ll hear ICS research on threats, malware, incidents, and vulnerabilities conducted by our intelligence and threat operations teams. Visit http://dragos.com/disc-2022 to learn more and register.

Control Loop Interview.

Dean Parsons from SANS talks about cyber attacks against critical infrastructure, the future of geopolitical conflict, active ICS defense using ICS-threat hunting techniques, and the difference between IT/OT incident response.

Control Loop Learning Lab.

Do you want to know how a toilet became the very first industrial control system more than 2000 years ago? Hear about it in the Learning Lab where Mark Urban speaks with Miriam Lorbert, Senior Industrial Consultant at Dragos, about the fundamentals of the control loop.

Learn more about your ad choices. Visit megaphone.fm/adchoices

DOE invests in securing the US power grid. CISA’s recent ICS security advisories. Industroyer2 makes an appearance in Ukraine. DDoS attack against Energoatom’s website. Ransomware trends and the threat to OT systems. Ransomware gang attempts to extort the wrong water company.

Control Loop News Brief.

DOE invests in securing the US power grid. 

DOE invests $45 million in cyber technology that protects power sector (The Hill) 

CISA’s recent ICS security advisories.

Cisco Releases Security Update for Multiple Products (CISA)

Siemens Simcenter STAR-CCM+ (CISA)

Siemens Teamcenter (CISA) 

Schneider Electric EcoStruxure, EcoStruxure Process Expert, SCADAPack RemoteConnect for x70 (CISA)

Emerson ROC800, ROC800L and DL8000 (CISA)

Siemens SICAM A8000 Web Server Module (CISA) 

Siemens SICAM TOOLBOX II (CISA)

Siemens SCALANCE (CISA) 

Siemens SIMATIC S7-400 (CISA) 

Siemens Industrial Products Intel CPUs (Update A) (CISA) 

Siemens Industrial Products LLDP (Update B) (CISA) 

Siemens Linux-based Products (Update G) (CISA) 

Siemens Datalogics File Parsing Vulnerability (CISA)

Siemens S7-400 CPUs (Update A) (CISA)

Siemens SIMATIC Software Products (Update B) (CISA) 

Siemens SIMATIC S7-1200 and S7-1500 CPU Families (Update B) (CISA)

Baxter Sigma Spectrum Infusion Pumps (Update B) (CISA)

Siemens Industrial Products with OPC UA (Update H) (CISA)

Siemens PROFINET Stack Integrated on Interniche Stack (CISA) 

Siemens TIA Portal (Update C) (CISA) 

Siemens Teamcenter (CISA) 

Siemens Industrial Devices using libcurl (CISA)

Siemens SIMATIC WinCC and PCS (CISA)

Siemens Teamcenter (CISA)

Siemens Industrial Products (CISA)

Siemens OpenSSL Vulnerabilities in Industrial Products (CISA)

Siemens RUGGEDCOM ROS (CISA) 

Simcenter Femap and Parasolid (CISA) 

Siemens SRCS VPN Feature in SIMATIC CP Devices (CISA) 

Yokogawa CENTUM Controller FCS (CISA)

LS ELECTRIC PLC and XG5000 (CISA)

Delta Industrial Automation DRAS (CISA)

Softing Secure Integration Server (CISA)

B&R Industrial Automation Automation Studio 4 (CISA)

Emerson Proficy Machine Edition (CISA)

Sequi PortBloque S (CISA)

Siemens Industrial Products with OPC UA (CISA)

Siemens Linux-based Products (Update J) (CISA)

Siemens Industrial Products LLDP (Update D) (CISA)

Siemens OpenSSL Affected Industrial Products (Update B) (CISA)

Mitsubishi Electric MELSEC iQ-R, Q, L Series and MELIPC Series (Update A) (CISA)

Mitsubishi Electric Multiple Factory Automation Products (Update A) (CISA)

Industroyer2 makes an appearance in Ukraine. 

Ukraine cyber chief pays surprise visit to 'Black Hat' hacker meeting in Las Vegas (Reuters) 

Black Hat 2022‑ Cyberdefense in a global threats era (WeLiveSecurity) 

DDoS attack against Energoatom’s website. 

