Control Loop: The OT Cybersecurity Podcast
Control Loop is the OT Cybersecurity Podcast, your terminal for ICS security, intelligence, and learning. Every two weeks, we bring you the latest news, strategies, and technologies that industry professionals rely on to safeguard civilization.
S2 E51 · Wed, June 05, 2024
Digging into regulatory compliance issues.
UK will propose law to ban ransom payments for critical infrastructure entities. EPA outlines enforcement measures to protect water utilities against cyberattacks. Rockwell advises customers to disconnect ICS devices from the internet. Senator Vance asks CISA for information on Volt Typhoon. Guest Kimberly Graham of Dragos joins Dave to discuss regulatory compliance issues. Programming Note. Control Loop is going on a temporary hiatus. Thank you for being a loyal listener. N2K CyberWire will be back soon with more ICS/OT news and analysis that you rely on. Please stay tuned for more updates. Control Loop Audience Survey. Please take a moment to fill out our super quick survey . It’s only 5 short questions. Thanks! Control Loop News Brief. UK will propose law to ban ransom payments for critical infrastructure entities. Exclusive: UK to propose mandatory reporting for ransomware attacks and licensing regime for all payments (The Record) EPA outlines enforcement measures to protect water utilities against cyberattacks. EPA Outlines Enforcement Measures to Help Prevent Cybersecurity Attacks and Protect the Nation’s Drinking Water (Environmental Protection Agency) Rockwell advises customers to disconnect ICS devices from the internet. Rockwell Automation Reiterates Customer Guidance to Disconnect Devices from the Internet to Protect from Cyber Threats (Rockwell Automation) Senator Vance asks CISA for information on Volt Typhoon. Senator Vance issues warning on China-backed Volt Typhoon threat to US critical infrastructure (Industrial Cyber) Control Loop Interview. Guest Kimberly Graham , Vice President of Product Management at Dragos , discussing regulatory compliance issues. Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the N2K CyberWire website .
S2 E50 · Wed, May 15, 2024
Hacktivism targeting OT devices.
US Defense Department warns of Russian hacktivists targeting OT devices. The US government establishes safety and security board to advise the deployment of AI in critical infrastructure sectors. Vulnerabilities affect CyberPower UPS management software. US congressmen put forward water system cybersecurity bill. Encore guest Garrett Bladow , Distinguished Engineer at Dragos, joins us from the CyberCon 2023 event in Bismarck, North Dakota. Garrett discusses active visibility into OT systems. The Learning Lab is currently on a hiatus this episode. Control Loop News Brief. US DOD warns of Russian hacktivists targeting OT devices. Urgent Warning from Multiple Cybersecurity Organizations on Current Threat to OT Systems (NSA) US government establishes safety and security board to advise on deployment of AI in critical infrastructure sectors. DHS launches safety and security board focused on AI and critical infrastructure (FedScoop) Over 20 Technology and Critical Infrastructure Executives, Civil Rights Leaders, Academics, and Policymakers Join New DHS Artificial Intelligence Safety and Security Board to Advance AI’s Responsible Development and Deployment (DHS) Vulnerabilities affecting CyberPower UPS management software. Uninterrupted Power Supply (UPS): A Silent Threat to Critical Infrastructure Resilience (Cyble) US congressmen introduce water system cybersecurity bill. Crawford puts forward bill on cybersecurity risks to water systems (Arkansas Democrat-Gazette) Control Loop Interview. Guest is Garrett Bladow , Distinguished Engineer at Dragos, discussing active visibility into OT systems. Control Loop Learning Lab. The Learning Lab is on a break. Stay tuned. Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the N2K CyberWire website .
S2 E49 · Wed, May 01, 2024
Critical infrastructure: Pending legislation and risks and rewards from AI.
Mandiant ties OT attacks to Sandworm. Russia-linked hackers target Texas water utilities. Belarusian hacktivists hit fertilizer company. CISA issues eight ICS advisories. Dave Bittner's Caveat podcast co host Ben Yelin joins him to discuss pending legislation with potential to affect critical infrastructure, as well as the Department of Energy’s assessment of the potential risks and rewards from AI. The Learning Lab is on a hiatus this episode, and will be returning soon! Control Loop News Brief. Mandiant ties OT attacks to Sandworm. Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm (Mandiant) Russia-linked hackers target Texas water facilities. Rural Texas Towns Report Cyberattacks That Caused One Water System to Overflow (SecurityWeek) Russia-linked hacking group suspected of carrying out cyberattack on Texas water facility, cybersecurity firm says (CNN) Belarusian hacktivists hit fertilizer company. Belarusian hackers claim to breach fertilizer plant in retaliation for support of Lukashenko regime (The Record) CISA issues eight ICS advisories. CISA Releases Eight Industrial Control Systems Advisories (CISA) Control Loop Interview. Host Dave Bittner and his co host from the Caveat podcast on the N2K CyberWire network, Ben Yelin , share some discussion about pending legislation with potential to affect critical infrastructure, and Department of Energy’s assessment of the potential risks and rewards from AI. Links to articles: Crawford puts forward bill on cybersecurity risks to water systems (The Arkansas Democrat-Gazette) US DOE rolls out initial assessment report on AI benefits and risks for critical energy infrastructure (Industrial Cyber) Control Loop Learning Lab. The Learning Lab is on a break and will be back soon.
S2 E48 · Wed, April 17, 2024
Examining CIRCIA and VOLTZITE.
Chinese-manufactured devices in US networks see a 41% YoY increase. Ukraine-linked hackers deploy ICS malware against Russian infrastructure company. A look at cyberattacks that had physical consequences in 2023. Lessons from NERC’s GridEx exercise. Extension requested for comment period on CISA’s incident reporting rule. Guest Kate Ledesma, Senior Director Government Affairs at Dragos, talks about the Cybersecurity Incident Reporting for Critical Infrastructure Proposed rule (CIRCIA). The Learning Lab returns has part 2 of Mark Urban and Josh Hanrahan's discussion adversary hunting and VOLTZITE (aka Volt Typhoon). Control Loop News Brief. Chinese-manufactured devices in US networks see a 41% YoY increase. “All your base are belong to us” – A probe into Chinese-connected devices in US networks (Forescout) Ukraine-linked hackers deploy ICS malware against Russian infrastructure company. Unpacking the Blackjack Group's Fuxnet Malware (Claroty) A look at cyberattacks that had physical consequences in 2023. 2024 Threat Report – OT Cyberattacks with Physical Consequences (Waterfall) Lessons from NERC’s GridEx exercise. GridEx VII: Lessons Learned Report (NERC) Extension requested for comment period on CISA’s incident reporting rule. US Chamber of Commerce, industry groups call for 30-day delay in CIRCIA rules (The Record) Control Loop Interview. Guest Kate Ledesma , Senior Director Government Affairs at Dragos , discussing Cybersecurity Incident Reporting for Critical Infrastructure Proposed rule (CIRCIA) . Control Loop Learning Lab. On the Learning Lab segment, listen to Dragos’ Mark Urban talking with Josh Hanrahan, Principal Adversary Hunter at Dragos, in part two of their discussion on adversary hunting and VOLTZITE (aka Volt Typhoon). Resources: VOLTZITE Threat Group’s Under the Radar Cyber Espionage on U.S. Critical Systems . <a href="https://www.sans.
S2 E47 · Wed, April 03, 2024
Hunting adversaries.
Sellafield nuclear waste site to be prosecuted for alleged cybersecurity failings. CISA issues draft proposal for cyber incident reporting by critical infrastructure entities. Threat actor targets Indian government and energy entities. Suspicious NuGet package appears to target developers in the industrial sector. Guest Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, shares their CIRCIA Notice of Proposed Rulemaking. The Learning Lab returns! Mark Urban and Josh Hanrahan discuss adversary hunting. Control Loop News Brief. Sellafield nuclear waste site to be prosecuted for alleged cybersecurity failings. Sellafield nuclear waste dump to be prosecuted for alleged cybersecurity offences (The Guardian) Sellafield nuclear site hacked by groups linked to Russia and China (The Guardian) CISA issues draft proposal for cyber incident reporting by critical infrastructure entities. CISA releases draft rule for cyber incident reporting (CyberScoop) Threat actor targets Indian government and energy entities. Operation FlightNight: Indian Government Entities and Energy Sector Targeted by Cyber Espionage Campaign (EclecticIQ) Suspicious NuGet package appears to target developers in the industrial sector. Suspicious NuGet package grabs data from industrial systems (ReversingLabs) Control Loop Interview. Guest is Eric Goldstein , Executive Assistant Director for Cybersecurity at CISA. Eric shares their CIRCIA Notice of Proposed Rulemaking that goes into effect this week. Control Loop Learning Lab. The Learning Lab is back! On today’s segment, listen to Dragos’ Mark Urban talking with Josh Hanrahan, Principal Adversary Hunter at Dragos, in part one of their discussion on adversary hunting and VOLTZITE (aka Volt Typhoon). Resources: VOLTZITE Threat Group’s Under the Radar Cyber Espionage on U.S. Critical Systems . </u
S2 E46 · Wed, March 20, 2024
Navigating China's infrastructure risks in the energy sector.
