Critical Infrastructure Protection


Today’s interdependent and interconnected world requires joint efforts and holistic approaches to protect critical infrastructure assets from the growing number of attacks and to address ever-evolving cyber threats to government, energy, healthcare, education, banking, transportation, telecommunication and other critical sectors.

With a dedicated section focusing on Critical Infrastructure protection, we aim to enhance cooperation and engage security professionals through news, articles and in-depth analysis of emerging threats and technologies.


NEWS

  • NSA Urgently Warns on Industrial Cyberattacks, Triconex Critical Bug

    July 24, 2020

    The U.S. National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued an alert warning that adversaries could be targeting critical infrastructure across the U.S. Separately, ICS-CERT issued an advisory on a critical security bug in the Schneider Electric Triconex TriStation and Tricon Communication Module. These safety instrumented system (SIS) controllers are ...

  • CISA: Nation-State Attackers Likely to Take Aim at Palo Alto Networks Bug

    June 30, 2020

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that foreign hackers are likely to exploit a newly disclosed, critical vulnerability in a raft of Palo Alto Networks firewalls and enterprise VPN appliances, which allows for device takeover without authentication. The Department of Defense (DoD) arm that oversees cyberspace operations has advised all devices affected ...

  • Australian PM says nation under serious state-run ‘cyber attack’ – Microsoft, Citrix, Telerik UI bugs ‘exploited’

    June 19, 2020

    Australian Prime Minister Scott Morrison has called a snap press conference to reveal that the nation is under cyber-attack by a state-based actor, but the nation’s infosec advice agency says that while the attacker has gained access to some systems it has not conducted “any disruptive or destructive activities within victim environments.” Morrison said the attack ...

  • Cyber Security for Critical Assets World Summit Launches Online This June!

    June 4, 2020

    On June 30th, Cyber Security for Critical Assets World Summit will bring together senior security leaders from 76+ countries worldwide, in a collaborative effort to safeguard their critical assets and infrastructure. According to the Global State of Industrial Cyber Security, 28% of security leaders expect to see a successful cyber attack carried out on their countries ...

  • Paging A Joint Task Force: Cyber Defense Of Pandemic Medical Infrastructure

    March 24, 2020

    The ongoing global response to COVID-19 infections has become a critical public health, economic, and national security priority. The crisis has been made worse by ransomware and other disruptive intrusion incidents, threatening the continued provision of healthcare services to patients affected by the disease. U.S. Health and Human Services disclosures of known data breaches — even prior ...

  • Critical Bugs in Rockwell, Johnson Controls ICS Gear

    March 10, 2020

    Security vulnerabilities that require very little skill to exploit have been discovered in industrial control systems (ICS) gear from Rockwell Automation and Johnson Controls, which anchor a flurry of bug disclosures impacting critical infrastructure. First, a set of critical vulnerabilities in Rockwell Automation gear affect MicroLogix 1400 Controllers, MicroLogix 1100 Controllers and RSLogix 500 Software. The ...

  • What to know about cyberattacks targeting energy pipelines

    March 1, 2020

    The Department of Homeland Security (DHS) this past month disclosed a disruptive cyberattack on a U.S. energy facility, raising new concerns about protections for energy providers. The Cybersecurity and Infrastructure Security Agency (CISA), a division of DHS, said a ransomware attack hit a “natural gas compression facility,” leading to a two-day shutdown for the entire pipeline. While the agency ...

  • RSAC 2020: Ransomware a ‘National Crisis,’ CISA Says, Ramps ICS Focus

    February 28, 2020

    Industrial control systems (ICS) and critical infrastructure will be a main focus for the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) this year – especially as ransomware looms as a main threat to the sector going forward. That’s according to Christopher Krebs, director of CISA, speaking at RSA Conference 2020 this week. “My agency ...

  • Assessment of Ransomware Event at U.S. Pipeline Operator

    February 19, 2020

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported on 18 February 2020 on a ransomware incident impacting a natural gas compression facility at an unidentified U.S. pipeline operator. The ransomware event impacted both IT and ICS assets by causing loss of view and control impacts that caused the facility to implement controlled shutdown processes ...

  • Frankfurt shuts down IT network following Emotet infection

    December 19, 2019

    Frankfurt, one of the largest financial hubs in the world and the home of the European Central Bank, has shut down its IT network this week following an infection with the Emotet malware. Frankfurt is the fourth German entity that shut down its IT network in the past two weeks because of Emotet. The other three are ...

  • Story of the year 2019: Cities under ransomware siege

    December 11, 2019

    Overall awareness of the need for security measures is growing, and cybercriminals are increasing the precision of their targeting to locate victims with security breaches in their defense systems. Looking back at the past three years, the share of users targeted with ransomware in the overall number of malware detections has risen from 2.8% to 3.5%. While ...

  • Equipping the Education Sector With Threat Intelligence to Defend Against Cyberattacks

    October 17, 2019

    When you think about sophisticated cyberattacks, certain targeted industries probably come to mind immediately — government, critical infrastructure, and financial services, to name a few. It’s fair to say that for most people, the education sector isn’t generally first on that list. Despite this, educational institutions (particularly those in higher education) have become an increasingly popular ...

  • 17 US utility firms targeted by mysterious state-sponsored group

    September 24, 2019

    A mysterious state-sponsored hacking group has targeted at least 17 US utility firms with phishing emails for a five-month period between April 5 and August 29, Proofpoint reported today. The purpose of these attacks was to infect employees at US utility firms with LookBack, a remote access trojan with an extensive set of features. While no formal ...

  • US wants to isolate power grids with ‘retro’ technology to limit cyber-attacks

    July 2, 2019

    The US is very close to improving power grid security by mandating the use of “retro” (analog, manual) technologies on US power grids as a defensive measure against foreign cyber-attacks that could bring down power distribution as a result. The idea is to use “retro” technology to isolate the grid’s most important control systems, to limit ...