Ukraine’s state-owned nuclear power operator said Russian hackers attacked website (The Record) 

Ransomware trends and the threat to OT systems. 

Dragos Industrial Ransomware Analysis: Q2 2022 (Dragos) 

Ransomware gang attempts to extort the wrong water company.

Hackers attack UK water supplier but extort wrong company (BleepingComputer)

Control Loop Interview.

Jason Christopher, Director of Cyber Risk at Dragos, Boards and threat-informed industrial risk management

Control Loop Learning Lab.

David Foose, Senior Product Manager at Dragos, talking with Mark Urban of Dragos about SCADA.

Learn more about your ad choices. Visit megaphone.fm/adchoices

BlackCat ransomware gang hits Luxembourg energy company. Predatory Sparrow's assault on Iran's steel industry. MOXA issues patches for two vulnerabilities. ICS security advisories. Two security bills pass the US House. Insider threat: Spain arrests nuclear plant employees. The human risk to OT systems.

Control Loop News Brief.

BlackCat ransomware gang hits Luxembourg energy company.

BlackCat ransomware gang hits Luxembourg energy supplier Creos (Computing)

Luxembourg energy provider Encevo Group battles ransomware attack by BlackCat (Tech Monitor)

BlackCat ransomware claims attack on European gas pipeline (BleepingComputer)

Luxembourg energy companies struggling with alleged ransomware attack, data breach (The Record by Recorded Future) 

Predatory Sparrow's assault on Iran's steel industry.

Predatory Sparrow: Who are the hackers who say they started a fire in Iran? (BBC News)

Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents' (CyberScoop) 

MOXA issues patches for two vulnerabilities.

Moxa NPort Device Flaws Can Expose Critical Infrastructure to Disruptive Attacks (SecurityWeek)

Two Moxa Zerodays — ICSRange.com - Powered by En Garde Security (ICSRange.com - Powered by En Garde Security)

ICS security advisories.

Inductive Automation Ignition (CISA)

Honeywell Safety Manager (CISA)

Honeywell Saia Burgess PG5 (CISA)

MOXA NPort 5110 (CISA)

Mitsubishi MELSEC and MELIPC Series (Update D) (CISA)

Rockwell Products Impacted by Chromium Type Confusion Vulnerability (CISA)

Mitsubishi FA Engineering Software (Update B) (CISA)

Mitsubishi Electric Factory Automation Engineering Software (Update C) (CISA)

Mitsubishi Electric Factory Automation Products Path Traversal (Update C) (CISA)

Mitsubishi Electric Factory Automation Engineering Products (Update H) (CISA)

Mitsubishi Electric FA Engineering Software Products (Update F) (CISA)

Delta Electronics DIAEnergie (Update C) (CISA)

Delta Electronics DIAEnergie (Update C) (CISA)

Security bills pass the US House.

House Passes Cybersecurity Bills Focusing on Energy Sector, Information Sharing (SecurityWeek)

Insider threat: Spain arrests nuclear plant employees.

Spanish police arrest two accused of hacking radioactivity alert system (Record by Recorded Future)

The human risk to OT systems.

The 2022 State of Operational Technology (SCADAfence)

Control Loop Interview.

Bryson Bort from SCYTHE, on threat emulation for critical infrastructure, season 3 of Hack the Plant with the Atlantic Council, and the ICS Village at Def Con in collaboration with CISA.

Bryson Bort on LinkedIn

Control Loop Learning Lab.

Jim Gilsinn, Technical Leader at Dragos Global Services Team, discusses Security Directive Pipeline-2021-02C, pipeline cybersecurity mitigation actions, contingency planning, and testing, with Mark Urban, VP of Product Market Strategy at Dragos.

Jim Gilsinn on LinkedIn

Mark Urban on LinkedIn

U.S. Transportation Safety Administration (TSA) Pipeline Security Directive

Subscribe to the Control Loop Newsletter here with new editions published every month.