Researchers discover a way to hijack web-based PLCs. Threat actor targets manufacturing entities in North America. US Department of Defense launches CORA program. CISA issues ICS advisories. Guest Aura Sabadus, Senior Journalist at ICIS, joins us to discuss how energy insiders are approaching the renewed risks of China's ramp up toward potential attacks on critical infrastructure and what the energy industry is saying about these risks. The Learning Lab is taking a break and will return soon. Stay tuned. Control Loop News Brief. Researchers discover a way to hijack web-based PLCs. Critical Infrastructure Systems Are Vulnerable to a New Kind of Cyberattack (Georgia Tech) Threat actor targets manufacturing entities in North America. Blind Eagle's North American Journey (eSentire) APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs (Trend Micro) US Department of Defense launches CORA program. JFHQ-DODIN Officially Launches its New Cyber Operational Readiness Assessment Program (US Department of Defense) CISA issues ICS advisories. CISA Releases Fifteen Industrial Control Systems Advisories (CISA) Control Loop Interview. Guest Aura Sabadus , Senior Journalist at ICIS , joins us to discuss how energy insiders are approaching the renewed risks of China's ramp up toward potential attacks on critical infrastructure and what the energy industry is saying about these risks. Control Loop Learning Lab. The Learning Lab is on break and will return in the near future. Stay tuned. Control Loop Audience Survey. Please take a moment to fill out our super quick survey . Thanks! Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on N2K Networks website .
S2 E45 · Wed, March 06, 2024
Addressing maritime cyber threats.
NIST releases Cybersecurity Framework 2.0. Biden administration issues executive order on maritime cybersecurity. Suspected Chinese threat actor continues to exploit Ivanti vulnerabilities. ThyssenKrupp sustains ransomware attack. Guests Liz Martin , Global Advisory Solution Architect at Dragos , and Blake Benson , Senior Director at ABS Group , talk through the latest Maritime Executive Order. The Learning Lab is taking a break and will return soon. Stay tuned. Control Loop News Brief. NIST releases Cybersecurity Framework 2.0. NIST Releases Version 2.0 of Landmark Cybersecurity Framework (NIST) Biden administration issues executive order on maritime cybersecurity. On-the-Record Press Call on the Biden-Harris Administration Initiative to Bolster the Cybersecurity of U.S. Ports (The White House) Biden to sign executive order on US port cybersecurity targeting Chinese-manufactured shipping cranes (CNBC) Suspected Chinese threat actor continues to exploit Ivanti vulnerabilities. Cutting Edge, Part 3: Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts (Mandiant) ThyssenKrupp sustains ransomware attack. German Steelmaker Thyssenkrupp Confirms Ransomware Attack (SecurityWeek) Control Loop Interview. Guests Liz Martin , Global Advisory Solution Architect at Dragos , and Blake Benson , Senior Director at ABS Group , talk through the latest Maritime Executive Order. For more information, review the Executive Order on Amending Regulations Relating to the Safeguarding of Vessels, Harbors, Ports, and Waterfront Facilities of the United States and White House’s <a href="https://ww
S2 E44 · Wed, February 21, 2024
Volt Typhoon and the Year in Review.
Five Eyes publish report on Volt Typhoon. Volt Typhoon targets emergency management services in the US. Siemens and Schneider Electric issue patches. Guest is Magpie Graham , Principal Adversary Hunter Technical Director at Dragos , sharing the findings of Dragos Cybersecurity Year in Review report. The Learning Lab segment will return next episode. Control Loop News Brief. Five Eyes publish report on Volt Typhoon. PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure (CISA) Volt Typhoon targets emergency management services in the US. VOLTZITE Espionage Operations Targeting U.S. Critical Systems (Dragos) Siemens and Schneider Electric issue patches. ICS Patch Tuesday: Siemens Addresses 270 Vulnerabilities (SecurityWeek) Control Loop Interview. Guest Magpie Graham , Principal Adversary Hunter Technical Director at Dragos, reviews the key findings of Dragos’ Cybersecurity Year in Review report. You can download a copy of the report here . Control Loop Learning Lab. The Learning Lab segment will return next episode. Control Loop Audience Survey. Please take a moment to fill out our super quick survey . Thanks! Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on N2K Networks website .
S2 E43 · Wed, February 07, 2024
Operational Technology disruptions: An eye on the water sector.
Volt Typhoon targets US critical infrastructure. Ransomware attacks in the OT sector. Ransomware attack against Johnson Controls cost $27 million. Bill would add ICS security to President’s Cup Cybersecurity Competition. Guest is Dragos CEO and Founder Robert M. Lee from the hearing before the U.S. Congressional Subcommittee on Cybersecurity and Infrastructure Protection on February 6, 2024. We share Rob’s opening statement before the committee. On the Learning Lab, we have the concluding part of a 2-part discussion on building community in OT that Dragos Mark Urban had with Dragos Strategic Accounts Director Sam Van Ryder . Control Loop News Brief. Volt Typhoon targets US critical infrastructure. Exclusive: US disabled Chinese hacking network targeting critical infrastructure (Reuters) Wray warns Chinese hackers are aiming to 'wreak havoc' on U.S. critical infrastructure (NPR) Ransomware attacks in the OT sector. Dragos Industrial Ransomware Analysis: Q4 2023 (Dragos) The Crisis of Convergence: OT/ICS Cybersecurity 2023 (TXOne Networks) Ransomware attack against Johnson Controls cost $27 million. Johnson Controls says ransomware attack cost $27 million, data stolen (BleepingComputer) Schneider Electric confirms ransomware attack. Schneider Electric confirms it was hit by ransomware attack (Silicon Republic) Energy giant Schneider Electric hit by Cactus ransomware attack (BleepingComputer) US sanctions Iranian officials for attacks on critical infrastructure. Treasury Sanctions Actors Responsible for Malicious Cyber Activities on Critical Infrastructure (OFAC) US House Energy Subcommittee holds hearing on cyberattacks against water infrastructure. <a href="https://industrialcyber.co/utilities-energy-power-water-waste/us-house-energy-subcommittee-holds-hearing-on-safeguarding-drinking-water-infrastructure-from-cy
S2 E42 · Wed, January 24, 2024
Building community in OT.
An analysis of cyberattacks against Danish energy infrastructure. US government outlines threats posed by Chinese-manufactured drones. Vulnerability in Bosch thermostats. OIG says CISA needs to improve collaboration with the water sector. Guests Mark Stacey of Dragos and Charles Kano from WestCap discuss cyber insurance as an important part of your organization's security plan. On the Learning Lab, we have the first part of a 2-part discussion on building community in OT that Dragos Mark Urban had with Dragos Strategic Accounts Director Sam Van Ryder . Control Loop News Brief. OIG says CISA needs to improve collaboration with the water sector. CISA needs better collaboration with the EPA and water sector, watchdog says (Nextgov) Volt Typhoon targets end-of-life Cisco routers. Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure (Dark Reading) Cyberattacks against Israeli ports. Israeli Ports Hit in Cyberattack: Anonymous Sudan Takes Credit (The Cyber Express) An analysis of cyberattacks against Danish energy infrastructure. Clearing the Fog of War: A Critical Analysis of Recent Energy Sector Attacks in Denmark and Ukraine (Forescout) US government outlines threats posed by Chinese-manufactured drones. Cybersecurity Guidance: Chinese-Manufactured UAS (CISA) Vulnerability in Bosch thermostats. Vulnerabilities identified in Bosch BCC100 Thermostat (Bitdefender) Control Loop Interview. On this episode, we are joined by Mark Stacey of Dragos and Charles Kano from WestCap discussing cyber insurance as an important part of your organization's security plan. Control Loop Learning Lab. On the Learning Lab, Mark Urban</
S2 E41 · Wed, January 10, 2024
A free community initiative to protect small utilities.
Responses to Aliquippa water authority attack. Predatory Sparrow disrupts Iran’s gas stations. MITRE launches a threat model for critical infrastructure embedded devices. Guest Dawn Cappelli , Head of Dragos's OT-Cyber Emergency Readiness Team shares details about the launch of Dragos’s free community initiative to protect small utilities that serve majority of Americans. Learn more about the Dragos Community Defense Program that includes Dragos Platform and Neighborhood Keeper . On the Learning Lab, we have the final part of the 3-part discussion on building automation systems that Dragos Mark Urban had with colleagues Daniel Gaeta and Zach Spencer . Control Loop News Brief. Responses to Aliquippa water authority attack. States and Congress wrestle with cybersecurity after Iran attacks small town water utilities (AP) Predatory Sparrow disrupts Iran’s gas stations. A suspected cyberattack paralyzes the majority of gas stations across Iran (AP) Iran petrol stations hit by cyberattack, oil minister says (Reuters) Israel-linked group claims cyberattack that shut down 70% of Iran’s gas stations (The Times of Israel) Energy Department offers $70 million in funding for cybersecurity research. Energy Department has cyber threats to infrastructure in mind with $70 million funding offer (FedScoop) MITRE launches a threat model for critical infrastructure embedded devices. MITRE, Red Balloon Security, and Narf Announce EMB3D – A Threat Model for Critical Infrastructure Embedded Devices (MITRE) US Department of Homeland Security’s Annual Threat Assessment. Homeland Threat Assessment 2024 (DHS) </h2
S2 E37 · Wed, December 27, 2023
Encore: Active visibility into OT systems.