Learn more about your ad choices. Visit megaphone.fm/adchoices

More deniable DDoS attacks strike countries friendly to Ukraine. Russian intentions and capabilities in its hybrid war. Log4j is now “endemic.” CISA’s ICS security advisories. Operational technology and the C2C market. TSA issues revised pipeline cybersecurity guidelines. Zero-trust comes to OT.

Our guest is Puesh Kumar from the Department of Energy, discussing the DOE’s efforts to secure critical infrastructure, and to secure clean energy infrastructure.

In the Learning Lab, Kimberly Graham, senior director of product management at Dragos, talks with Mark Urban about the alphabet soup of OT. 

Control Loop News Brief.

Threats to infrastructure in a hybrid war.

Ignitis Group hit by DDoS attack as Killnet continues Lithuania campaign (Tech Monitor) Ignitis services were knocked offline this weekend in a DDoS attack as Russian hackers Killnet target Ukraine's allies.

US seeking to understand Russia’s failure to project cyber power in Ukraine (Defense News) “With regard to the Russian use of cyber and our takeaways,” Anne Neuberger said, “there are any number of theories for what we saw and what, frankly, we didn’t see.”

Battling Moscow's hackers prior to invasion gave Kyiv 'full dress rehearsal' for today's cyber warfare (CyberScoop) Years of cyberattacks have helped prepare Ukraine to fight back against Russia's arsenal of digital weapons.

Log4j is now “endemic.”

DHS Review Board Deems Log4j an 'Endemic' Cyber Threat (Dark Reading) Vulnerability will remain a "significant" threat for years to come and highlighted the need for more public and private sector support for open source software ecosystem, Cyber Safety Review Board says.

DHS board: No one used software inventories to find vulnerable Log4j deployment (FedScoop) Many in government and industry want SBOMs to be the secure software development compliance standard, but the technology remains limited.

Review of the December 2021 Log4j Event (Cyber Safety Review Board) We write this report at a transformational moment for the digital ecosystem. The infrastructure on which we rely daily has become deeply interconnected through the use of shared communications, software, and hardware, making it susceptible to vulnerabilities on a global scale.

Dragos and Emerson Expand Global Agreement to Secure Industrial Infrastructure for Process Industries (Dragos) Dragos Extends ICS/OT Cybersecurity to Emerson’s DeltaV Distributed Control System to Protect Process Industries.

CISA’s ICS security advisories.

Hundreds of ICS Vulnerabilities Disclosed in First Half of 2022 (Security Week) More than 600 industrial control system (ICS) product vulnerabilities were disclosed in the first half of 2022 by the US Cybersecurity and Infrastructure Security Agency (CISA), according to an analysis conducted by industrial asset and network monitoring company SynSaber.

Operational technology and the criminal-to-criminal market. 

Hackers are targeting industrial systems with malware (Ars Technica) An entire ecosystem of sketchy software is targeting potentially critical infrastructure.

Hackers Distributing Password Cracking Tool for PLCs and HMIs to Target Industrial Systems (The Hacker News) Hackers Distributing Password Cracking Tool for PLCs and HMIs to Infect Industrial Systems with Sality Malware

The Trojan Horse Malware & Password “Cracking” Ecosystem Targeting Industrial Operators (Dragos) Learn more about Dragos's discovery of an exploit introduced through password "cracking" software that targets industrial engineers and operators.

TSA issues revised pipeline cybersecurity guidelines. 

TSA revises and reissues cybersecurity requirements for pipeline owners and operators (Transportation Security Administration) The Transportation Security Administration (TSA) announced the revision and reissuance of its Security Directive regarding oil and natural gas pipeline cybersecurity. This revised directive will continue the effort to build cybersecurity resiliency for the nation’s critical pipelines.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A cyberattack hits a Ukrainian energy provider. A Chinese-speaking threat actor targets building automation systems. An Iranian steel mill suspends production due to a cyberattack. The US US TSA issues relaxed pipeline cybersecurity directives. A US cybersecurity bill focuses on training. 

Ian Frist from BlueVoyant joins us to discuss on what CMMC will mean for ICS environments. 

And in the Learning Lab, Robert M Lee joins us to explain the five critical controls for ICS.

Control Loop News Brief.