Rockwell Stratix routers vulnerable to Cisco zero-day. SecurityWeek’s ICS Cyber Security Conference. Malware attacks against IoT devices increase by 400%. Nuclear power plant operator cited over cybersecurity plan. CISA’s ICS advisories. Guest Garrett Bladow , Distinguished Engineer at Dragos, joins us from the CyberCon 2023 event in Bismarck, North Dakota. Garrett discusses active visibility into OT systems. On the Learning Lab, Mark Urban shares the second part of his conversation about cyber threat intelligence with Paul Lukoskie , who is Dragos’ Director of Intelligence Services. Control Loop News Brief. Rockwell Stratix routers vulnerable to Cisco zero-day. PN1653 | Stratix® 5800 & 5200 vulnerable to Cisco IOS XE Web UI Privilege Escalation (Active Exploit) (Rockwell Automation) SecurityWeek’s ICS Cyber Security Conference. 2023 ICS Cybersecurity Conference (SecurityWeek) Malware attacks against IoT devices increase by 400%. Zscaler ThreatLabz 2023 Enterprise IoT and OT Threat Report (Zscaler) Nuclear power plant operator cited over cybersecurity plan. UK Cites Nuclear Plant Operator Over Cybersecurity Strategy (Silicon UK) Rockwell and Dragos announce partnership. Dragos and Rockwell Automation Strengthen Industrial Control System Cybersecurity for Manufacturers with Expanded Capabilities (Business Wire) CISA’s ICS advisories. CISA Releases Two Industrial Control Systems Advisories (CISA) Hitachi Energy’s RTU500 Series Product (Update B) (CISA) CISA Releases Nine Industrial Control Systems Advisories (CISA) Control Loop Interview. Guest is Garrett Bladow , Distinguished Engineer at Dragos, discussing active visibility into OT systems. Control Loop Learning Lab.<
S2 E40 · Wed, December 13, 2023
Utility attacks and electrical sector supply chain vulnerabilities.
Iranian hacktivists hit Pennsylvania water utility. Attacks against water systems are an instance of a larger threat. Supply chain vulnerabilities in the electrical sector. Guest Nick Sanna of the FAIR Institute and Safe Security talks about the challenges the White House faces in attempting to harmonize critical infrastructure regulations. The Learning Lab has part 2 of the 3-part discussion on building automation systems that Dragos Mark Urban had with colleagues Daniel Gaeta and Zach Spencer . Control Loop News Brief. Iranian hacktivists hit Pennsylvania water utility. Municipal Water Authority of Aliquippa hacked by Iranian-backed cyber group (CBS News) Iranian-Linked Cyber Army had Partial Control of Aliquippa Water System (BeaverCountian) A hack in hand is worth two in the bush (Securelist) Cyber phases of hybrid wars spread beyond the theaters of operation. How cybersecurity teams should prepare for geopolitical crisis spillover (CSO) And attacks against water systems are an instance of a larger threat. Iran-Backed Cyber Av3ngers Escalates Campaigns Against U.S. Critical Infrastructure (SentinelOne) Anti-Israel hacking campaign highlights danger of internet-connected devices (CyberScoop) Chinese operators intrude into infrastructure. China’s cyber army is invading critical U.S. services (Washington Post) Supply chain vulnerabilities in the electrical sector. A Software Supply Chain Dependent on Adversaries (Fortress) Control Loop Interview. Guest Nick Sanna of the FAIR Institute and Safe Security de
S2 E29 · Wed, November 29, 2023
Building automation systems and maritime cyber regulations.
GRU's Sandworm implicated in campaign against Danish electrical power providers. Paris wastewater agency hit by cyberattack. LockBit hits Boeing. Bletchley Declaration represents a consensus starting point for AI governance. The US Executive Order on artificial intelligence is out. Guest Austin Reid of ABS Group discusses Ship and Shore challenges for security and the current and emerging regulatory landscape. On the Learning Lab, Dragos Mark Urban part 1 of 3 discussing building automation systems with Dragos' Daniel Gaeta and Zach Spencer . Control Loop News Brief. GRU's Sandworm implicated in campaign against Danish electrical power providers. The attack against Danish critical infrastructure (SektorCERT) Exclusive: This pizza box-sized equipment could be key to Ukraine keeping the lights on this winter (CNN) Paris wastewater agency hit by cyberattack. Greater Paris wastewater agency dealing with cyberattack (The Record) Cyberattaque D'Ampleur Au SIAAP (SIAAP) Iranian hacktivists claim an attack on a Pennsylvania water utility. Iranian-Linked Cyber Army Had Partial Control Of Aliquippa Water System (BeaverCountian.com) Municipal Water Authority of Aliquippa hacked by Iranian-backed cyber group (CBS News) LockBit hits Boeing. Ransomware groups rack up victims among corporate America (CyberScoop) #StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability (CISA) Bletchley Declaration represents a consensus starting point for AI governance. Can Rishi Sunak’s big summit save us from AI nightmare? (BBC) <a href="https://www.gov.uk/government/publications/ai-safety-su
S2 E38 · Wed, November 15, 2023
Port disruption and a discussion of maritime and OT.
A cyber incident disrupts Australian ports. Sandworm and Ukraine's power grid: 2022 attacks. Department of Energy hosts simulated cyberattack competition. CISA, FEMA, and Shields Ready. Cyber and electronic threats to space systems. Four cyber phases of a hybrid war. Guest Austin Reid of ABS Group discusses cyber risk and threats to Maritime Transportation Systems (MTS). On the Learning Lab, catch an encore of Dragos CEO Robert M. Lee and Mark Urban about the five critical controls for ICS. Control Loop News Brief. Australian ports disrupted in a “cyber incident.” Major Australian port operator shuts down amid cyber security incident, impacting goods in and out of the country (ABC News) Sandworm and Ukraine's power grid: 2022 attacks. Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology (Mandiant) CaddyWiper: New wiper malware discovered in Ukraine (ESET) Four cyber phases of a hybrid war.. Cyber Escalation in Modern Conflict: Exploring Four Possible Phases of the Digital Battlefield (Flashpoint) The Evolution of Cyber Attacks on Electric Operations (Dragos) CISA, FEMA, and Shields Ready. Shields Ready (CISA) DHS Unveils New Shields Ready Campaign to Promote Critical Infrastructure Security and Resilience (FEMA) Department of Energy hosts simulated cyberattack competition. DOE hosting simulated cyberattack for students (CyberScoop) Cyber and electronic threats to space systems. Space Operators Should Harden Cryptography Defenses, NSA Cyber Official Says (Via Satellite) Cyber Security of Space Systems ‘Crucial,’ As US Space Force Official Notes Re
S2 E37 · Wed, November 01, 2023
Active visibility into OT systems.
Rockwell Stratix routers vulnerable to Cisco zero-day. SecurityWeek’s ICS Cyber Security Conference. Malware attacks against IoT devices increase by 400%. Nuclear power plant operator cited over cybersecurity plan. CISA’s ICS advisories. Guest Garrett Bladow , Distinguished Engineer at Dragos, joins us from the CyberCon 2023 event in Bismarck, North Dakota. Garrett discusses active visibility into OT systems. On the Learning Lab, Mark Urban shares the second part of his conversation about cyber threat intelligence with Paul Lukoskie , who is Dragos’ Director of Intelligence Services. Control Loop News Brief. Rockwell Stratix routers vulnerable to Cisco zero-day. PN1653 | Stratix® 5800 & 5200 vulnerable to Cisco IOS XE Web UI Privilege Escalation (Active Exploit) (Rockwell Automation) SecurityWeek’s ICS Cyber Security Conference. 2023 ICS Cybersecurity Conference (SecurityWeek) Malware attacks against IoT devices increase by 400%. Zscaler ThreatLabz 2023 Enterprise IoT and OT Threat Report (Zscaler) Nuclear power plant operator cited over cybersecurity plan. UK Cites Nuclear Plant Operator Over Cybersecurity Strategy (Silicon UK) Rockwell and Dragos announce partnership. Dragos and Rockwell Automation Strengthen Industrial Control System Cybersecurity for Manufacturers with Expanded Capabilities (Business Wire) CISA’s ICS advisories. CISA Releases Two Industrial Control Systems Advisories (CISA) Hitachi Energy’s RTU500 Series Product (Update B) (CISA) CISA Releases Nine Industrial Control Systems Advisories (CISA) Control Loop Interview. Guest is Garrett Bladow , Distinguished Engineer at Dragos, discussing active visibility into OT systems. Control Loop Learning Lab.<
S2 E36 · Wed, October 18, 2023
A look at a Whole-of-State cybersecurity strategy.
Microsoft on the state of OT security. Israeli and Palestinian hacktivists target ICS. Coinmining as an (alleged, potential) front for espionage or stage for sabotage. EPA withdraws water system cybersecurity memorandum. Colonial Pipeline says new ransomware claims are due to unrelated third-party breach. Most organizations are struggling with IoT security. CISA views China as the top threat to US critical infrastructure. Improving security for open-source ICS software. CISA ICS advisories. Guest Kuldip Mohanty , CIO of North Dakota , joins us from the CyberCon 2023 event in Bismarck, North Dakota. Kuldip shares how critical infrastructure is treated within the "Whole-of-State” cybersecurity strategy his team implements in North Dakota. On the Learning Lab, Mark Urban shares the first part of his conversation about cyber threat intelligence with Paul Lukoskie , who is Dragos’ Director of Intelligence Services. Control Loop News Brief. Microsoft on the state of OT security. Microsoft Digital Defense Report 2023 (Microsoft) Microsoft Digital Defense Report: Behind the Scenes Creating OT Vulnerabilities (aDolus) Zero-days affect industrial routers. 10 zero-day vulnerabilities in industrial cell router could lead to code execution, buffer overflows (Cisco Talos) Israeli and Palestinian hacktivists target ICS. Hacktivists in Palestine and Israel after SCADA and other industrial control systems (Cybernews) Coinmining as an (alleged, potential) front for espionage or stage for sabotage. Across U.S., Chinese Bitcoin Mines Draw National Security Scrutiny (The New York Times) EPA withdraws water system cybersecurity memorandum. EPA withdraws cyber audit requirement for water systems (Nextgov) Colonial Pipeline says new ransomware claims are due to unrelated third-party breach. Reports of second cyberattack on Colonial Pipeline false, company says (Fox 5 Atlanta) <a href="https://therecord.media/colonial-pipeline-attributes-ransomware-claims-to-unrel
S2 E35 · Wed, October 04, 2023
When IT infrastructure translates into OT.