Russian hackers allegedly target Ukraine's biggest private energy firm (CNN) Russian hackers carried out a "cyberattack" on Ukraine's biggest private energy conglomerate in retaliation for its owner's opposition to Russia's war in Ukraine, the firm said Friday.

Attacks on industrial control systems using ShadowPad (Kaspersky) In mid-October 2021 Kaspersky ICS CERT researchers uncovered an active ShadowPad backdoor infection on industrial control systems (ICS) in Pakistan.

Cyberattack Forces Iran Steel Company to Halt Production (SecurityWeek) One of Iran’s major steel companies said Monday it was forced to halt production after being hit by a cyberattack that also targeted two other plants, apparently marking one of the biggest such assaults on the country’s strategic industrial sector in recent memory.

Iran’s steel industry halted by cyberattack (The Jerusalem Post) Predatory Sparrow, a hacktivist group that is little known, took credit for the hacking that halted Iran's steel industry.

Iranian steel facilities suffer apparent cyberattacks (CyberScoop) Three Iranian steel companies suffered apparent cyberattacks Monday, claimed a hacktivist group that previously took responsibility for a digital assault on the Iranian train system with wiper malware.

Smart Factories Need to Prioritize Cybersecurity (Capgemini) Smart factories are increasingly being utilized by industry as part of the transition toward digitization. Being connected to cloud or the internet, they bring a plethora of communicative advantages. However, this network connection also creates a larger surface area vulnerable to attack via digital means.

TSA Eases Pipeline Cybersecurity Rules Issued After Colonial Hack (Wall Street Journal) The Transportation Security Administration is loosening pipeline cybersecurity rules imposed after ...

House Passes ICS Cybersecurity Training Bill (SecurityWeek) The House of Representatives has passed the Industrial Control Systems Cybersecurity Training Act.

Cyber Yankee exercise hones New England Guard skills to fight digital threats (C4ISRNet) “Whether it’s a state or a federal effort, the importance of being prepared to respond to a cyber ...

Control Loop Interview.

Ian Frist from BlueVoyant joins us to discuss the Cybersecurity Maturity Model Certification from the US Department of Defense and what it means for industrial environments.

Ian Frist on LinkedIn

Control Loop Learning Lab.

Robert M. Lee teaches us about the five critical controls for OT cybersecurity.

5 Critical Controls for OT Cybersecurity

Subscribe to the Control Loop Newsletter here with new editions published every month.

Learn more about your ad choices. Visit megaphone.fm/adchoices

ICEFALL affects OT devices. Thermal cameras and industrial processes. Sandworm spies on infrastructure. Ransomware hits auto parts manufacturer. Most electricity, oil & gas, manufacturing firms have seen cyberattacks. Nuclear facility cyber exercises. Connecticut Guard trains to defend utilities.

Dawn Cappelli joins us to discuss how the OT Cyber Emergency Readiness Team is planning to address cybersecurity resource gaps for industrial infrastructure.

And in the learning lab, Nick Shaw joins us for part two of OT fundamentals, where he explains the Purdue reference model for industrial cybersecurity.

Control Loop News Brief.

ICEFALL vulnerabilities affect OT devices 

OT:ICEFALL: 56 Vulnerabilities Caused by Insecure-by-Design Practices in OT (Forescout)

Thermal camera vulnerabilities.

Multiple Vulnerabilities in Infiray IRAY-A8Z3 thermal camera (SEC Consult)

Vulnerabilities in access control panels.

Trellix Threat Labs Uncovers Critical Flaws in Widely Used Building Access Control System (Trellix)

Sandworm exploits Follina in phishing campaign.

Russian hackers start targeting Ukraine with Follina exploits (BleepingComputer)

Ransomware hits automotive hose manufacturer.

US Subsidiary of Automotive Hose Maker Nichirin Hit by Ransomware (SecurityWeek)

Most ransomware victims are attacked a second time.

Ransomware: The True Cost to Businesses (Cybereason)

89% of electricity, oil & gas, and manufacturing firms have been hit by cyberattacks.