Johnson Controls sustains cyberattack. Nearly 100,000 ICS services exposed to the Internet. FBI anticipates an increase in Chinese and Russian targeting of the energy sector. Joint advisory warns of Beijing’s “BlackTech” threat activity. CISA's push for hardware bills of materials. Cybersecurity in the US industrial base. Guest Michael Toecker , Cyber Security Advisor at the United States Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response , continues his discussion of community defense and Neighborhood Keeper. On the Learning Lab, Mark Urban is joined by Alex Baretta , a senior solution architect at Dragos, for part two of their discussion about secure remote access. Control Loop News Brief. Homeland Security IG finds flaws in TSA pipeline security regulations. https://www.oig.dhs.gov/sites/default/files/assets/2023-09/OIG-23-57-Sep23-Redacted.pdf https://www.cisa.gov/news-events/news/attack-colonial-pipeline-what-weve-learned-what-weve-done-over-past-two-years Johnson Controls sustains cyberattack. Building automation giant Johnson Controls hit by ransomware attack (BleepingComputer) Nearly 100,000 ICS services exposed to the Internet. Bitsight identifies nearly 100,000 exposed industrial control systems (BitSight) FBI anticipates an increase in Chinese and Russian targeting of the energy sector. FBI warns energy sector of likely increase in targeting by Chinese, Russian hackers (The Record) Joint advisory warns of Beijing’s “BlackTech” threat activity. CISA, NSA, FBI and Japan Release Advisory Warning of BlackTech, PRC-Linked Cyber Activity (CISA) CISA's push for hardware bills of materials. Hardware Bill of Materials (HBOM) Framework for Supply Chain Risk Management (CISA) <a href="https://www.nextgov.com/cybersecurity/2023/09/cisa-task-force-
S2 E34 · Wed, September 20, 2023
Don't take energy for granted.
Redfly cyberespionage targets a national grid. DHS Threat Assessment looks at critical infrastructure threats. A look at the ICS threat landscape. DoE grants for research into distributed energy cybersecurity. CISA offers free vulnerability scanning for water infrastructure. CISA issues ICS advisories. Guest Michael Toecker , Cyber Security Advisor at the United States Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response , discusses community defense. On the Learning Lab, Mark Urban is joined by Alex Baretta , a senior solution architect at Dragos, for part one of their discussion about secure remote access. Control Loop News Brief. Redfly cyberespionage targets a national grid. Redfly: Espionage Actors Continue to Target Critical Infrastructure (Symantec) China caught – again – with its malware in another nation's power grid (The Register) China-Linked Hackers Breached a Power Grid—Again (WIRED) DHS Threat Assessment looks at critical infrastructure threats. DHS warns of malicious AI use against critical infrastructure (CyberScoop) A look at the ICS threat landscape. Threat landscape for industrial automation systems. Statistics for H1 2023 (Kaspersky) DoE grants for research into distributed energy cybersecurity. Distributed Energy Resources Get Cybersecurity Boost With $39M DOE Funding (SecurityWeek) DOE Announces $39 Million in Research Funding to Enhance Cybersecurity of Clean Distributed Energy Resources (Department of Energy) Ransomware remains a threat to industrial operations. Massive MGM and Caesars Hacks Epitomize a Vicious Ransomware Cycle (WIRED) <a href="https://www.theregist
S2 E33 · Wed, September 06, 2023
Intelligence services within the convergence of OT and IT.
Crude "cyberattack" on rail control systems stops Polish trains. Energy One discloses cyberattack against its corporate systems. NIAC calls for a National Water Strategy. Department of Energy holds contest to provide cybersecurity funding for rural utilities. Researchers aim to secure US military’s power grids. A technical issue grounds the UK’s air traffic control system’s automated features. Guest Mark Ryland, Director of the Office of the CISO at Amazon Web Services, joining us as part of a Dragos webinar, Securing Digital Transformation: OT Cybersecurity Innovation and Resilience. On the Learning Lab, Mark Urban is joined by Dragos Vice President of Product Management Kimberly Graham in part three of their discussion on the convergence of OT and IT. Control Loop News Brief. Crude "cyberattack" on rail control systems stops Polish trains. Two Men Arrested Following Poland Railway Hacking (SecurityWeek) Century-old technology hack brought 20 trains to a halt in Poland (Cybernews) Poland investigates hacking attack on state railway network (Reuters) Poland investigates train mishaps for possible Russian connection (Washington Post) Energy One discloses cyberattack against its corporate systems. Australian Energy Software Firm Energy One Hit by Cyberattack (SecurityWeek) US energy company suffers third-party data breach. Eversource Data Breach: Utility Warns MA Customers (Patch) NIAC calls for a National Water Strategy. Presidential Council Calls for Water Department to Address Cyber Threats (MeriTalk) Department of Energy holds contest to provide cybersecurity funding for rural utilities. DOE launches cyber contest to benefit rural utilities (CyberScoop) Researchers aim to secure US military’s power grids. Protecting the protectors: Virginia Tech researchers work to secure
S2 E32 · Wed, August 23, 2023
Real world stories of incident response and threat intelligence.
Radiation sensor reports from Chernobyl may have been manipulated. South African power generator hit with malware. APT31 linked to attacks on industrial systems in Eastern Europe. Environmental regulation and increased maritime cyber risk. CISA Director warns of Chinese infrastructure attack staging. Threats to the power grid. CODESYS vulnerabilities. Today's guest is Dragos’ Lesley Carhart, sharing their RSAC 2023 talk on real world stories of incident response and threat intelligence. The Learning Lab continues the conversation between Dragos’ Mark Urban and Kimberly Graham about the convergence. Control Loop News Brief. Radiation sensor reports from Chernobyl may have been manipulated. Seeing Through the Invisible: Radiation Spikes Detected in Chernobyl During the Russian Invasion Show Possible Evidence of Fabrication (Ruben Santamarta) The Mystery of Chernobyl’s Post-Invasion Radiation Spikes (WIRED) CISA Director warns of Chinese infrastructure attack staging. Top U.S. cyber official offers 'stark warning' of potential attacks on infrastructure if tensions with China escalate (NBC News) China's Volt Typhoon snoops into US infrastructure, with special attention to Guam . (CyberWire) CODESYS vulnerabilities. Microsoft reveals severe vulnerabilities in CODESYS industrial automation software (The Record) Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS (Microsoft) South African power generator hit with malware. Focus on DroxiDat/SystemBC (Kaspersky) Ransomware Trends in the HPH Sector - Q1 2022 (HHS) Environmental regulation and increased maritime cyber risk. Navigating Cybersecurity's Seas: Environmental Regulations, OT
S2 E31 · Wed, August 09, 2023
Mentorship, internships, and apprenticeships in OT security.
The Five Eyes outline the top exploited vulnerabilities. The Brunswick Corporation loses millions to cyberattack. Ransomware in the industrial space. The US Transportation Security Administration (TSA) updates security rules for oil and natural gas pipeline operators. Our guest is Mea Clift of Woodard & Curran sharing her perspective on mentorship, internships, and apprenticeships with an eye on OT security. The Learning Lab has the first part of a discussion about the convergence of OT and IT with Dragos’ Mark Urban and Kimberly Graham , Dragos’ VP of Product Management. Control Loop News Brief. Five Eyes outlines top exploited vulnerabilities. 2022 Top Routinely Exploited Vulnerabilities (CISA) Brunswick Corporation loses millions to cyberattack. Marine industry giant Brunswick Corporation lost $85 million in cyberattack, CEO confirms (The Record by Recorded Future) Brunswick Corporation (NYSE:BC) Q2 2023 Earnings Call Transcript (Insider Monkey) Ransomware in the industrial space. Dragos Industrial Ransomware Attack Analysis: Q2 2023 (Dragos) TSA updates security rules for oil and natural gas pipeline operators. TSA updates, renews cybersecurity requirements for pipeline owners, operators (TSA) Control Loop Interview. The interview is with Mea Clift of Woodard & Curran sharing her perspective and efforts around mentorship and internship/apprenticeship with an eye on OT security and her experience in securing the water/utilities space. Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos Vice President of Product Management Kimberly Graham in part one of their discussion on the convergence of OT and IT. Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website .
S2 E30 · Wed, July 26, 2023
Compliance with an eye on OT security.
An unnamed APT has a remote code execution exploit for Rockwell Automation ControlLogix communications modules. Court temporarily blocks water system cybersecurity mandate. Industrial controller vulnerabilities pose a risk to critical infrastructure. US Federal government issues voluntary IoT security guidelines. Our guest is Mea Clift of Woodard & Curran discussing how compliance should not be a checkbox activity with an eye on OT security and shares her experience in securing the water/utilities space. On the Learning Lab, Mark Urban is joined by Dragos Vulnerability Analyst Logan Carpenter in final part of three segments focused on vulnerabilities in the OT world. Webinars. Webinar: Operationalizing OT Threat Intelligence – a Rockwell Automation ControlLogix Case Study Join us for this exclusive behind-the-scenes look at how Dragos approaches this on a regular basis, using the recently disclosed Rockwell Automation ControlLogix EtherNet/IP (ENIP) communication module vulnerabilities (CVE-2023-3595 and CVE-2023-3596). Webinar: Securing Digital Transformation: OT Cybersecurity Innovation and Resilience As business and innovation come together, digital transformation isn’t a future concept - it’s happening right now. Join Dave Bittner and our friends from AWS, Splunk and Dragos on August 3rd @ 2pm EST for a live panel on “Securing Digital Transformation: OT Cybersecurity Innovation and Resilience” where we’ll dive into secure digital transformation, managing OT/IT cyber risk and the value and vision of Cloud resources. Control Loop News Brief. ControlLogix RCE exploit. Rockwell warns of new APT RCE exploit targeting critical infrastructure (BleepingComputer) Dragos Enabled Defense Against APT Exploits for Rockwell Automation ControlLogix (Dragos) Court temporarily blocks water system cybersecurity mandate. EPA ’disappointed’ by hold on agency efforts to spur water systems cybersecurity (The Washington Post) Industrial controller vulnerabilities pose a risk to critical infrastructure. <a href="https://techcrunch.com/2023/07/13/security-flaws-in-ho
S2 E29 · Wed, July 12, 2023
The IT/OT cultural divide in the federal space.
Japan’s largest port disrupted by ransomware. Cl0p breaches Schneider Electric and Siemens Energy. Solar panel vulnerabilities. Threats and risks to electric vehicle charging stations. RedEnergy ransomware and information stealer targets industrial sectors. CISA advisories. Our guest is Christopher Ebley from Blackwood returns to discuss the IT/OT cultural divide in the federal space and IT threats that are impacting OT systems. The Learning Lab continues with part 2 of the 3-part discussion between Dragos’ Mark Urban and Vulnerability Analyst Logan Carpenter talking about vulnerabilities in the OT world. Control Loop News Brief. Japan’s largest port disrupted by ransomware. Japan’s largest port stops operations after ransomware attack (BleepingComputer) Japan's biggest port, Nagoya, hit by suspected cyberattack (Nikkei Asia) Pro-Russian hackers target Port of Nagoya, disrupting loading of Toyota parts (The Japan Times) Nagoya Port Resumes Some Operations After Ransomware Attack (Bloomberg) Cl0p breaches Schneider Electric and Siemens Energy. Schneider Electric and Siemens Energy are two more victims of a MOVEit attack (SecurityAffairs) Siemens Energy confirms data breach after MOVEit data-theft attack (BleepingComputer) Solar panel vulnerabilities. Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks (SecurityWeek) IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits (Unit 42) Actively Exploited Industrial Control Systems Hardware - SolarView Series (VulnCheck) Threats and risks to electric vehicle charging stations. <a href="https://www.wired.com/story/electric-vehicle-char
S2 E28 · Wed, June 28, 2023
OT cybersecurity concerns in the federal space.
The US Department of Energy was affected by Cl0p exploitation of MOVEit Transfer. Canada’s oil-and-gas sector is a likely target for Russian cyberattacks. Nuclear weapons cybersecurity is lacking. Access to a US satellite is being hawked in a Russophone cybercrime forum. ICS patches. Today’s guest is Christopher Ebley from Blackwood talking with us about OT cybersecurity concerns for Federal IT leaders. The Learning Lab has part one of a 3-part discussion between Dragos’ Mark Urban and Vulnerability Analyst Logan Carpenter talking about vulnerabilities in the OT world. Control Loop News Brief. US Department of Energy affected by Cl0p exploitation of MOVEit Transfer. US government hit by Russia's Clop in MOVEit mass attack (The Register) Energy Department among ‘several’ federal agencies hit by MOVEit breach (Federal News Network) Canada’s oil-and-gas sector a likely target for Russian cyberattacks. The cyber threat to Canada’s oil and gas sector (Canadian Centre for Cyber Security) Nuclear weapons cybersecurity is lacking. Nuclear Weapons Cybersecurity: Status of NNSA's Inventory and Risk Assessment Efforts for Certain Systems (GAO) Access to a US satellite is being hawked in a Russophone cybercrime forum. Military Satellite Access Sold on Russian Hacker Forum for $15,000 (HackRead) ICS patches. ICS Patch Tuesday: Siemens Addresses Over 180 Third-Party Component Vulnerabilities (SecurityWeek) CISA Releases Four Industrial Control Systems Advisories (CISA) Lessons learned from the electrical power sector. Electric Industry Cybersecurity: Lessons Learned from the Frontlines (Dragos) Control Loop Interview. The interview is with Christopher Ebley of Blackwood talking about OT cybersecurity concerns for Federal IT leader
S2 E27 · Wed, June 14, 2023
Unpacking cyber awareness syndrome.
The Cyberspace Solarium Commission looks at obstacles to public-private collaboration in the industrial sector. Malware in the industrial sector increases. Organizations plan to increase their OT cybersecurity budgets. CISA and its partners have released a Joint Guide to Securing Remote Access Software. And the US DoD holds its Cyber Yankee exercise. Today’s guest is Will Edwards of Schweitzer Engineering Labs discussing cyber awareness syndrome. The Learning Lab has the conclusion off the discussion between Dragos’ Mark Urban , Principal Adversary Hunter Kyle O’Meara , and Principal Intelligence Technical Account Manager Michael Gardner on threat hunting. Control Loop News Brief. Obstacles to public-private collaboration in the industrial sector. Revising Public-Private Collaboration to Protect U.S. Critical Infrastructure (CSC 2.0) NERC’s role in public-private security collaboration can deter utilities from sharing information: report (Utility Dive) Malware in the industrial sector increases. 2023 Unit 42 Network Threat Trends Research Report (Unit 42) CISA and partners release Joint Guide to Securing Remote Access Software. Guide to Securing Remote Access Software (CISA) US DoD holds Cyber Yankee exercise. Cyber Yankee Prepares Military, Business for Cyber Threats (Air National Guard) Control Loop Interview. The interview is with Will Edwards of Schweitzer Engineering Labs discussing cyber awareness syndrome. Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos Principal Adversary Hunter Kyle O’Meara and Dragos Principal Intelligence Technical Account Manager Michael Gardener to conclude their discussion on threat hunting. Control Loop OT Cybersecurity Briefing.
S1 E26 · Wed, May 31, 2023
Taking a look at cyber insurance in the industrial space.
China's Volt Typhoon snoops into US infrastructure, with special attention to Guam. Is CosmicEnergy just red-teaming, or is it a threat straight out of Red Square? Siemens patches a vulnerability endemic to the energy sector. An update on the Vulkan Papers. A cyberattack leads Suzuki to shut down its Indian production line. BlackBasta conducts ransomware attack against Swiss technology company ABB, and claims responsibility for Rheinmetall attack. Food and Agriculture Information Sharing and Analysis Center stands up. Control Loop News Brief. China's Volt Typhoon snoops into US infrastructure, with special attention to Guam. People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection (Joint Cybersecurity Advisory) Volt Typhoon targets US critical infrastructure with living-off-the-land techniques (Microsoft) Chinese hackers spying on US critical infrastructure, Western intelligence says (Reuters) CosmicEnergy, from Russia. COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises (Mandiant) This newly-discovered malware could disrupt power generation — and do physical damage (Washington Post) Siemens patches a vulnerability endemic to the energy sector. Command Injection Vulnerability in CPCI85 Firmware of SICAM A8000 Devices (Siemens) An update on Russia’s NTC Vulkan: SIGINT, EW, and cyber ops. 7 takeaways from the Vulkan Files investigation (Washington Post) Russian Software Programs Threatening Critical Civilian Infrastructure (Dragos) A cyberattack leads Suzuki to shut down its Indian production line. Suzuki Motorcycle India plant shut down after cyber attack, production affected (Hindustan Times) <a href="https://www.bitdefender.com/blog/hotforsecurity/suzuki-motorcycle-plant-shut-down-by-cyber
S1 E25 · Wed, May 17, 2023
Internal Network Security Monitoring (INSM) for the electrical sector.
Ukraine argues that cyberattacks against civilian infrastructure should be classified as war crimes. The Five Eyes take down Turla and its Snake malware. An Iranian threat actor turns its attention to infrastructure. The Bitter APT may be targeting Asia-Pacific energy companies. A Colonial Pipeline retrospective. ETHOS: a new private-sector OT risk information-sharing platform. CISA requests comment on software self-attestation form. Guest is Patrick Miller , CEO of Ampere Industrial Security, discussing INSM (Internal Network Security Monitoring) as a concept for the electric sector. In the Learning Lab, Dragos’ Mark Urban is joined by Dragos Principal Adversary Hunter Kyle O’Meara and Dragos Principal Intelligence Technical Account Manager Michael Gardner to discuss threat hunting. Control Loop News Brief. Ukraine argues that cyberattacks against civilian infrastructure should be classified as war crimes. Russia attacks civilian infrastructure in cyberspace just as it does on ground - watchdog (UKRINFORM) Russians launch mass cyber attack on online service for queueing to cross border by trucks (Ukrainska Pravda) Europe’s Air-Traffic Agency Under Attack From Pro-Russian Hackers (Wall Street Journal) #RSAC: Cyber-Attacks on Civilian Infrastructure Should Be War Crimes, says Ukraine Official (Infosecurity Magazine) Five Eyes take down Turla and its Snake malware. Hunting Russian Intelligence “Snake” Malware (Joint Cybersecurity Advisory) Iranian threat actor exploits N-day vulnerabilities, turns its attention to infrastructure. Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets (Microsoft) Bitter APT may be targeting Asia-Pacific energy companies. Phishing Campaign Targets Chinese Nuclear Energy Industry (Intezer) The Colonial Pipeline ransomware attack, two years later. <a href="https://www.cisa.gov/n
S1 E24 · Wed, May 03, 2023
Asset inventory: Part of ICS network visibility and monitoring.