Cyber-Attacks on Industrial Assets Cost Firms Millions (Trend Micro)

Control Loop Interview.

Dawn Cappelli on how the OT Cyber Emergency Readiness Team (OT-CERT) is addressing the cybersecurity resource gaps that exist in industrial infrastructure. Follow Dawn on LinkedIn. 

OT-CERT is an Operational Technology – Cyber Emergency Readiness Team dedicated to addressing the OT resource gap that exists in industrial infrastructure. Designed to support asset owners and operators of industrial infrastructure, Dragos OT-CERT provides free cybersecurity resources for the Industrial Control System (ICS) /OT community. Learn more about OT-CERT here.

Register here to join the OT-CERT community.

Control Loop Learning Lab.

Mark Urban is joined by Nick Shaw for part two of an intro to OT.

A Collection of Resources for Getting Started in ICS/SCADA Cybersecurity.

Building security to achieve engineering and business requirements.

Subscribe to the Control Loop Newsletter here with new editions published every month.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Subscribe to the Control Loop Newsletter here with new editions published every month.

UK Attorney General discusses hacking back in defense of critical infrastructure. Ethiopia says it stopped cyberattacks on its Nile dam. Recommended cybersecurity improvements for dams in the Southeastern US. Water system security. MITRE releases supply chain security framework. CISA and its partners issue guidelines for evaluating 5G implementation. Deloitte opens a Smart Factory at Wichita State University.

Tim Conway from SANS discusses his path to OT cybersecurity, workforce and cyber skills development for OT personnel, and new developments in cybersecurity education for industrial security.

And in the Learning Lab, Mark Urban is joined by Nick Shaw for part one of an intro to OT.

Control Loop News Brief.

Hacking back in defense of critical infrastructure.

Defensive Cyber Attacks Declared Legal by UK AG, Path Cleared to “Hack Back” When Critical Infrastructure & Services Attacked. (CPO Magazine)

TVA recommends cybersecurity improvements for dams in Southeastern US.

Request for Final Action - Audit 2020-17340 Non-Power Dam Control Cybersecurity. (Office of the Inspector General, TVA) 

INSA says cyber attack on GERD, financial institutions foiled. (Addis Standard)

Water system security.

Cyberspace Solarium congressman, water officials decry EPA inaction on cybersecurity. (CyberScoop)

MITRE releases supply chain security framework.

Mitre’s New “System Of Trust” Protects Vulnerable Supply Chains (MITRE)

CISA and its partners issue guidelines for evaluating 5G implementation.

5G Security Evaluation Process Investigation Version 1 (CISA)

Ransomware attack on FOXCONN Mexico factory operations..

Foxconn: Mexico factory operations ‘gradually returning to normal’ after ransomware attack. (The Record)

LockBit, Conti most active ransomware targeting industrial sector. (Bleeping Computer)

Deloitte opens US Smart Factory.

Deloitte Opens New US Smart Factory in Wichita, Kansas, Convenes Ecosystem of Innovators to Make Industry 4.0 a Reality (PR Newswire)

Control Loop Interview.

Tim Conway from SANS discusses his path to OT cybersecurity, workforce and cyber skills development for OT personnel, and new developments in cybersecurity education for industrial security.

His LinkedIn profile may be found here; follow him at the SANS Institute here.

Control Loop Learning Lab.

Mark Urban is joined by Nick Shaw for part one of an intro to OT.

A Collection of Resources for Getting Started in ICS/SCADA Cybersecurity

Learn more about your ad choices. Visit megaphone.fm/adchoices

Every two weeks, get the latest in OT news in Control Loop News Brief, an interview featuring a thought leader in the OT space sharing current industry trends, and the Control Loop Learning Lab’s educational segment. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Headlines include: Russia’s hybrid war against Ukraine. Russian threat actors against industrial control systems. Exploits for Bluetooth Low Energy. Hacktivists claim attacks against Russian ground surveillance robots. New wiper loader. Turla threat actor reconnaissance in Estonian and Austrian networks. Robert M. Lee, CEO of Dragos, talks giving back to the OT community and shares insights on Pipedream malware. Learning Lab has Dragos' Mark Urban and Jackson Evans-Davies talking about the fundamentals of OT cybersecurity.