Hacktivists versus irrigation. Maritime cybersecurity. JCDC and pre-ransomware notification. Ransomware at Fincantieri Marinette Marine. NSA warns of Russian ransomware disrupting supply chains. Guest Mike Hoffman is Technical Leader Global Services at Dragos & a SANS instructor. Mike will be discussing IT/OT misalignment.. In the Learning Lab, Dragos’ Mark Urban is joined by Dragos’s Senior Product Manager Jordan Wilkerson to dig into ICS network visibility and monitoring, which is the third of the SANS Institute’s 5 ICS Cybersecurity Critical Controls. Control Loop News Brief. Hacktivists versus irrigation. Irrigation Systems in Israel Hit with Cyber Attack that Temporarily Disabled Farm Equipment (CPO Magazine) Maritime cybersecurity. Full Steam Ahead: Enhancing Maritime Cybersecurity (CSC 2.0) Cyber experts call for CISA to establish maritime equipment test bed (FedScoop) JCDC and pre-ransomware notification. JCDC Cultivates Pre-Ransomware Notification Capability . (CISA) Ransomware at Fincantieri Marinette Marine. Ransomware Attack Hits Marinette Marine Shipyard, Results in Short-Term Delay of Frigate, Freedom LCS Construction (USNI News) Russian ransomware operations aim at disrupting supply chains into Ukraine. NSA sees ‘significant’ Russian intel gathering on European, U.S. supply chain entities (CyberScoop) ETHOS: a new private-sector OT risk information-sharing platform. OT Cybersecurity Leaders to Deliver First Open-Source Information Sharing for Collective Early Warning in Critical Infrastructure (Globe Newswire) Control Loop Interview. The interview is with Mike Hoffman , Technical Leader Global Services at Dragos & SANS instructor, discussing the IT
S1 E23 · Wed, April 19, 2023
Unique OT characteristics and points of IT convergence.
Cyberattacks against Canada’s agriculture sector. Hitachi ransomware incident. Africa’s industrial sector under cyberattack. TSA issues new aviation cybersecurity requirements. Ransomware Vulnerability Warning Pilot supports critical infrastructure operators. Patch Tuesday and OT. Guest JD Christopher , Dragos’ Director of Cyber Risk, discusses ICS security standards and regulations and how efforts finalized in 2022 will shape the OT programs of the next decade. In the Learning Lab, Dragos’ Mark Urban is joined by their CEO Robert M. Lee to talk about the unique characteristics of OT and points of IT convergence. Control Loop News Brief. Cyberattacks against Canada’s agriculture sector. Safety Net: A flock of chickens, held for ransom — Growing cyberattacks on Canada's food system threaten disaster (Financial Post) Hitachi ransomware incident. Hitachi Energy confirms data breach after Clop GoAnywhere attacks (BleepingComputer) Africa’s industrial sector targeted with malware. Threat landscape for industrial automation systems. Statistics for H2 2022 (Kaspersky ICS CERT) A border-hopping PlugX USB worm takes its act on the road (Sophos) TSA issues new cybersecurity requirements for the aviation industry. TSA issues new cybersecurity requirements for airport and aircraft operators (PRNewswire) Ransomware Vulnerability Warning Pilot supports critical infrastructure operators. CISA Establishes Ransomware Vulnerability Warning Pilot Program (CISA) CISA now warns critical infrastructure of ransomware-vulnerable devices (BleepingComputer) Patch Tuesday and ICS. ICS Patch Tuesday: Siemens, Schneider Electric Address Dozens of Vulnerabilities (SecurityWeek) Control Loop Interview. The interview is with <a hr
S1 E22 · Wed, April 05, 2023
The challenges of carrying out vulnerability management.
The Vulkan Papers. The Cyberspace Solarium Commission recommends that CISA set up a test bed to improve maritime cybersecurity. Dragos CEO on critical infrastructure cybersecurity. The JCDC’s pre-ransomware notification efforts. Guest Mike Hoffman , Technical Leader Global Services at Dragos & a SANS instructor, discusses challenges carrying out vulnerability management. In the Learning Lab, Dragos’ VP Product & Industry Market Strategy Mark Urban concludes his two-part discussion about industrial cyber threat intel & collective intelligence with Seth Lacy , Principal Threat Hunter at Dragos. Control Loop News Brief. The Vulkan Papers. A Look Inside Putin's Secret Plans for Cyber-Warfare (Der Spiegel) Secret trove offers rare look into Russian cyberwar ambitions (The Washington Post) Maritime cybersecurity. Full Steam Ahead: Enhancing Maritime Cybersecurity (Cyberspace Solarium Commission 2.0) Cyber experts call for CISA to establish maritime equipment test bed (FedScoop) Dragos CEO on critical infrastructure cybersecurity. Full Committee Hearing to Examine Cybersecurity Vulnerabilities to the United States' Energy Infrastructure (Senate Committee on Energy and Natural Resources) JCDC and pre-ransomware notification. JCDC Cultivates Pre-Ransomware Notification Capability (CISA) Getting Ahead of the Ransomware Epidemic: CISA’s Pre-Ransomware Notifications Help Organizations Stop Attacks Before Damage Occurs (CISA) Control Loop Interview. The interview is with Mike Hoffman , Technical Leader Global Services at Dragos & SANS instructor, discussing challenges carrying vulnerability management. Control Loop Learning Lab. In Part 2 of 2, Dragos’ VP Product
S1 E21 · Wed, March 22, 2023
The CISO evolution to incorporate OT.
Cyberattacks against Canada’s agriculture industry. HItachi ransomware incident. African industrial sector targeted with malware. TSA issues new cybersecurity requirements for the aviation industry. CISA issues a guide for resilience in the maritime industry. Ransomware Vulnerability Warning Pilot supports critical infrastructure operators. Guest is JD Christopher , Dragos’ Director of Cyber Risk, talking about the CISO evolution. In the Learning Lab, Dragos’ VP Product & Industry Market Strategy Mark Urban kicks off his two-part discussion about industrial cyber threat intel & collective intelligence with Seth Lacy , who is a Principal Threat Hunter at Dragos. Control Loop News Brief. Cyberattacks against Canada’s agriculture industry. Safety Net: A flock of chickens, held for ransom — Growing cyberattacks on Canada's food system threaten disaster (Financial Post) HItachi ransomware incident. Hitachi Energy confirms data breach after Clop GoAnywhere attacks (BleepingComputer) African industrial sector targeted with malware. Threat landscape for industrial automation systems. Statistics for H2 2022 (Kaspersky) A border-hopping PlugX USB worm takes its act on the road (Sophos) TSA issues new cybersecurity requirements for the aviation industry. TSA issues new cybersecurity requirements for airport and aircraft operators (TSA) CISA issues a guide for resilience in the maritime industry. Marine Transportation System Resilience Assessment Guide (CISA) Ransomware Vulnerability Warning Pilot supports critical infrastructure operators. CISA Establishes Ransomware Vulnerability Warning Pilot Program (CISA) CISA now warns critical infrastructure of ransomware-vulnerable devices (BleepingComputer) Control Loop Intervie
S1 E20 · Wed, March 08, 2023
National Cybersecurity Strategy released.
The White House has released its National Cybersecurity Strategy. MKS Instruments discloses a ransomware incident that spread to some of its vendors. Ransomware hits the Dole Food Company. CISA runs a red team assessment against a critical infrastructure organization. And LockBit has claimed responsibility for an attack on a water utility in Portugal. The CyberWire's Tré Hester shares the news this week. Guest Tom Winston , Dragos’ Director of Intelligence Content, recently spoke with Dave Bittner about Dragos’ recently released 2022 Year in Review report. In the Learning Lab, Dragos’ VP Product & Industry Market Strategy Mark Urban completes his two-part discussion about the importance of incident response planning with Vern McCandlish , who is a Principal Industrial Incident Responder at Dragos. Control Loop News Brief. White House releases the National Cybersecurity Strategy. National Cybersecurity Strategy (The White House) Cranes as a security threat. Pentagon Sees Giant Cargo Cranes as Possible Chinese Spying Tools (Wall Street Journal) EPA Memo requires water systems to include cybersecurity in their safety audits. EPA Takes Action to Improve Cybersecurity Resilience for Public Water Systems (EPA) MKS Instruments discloses ransomware incident. Applied Materials will take a $250M hit to sales this quarter, thanks to a cyberattack at one of its suppliers (Silicon Valley Business Journal) Semiconductor industry giant says ransomware attack on supplier will cost it $250 million (The Record) Ransomware hits a major food producer. Cyberattack on food giant Dole temporarily shuts down North America production, company memo says (CNN) Dole Experiences Cybersecurity Incident (Dole) Red-teaming critical infrastructure. <a href="https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-05
S1 E19 · Wed, February 22, 2023
Adding some color to incident response.