Control Loop News Brief.

Continuing expectations of escalation in cyberspace.

Microsoft President: Cyber Space Has Become the New Domain of Warfare - Infosecurity Magazine

Cyber Attacks on Ukraine: Not What You Think | PCMag 

Warning: threat actor targets industrial systems.

US warns energy firms of a rapidly advancing hacking threat - E&E News

PIPEDREAM: CHERNOVITE's Emerging Malware Targeting Industrial Environments | Dragos

Pipedream Malware: Feds Uncover 'Swiss Army Knife' for Industrial System Hacking | WIRED

Indestroyer2 and Ukraine's power grid. 

Twitter: @ESETresearch

Industroyer2: Industroyer reloaded | WeLiveSecurity

Russian hackers tried to bring down Ukraine's power grid to help the invasion | MIT Technology Review

Bluetooth vulnerabilities demonstrated in proof-of-concept.

NCC Group uncovers Bluetooth Low Energy (BLE) vulnerability that puts millions of cars, mobile devices and locking systems at risk

Tesla Hacker Proves a Way of Unlocking Doors, Starting Engine - Bloomberg

CISA and its international partners urge following best practices to prevent threat actors from gaining initial access.

Weak Security Controls and Practices Routinely Exploited for Initial Access | CISA

Hacktivists claim to have compromised Russian-manufactured ground surveillance robots.

Did hackers commandeer surveillance robots at a Russian airport?

Twitter: @caucasnet

Politically motivated DDoS attack on Port of London Authority website.

Twitter: @LondonPortAuth

Pro-Iran Group ALtahrea Hits Port of London Website by DDoS Attack 

New loader identified in wiper campaigns.

Sandworm uses a new version of ArguePatch to attack targets in Ukraine | WeLiveSecurity 

Turla reconnaissance detected in Austrian and Estonian networks.

Russian hackers perform reconnaissance against Austria, Estonia 

TURLA's new phishing-based reconnaissance campaign in Eastern Europe 

SANS ICS Summit is coming to Florida, June 1-9.

ICS Security Summit & Training 2022

Colonial Pipeline’s ransomware attack, one year later.

How the Colonial Pipeline attack instilled urgency in cybersecurity

OT vulnerabilities as credit risk.

Operational Technology Cyberattacks Are a Credit Risk for Utilities

A Cyber Resilience Pledge. 

Global CEOs Commit to Collective Action on Cyber Resilience 

Recent threat intelligence findings from Dragos.

Dragos ICS/OT Ransomware Analysis: Q1 2022

Control Loop Interview.

Robert M. Lee, CEO of Dragos, on giving back to the OT cybersecurity community, the idea behind the Control Loop podcast and newsletter, and his candid thoughts on the Pipedream malware and its creators.

Follow Rob on LinkedIn and Twitter.

Control Loop Learning Lab.

Dragos’ Mark Urban and Jackson Evans-Davies on the fundamentals of OT cybersecurity and network architecture.

Dragos 2021 ICS Cybersecurity Year in Review

How to Build a Roadmap for ICS/OT Cybersecurity: 3 Steps to a Sustainable Program

Managing External Connections to Your Operational Technology Environment

Improving ICS/OT Security Perimeters with Network Segmentation

Learn more about your ad choices. Visit megaphone.fm/adchoices

Cybersecurity for Operational Technology and Industrial Control Systems.

The Control Loop podcast, hosted by the CyberWire’s Dave Bittner, investigates the latest threat intelligence, security strategies, and technologies that industry professionals rely on to safeguard civilization. Every two weeks, Dave analyzes the biggest stories in OT security with commentary from key industry leaders and operators. Each episode includes new guests who provide the insider’s perspective on major threats and vulnerabilities, novel ideas and solutions, and critical training topics. 

Control Loop Episode 1 premieres on June 1st, 2022.

Listen and subscribe to the podcast wherever you get your favorite shows and subscribe to the newsletter on the CyberWire website.

Learn more about your ad choices. Visit megaphone.fm/adchoices