Dragos has released its ICS/OT Cybersecurity Year in Review for 2022, finding a rise in ransomware attacks targeting industrial organizations. Forescout discloses two vulnerabilities affecting the Unity line of Schneider Electric’s Modicon programmable logic controllers. Dozens of vulnerabilities in industrial internet-of-things (IIoT) devices. Tim Starks from the Washington Post's Cybersecurity 202 . discusses the upcoming White House National Cyber Strategy and its possible effects on critical infrastructure. In the Learning Lab, Dragos’ VP Product & Industry Market Strategy Mark Urban begins his two-part discussion about the importance of incident response planning with Vern McCandlish , who is a Principal Industrial Incident Responder at Dragos. Control Loop News Brief. Dragos releases its ICS/OT Cybersecurity Year in Review for 2022. 2022 ICS/OT Cybersecurity Year in Review (Dragos) Russian-linked malware was close to putting U.S. electric, gas facilities ‘offline’ last year (Politico) Schneider PLC vulnerabilities. Deep Lateral Movement in OT Networks: When Is a Perimeter Not a Perimeter? (Forescout) The return of ICEFALL: Two critical bugs revealed in Schneider Electric tech (The Record) Wireless IIoT devices at risk from vulnerabilities. Industrial Wireless IoT - The direct path to your Level 0 (Otorio) Control Loop Interview. The interview is with Tim Starks from the Washington Post's Cybersecurity 202 discussing the upcoming White House National Cyber Strategy and its possible effects on critical infrastructure. Control Loop Learning Lab. In Part 1 of 2, Dragos’ VP Product & Industry Market Strategy Mark Urban speaks with Vern McCandlish , Principal Industrial Incident Responder at Dragos, about the importance of incident response planning. Industrial Cyber Threat Intel & Collective Intelligence links: Neighborhood Keeper in the Broader Context of
S1 E18 · Wed, February 08, 2023
Insight from the ISACs.
Multiple strains of Russian wiper malware are targeting entities in Ukraine. A high-severity command injection vulnerability affects Cisco devices. The IoT supply chain is threatened by exploitation of Realtek Jungle SDK vulnerability. And US Congressman Andrew Garbarino will serve as the new Chairman of the Subcommittee on Cybersecurity and Infrastructure Protection. In Part 2 of 2 in our interview segment from Dragos’ Ask the ISACs discussion led by Dawn Cappelli , Dragos’ Head of OT-CERT, panelists Tim Chase from the MFG-ISAC, Eugene Kipniss from MS-ISAC, Jennifer Lyn Walker from Water ISAC, and Matt Duncan from E-ISAC return. In the Learning Lab, Dragos’ VP Product & Industry Market Strategy Mark Urban concludes his discussion with Lesley Carhart , Dragos’ Director of Incident Response for North America, about creating an ICS/OT specific incident response plan. Control Loop News Brief. Russian wiper malware targets Ukraine. Russia’s Sandworm hackers blamed in fresh Ukraine malware attack (CyberScoop) APT Activity Report for T3 2022 (ESET) Cyber attack on the Ukrinform information and communication system (CERT-UA) Command injection vulnerability affects Cisco devices. When Pwning Cisco, Persistence is Key - When Pwning Supply Chain, Cisco is Key (Trellix) Cisco IOx Application Hosting Environment Command Injection Vulnerability (Cisco) Congressman Andrew Garbarino to serve as Chairman of the Subcommittee on Cybersecurity and Infrastructure Protection. Garbarino Selected To Chair Cybersecurity Subcommittee (Office of Andrew Garbarino) IoT supply chain threatened by exploitation of Realtek Jungle SDK vulnerability. Network Security Trends: August-October 2022 (Unit 42)
S1 E17 · Wed, January 25, 2023
ICS/OT incident response plans: Don't get caught unprepared.
The NOTAM outage was reportedly caused by a corrupted file. The World Economic forum sees geopolitical instability as a source of cyber risk. The Copper Mountain Mining Corporation is working to recover its IT systems following a ransomware attack. DNV's fleet management software sustains a ransomware attack. Ukrainian hacktivists conducted DDoS attacks against Iranian sites. And a cyberattack against a Nunavut power utility.Our interview segment is part one of two from Dragos’ Ask the ISACs discussion led by Dawn Cappelli , Dragos’ Head of OT-CERT, with panelists Tim Chase from the MFG-ISAC, Eugene Kipniss from MS-ISAC, Jennifer Lyn Walker from Water ISAC, and Matt Duncan from E-ISAC. On part 1 of 2 in the Learning Lab, Dragos’ VP Product & Industry Market Strategy Mark Urban speaks with Lesley Carhart , Dragos’ Director of Incident Response for North America, about creating an ICS/OT specific incident response plan. Control Loop News Brief. NOTAM outage appears to have been caused by a system error. US Aviation System Meltdown Tied to Corrupted Digital File (Bloomberg) Here's the latest on the NOTAM outage that caused flight delays and cancellations (NPR) The WEF’s Cybersecurity Outlook for 2023. Global Cybersecurity Outlook 2023 (World Economic Forum) Mining company resumes operations after ransomware attack. Copper Mountain Mining Provides Operational Update on Ransomware Attack (Copper Mountain Mining Corporation) DNV's fleet management software sustains ransomware attack. Cyber-attack on ShipManager servers – update (DNV) Ukrainian hacktivists conduct DDoS against Iranian sites. Iranian websites impacted by pro-Ukraine DDoS attacks (SC Media) <a href="https://therecord.media/irans-suppor
S1 E16 · Wed, January 11, 2023
Shifting into the OT space.
A Canadian mining company shuts down its mill following a ransomware attack. The Port of Lisbon has sustained a cyberattack, with the LockBit ransomware gang claiming credit. Rail company Wabtec begins notifying victims of data breach following a ransomware attack. New York’s governor signs legislation seeking to secure power grids. And an upcoming NATO study will analyze hybrid warfare. Guest Kaleb Flem, Senior Cyber Threat Intel Analyst at Southern California Edison, returns for the second part of his interview to discuss the transition from the military and Intelligence Community to the OT space. The Learning Lab segment will return in our next episode. Control Loop News Brief. Canadian mining company hit by ransomware. Copper Mountain Mining Subject to Ransomware Attack and Implements Risk Management Systems and Protocols (Canada NewsWire) Canadian copper mine suffers ransomware attack, shuts down mills (The Record) Port of Lisbon sustains cyberattack. LockBit claims an attack on the Port of Lisbon (CyberNews) Rail company begins notifying victims of data breach. Data Security Incident Update – Personal Data Breach Public Communication (Wabtec Corporation) Billion-dollar rail firm confirms data breach after suspected ransomware attack (The Record) New York legislation seeks to secure power grids.t Governor Hochul Signs Nation-leading Legislation to Protect Energy Grid from Cyber Threats (Governor Kathy Hochul) NATO study will analyze hybrid warfare. How NATO can keep pace with hybrid threats in the Black Sea region and beyond (Atlantic Council) Control Loop Interview. Kaleb Flem , Senior Cyber Threat Intel Analyst at Southern California Edison, returns for the second part of his interview to discuss the transition from the military and Intelligence Community to the OT space. Control Loop Learning Lab. The Learning Lab will return in our next episode.
Bonus · Wed, December 28, 2022
Interview Select: Maria Varmazis interviews Brandon Bailey about Space Attack Research and Tactic Analysis, or SPARTA matrix.
This interview from December 2nd, 2022 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Maria Varmazis sits down and interviews Brandon Bailey about Space Attack Research and Tactic Analysis, or SPARTA matrix.
S1 E15 · Wed, December 14, 2022
Cyber threat intelligence in the OT space.
Microsoft offers predictions for Russia’s war in Ukraine. A wiper targets the diamond industry. New version of Babuk ransomware hits manufacturing company. Cyberattacks against the manufacturing industry. Cybersecurity for farming equipment. CISA issues ICS advisories. Guest Kaleb Flem, Senior Cyber Threat Intel Analyst at Southern California Edison, discusses maximizing threat intelligence at a utility. And, in Part 2 of 2 on the Learning Lab, Mark Urban and Dragos’ CISO Steve Applegate talk about starting an OT cybersecurity program. Control Loop News Brief. Predictions for Russia’s war in Ukraine. Preparing for a Russian cyber offensive against Ukraine this winter (Microsoft) A wiper targets the diamond industry. Fantasy – a new Agrius wiper deployed through a supply‑chain attack (ESET) New version of Babuk ransomware hits manufacturing company. Morphisec Discovers Brand New Babuk Ransomware Variant in Major Attack (Morphisec) Cyberattacks against the manufacturing industry. BlackBerry/Make UK Research Reveals UK Manufacturing Sector Under Threat as Almost Half Suffer Cyberattack in the Last 12 Months (BlackBerry) Cybersecurity for farms. Tractors vs. threat actors: How to hack a farm (ESET) CISA’s ICS advisories. CISA Releases Three Industrial Control Systems Advisories (CISA) Iguana triggers blackout. Rogue iguana causes widespread power outage in Lake Worth Beach (The Sun Sentinel) Control Loop Interview. Guest Kaleb Flem , Senior Cyber Threat Intel Analyst at Southern California Edison, discusses maximizing threat intel at a utility. Control Loop Learning Lab. Part 2 of 2 has Dragos CISO Steve Applegate talking with Dragos' Mark Urban about starting an OT cybersecurity program.
S1 E14 · Wed, November 30, 2022
Preparing for the electrical grid of the future.
The US Government Accountability Office issues a report on offshore oil and gas cybersecurity. The Oak Ridge National Laboratory seeks to secure power grids. Boa web server vulnerabilities used to target energy organizations. CISA updates its Infrastructure Resilience Planning Framework. And CISA issues advisories for ICS vulnerabilities. Guests Mara Winn and Guohui Yuan join us from the Department of Energy to discuss their report, "Cybersecurity Considerations for Distributed Energy Resources on the U.S. Electric Grid.” In Part 1 of 2 on the Learning Lab, Mark Urban and Dragos’ CISO Steve Applegate talk about starting an OT cybersecurity program. Control Loop News Brief. GAO issues report on offshore oil and gas cybersecurity. Offshore Oil and Gas: Strategy Urgently Needed to Address Cybersecurity Risks to Infrastructure (US Government Accountability Office) ORNL seeks to secure power grids. DarkNet: Lighting up a secure grid communication network (ORNL) Boa web server vulnerabilities. Vulnerable SDK components lead to supply chain risks in IoT and OT environments (Microsoft) Continued Targeting of Indian Power Grid Assets by Chinese State-Sponsored Activity Group (Recorded Future) Sandworm renews ransomware activity against Ukrainian targets. New ransomware attacks in Ukraine linked to Russian Sandworm hackers (BleepingComputer) CISA updates its Infrastructure Resilience Planning Framework. Infrastructure Resilience Planning Framework (CISA) CISA issues ICS advisories. CISA Releases Eight Industrial Control Systems Advisories (CISA) CISA Releases Seven Industrial Control Systems Advisories (CISA) Control Loop Interview. Guests Mara Winn and Guohui Yuan from the Department of Energy discuss their report, "Cybersecurity Considerations for Distributed Energy Resou
S1 E13 · Wed, November 16, 2022
Looking to the future of the OT space.
The US Department of Energy seeks to improve visibility into ICS environments. NIST has issued a proposal for upgrading cybersecurity at water plants in the US. A patch has been issued for a critical vulnerability that affects flow computers from ABB. Guest Ashif Samnani of Cenovus Energy shares insights from his nearly two decade career in the OT world. In the Learning Lab, hear the third in a series with Mike Hoffman, a Principal Industrial Consultant at Dragos, teaching infosec professionals how to think about OT security. This segment discusses looking at crown jewel analysis and understanding what really matters within your environment. Control Loop News Brief. US Department of Energy seeks to improve visibility into ICS environments. “ DOE Pivots Security Strategy as 'Smart' Tech Use Soars ,” (GovCIO) NIST proposal for upgrading cybersecurity at water plants. “ NIST proposes project to improve cybersecurity at water utilities ,” (FedScoop) “ [Project Description] Securing Water and Wastewater Utilities: Cybersecurity for the Water and Wastewater Systems Sector ,” (NIST) “ Securing Water and Wastewater Utilities ,” (National Cybersecurity Center of Excellence) Critical vulnerability affects flow computers. ABB Oil and Gas Flow Computer Hack Can Prevent Utilities From Billing Customers (SecurityWeek) CISA releases twenty ICS Security Advisories. CISA Releases Twenty Industrial Control Systems Advisories (CISA) Control Loop Interview. Guest Ashif Samnani , Industrial Control System Cyber Security Leader at Cenovus Energy, shares some insights from his nearly two decade career across the OT world. Control Loop Learning Lab. Our Learning Lab segment is the third in a series of three with Mike Hoffman , Principal Industrial Consultant at Dragos , teaching infosec professionals how to think about OT security. This segment discusses looking at crown jewel analysis and understanding what really matters within your environment.
S1 E12 · Wed, November 02, 2022
Critical infrastructure in the crosshairs.
CISA releases cross-sector cybersecurity performance goals. A look at the ransomware threat to industrial organizations. The TSA says it will issue new aviation cybersecurity requirements, and announces a railway cybersecurity directive. The White House focuses on cybersecurity in the chemical sector. Guest Jim Richberg of Fortinet addresses the evolving threat landscape and coming supply chain risks. In the Learning Lab, hear the second in a series with Mike Hoffman, a Principal Industrial Consultant at Dragos, teaching infosec professionals how to think about OT security. This segment discusses the critical aspects of OT systems that have to be considered before thinking about security. Control Loop News Brief. CISA releases cross-sector cybersecurity performance goals. “ Cross-sector Cybersecurity Performance Goals ,” (CISA) The ransomware threat to industrial organizations. “ Dragos Industrial Ransomware Analysis: Q3 2022 ,” (Dragos) Leading European metals producer hit with malware. “ Aurubis says it was hit in wider cyberattack on metals industry ” (Reuters) Copper Giant Aurubis Shuts Down Systems Due to Cyberattack (SecurityWeek) TSA says it will issue new aviation cybersecurity requirements. “ U.S. to issue new cybersecurity requirements for critical aviation systems ,” (Reuters) TSA announces railway cybersecurity directive. “ Rail Cybersecurity Mitigation Actions and Testing ,” (TSA) White House focuses on cybersecurity in the chemical sector. “ FACT SHEET: Biden-Harris Administration Expands Public-Private Cybersecurity Partnership to Chemical Sector ,” (The White House) “ White House Adds Chemical Sector to ICS Cybersecurity Initiative ,” (SecurityWeek) Control Loop Interview. Guest Jim Richberg of Fortinet joins us to discuss the evolving threat landscape and coming supply chain risks. Control Loop Learning Lab. Our Learning Lab segment is the first in a serie
S1 E11 · Wed, October 19, 2022
An IT security professional walks into an OT bar.
An assessment of port and terminal cybersecurity in the US. Tata Power discloses a cyberattack. The White House issues statements on cybersecurity. India’s power company collaborates on energy sector cybersecurity. Guests Special Agent in Charge, Tom Sobocinski, and Supervisory Special Agent for Cyber, Tom Breeden, of the FBI Baltimore Field Office, discuss the FBI's collaborative approach to working with industry. In the Learning Lab, Mike Hoffman of Dragos kicks off the first of 3 segments on teaching infosec professionals how to think about OT security with the fundamental differences between IT security and OT security. Control Loop News Brief. Port and terminal cybersecurity. “ US Ports and Terminals Sustain Increased Cybersecurity Attacks ,”(Jones Walker LLP) Cyber attack against Tata Power. “ Indian energy company Tata Power announces cyberattack affecting IT infrastructure ,” (The Record) “ Tata Power says hit by cyber attack, says critical system functioning ,” (Mint) “ Tata Power says hit by cyber attack ,” (The Economic Times) Sabotage and terrorism directed against infrastructure. “ Russia’s MFA summons German, Danish, Swedish envoys over Nord Stream probe ,” (TASS) White House statement on cybersecurity. “ FACT SHEET: Biden-Harris Administration Delivers on Strengthening America’s Cybersecurity ,” (The White House) India collaborates on energy sector cybersecurity. “ New collaboration to tackle cybersecurity issues in power transmission systems ,” (India Science Wire) Control Loop Interview. Guests are FBI Baltimore Special Agent in Charge, Tom Sobocinski , and Supervisory Special Agent for Cyber, Tom Breeden , sharing the FBI's collaborative approach to working with industry. Control Loop Learning Lab.</h2
S1 E10 · Wed, October 05, 2022
Disrupt, disable, deny, deceive, and/or destroy.
Nord Stream pipelines sabotaged in a kinetic attack. NSA and CISA issue guidance on ICS threats. Ukraine anticipates Russian cyberattacks against the energy sector. Dragos receives CVE numbering authority. CISA's ICS Advisories. Guest Dawn Cappelli of Dragos shares an update on OT-CERT. In the Learning Lab, Mark Urban and Phil Tonkin of Dragos talk about where does all that electricity that is generated go? Control Loop News Brief. Nord Stream pipelines sabotaged in a kinetic attack. Sweden Detected Two Underwater Explosions Near Nord Stream Leak (Bloomberg) Germany Suspects Sabotage Hit Russia’s Nord Stream Pipelines (Bloomberg) European leaders blame Russian ‘sabotage’ after Nord Stream explosions (The Washington Post) Kremlin dismisses 'stupid' claims Russia attacked Nord Stream (Reuters) EU vows to protect energy network after 'sabotage' of Russian gas pipeline (Reuters) NSA and CISA issue guidance on ICS threats. NSA, CISA: How Cyber Actors Compromise OT/ICS and How to Defend Against It (NSA) NSA and CISA explain the potential consequences of these attacks. Control System Defense: Know the Opponent (NSA/CISA) Dragos receives CVE numbering authority. The CVE Program Recognizes Dragos as a Numbering Authority for Common Vulnerabilities and Exposures (Dragos) CISA's ICS Advisories. CISA Releases Eight industrial Control Systems Advisories (CISA) Control Loop Interview. Dawn Cappelli of Dragos shares an update on OT-CERT now that it's live and providing free resources to small and medium sized organizations with OT e
S1 E9 · Wed, September 21, 2022
Providing a safe and secure OT infrastructure.
The Palestinian hacktivist group GhostSec compromises Israeli PLCs. North Korea’s Lazarus Group targets the energy sector. The White House issues a memorandum on supply chain security. CISA issues advisories on ICS vulnerabilities. Guest Rachael Conrad of Rockwell Automation talks about how industrial automation organizations can achieve their connected enterprise by providing a safe and secure OT infrastructure. In the Learning Lab, Dragos' Mark Urban discusses the scale of the generation of electricity. Control Loop News Brief. Palestinian threat actor compromises Israeli PLCs. “ Pro-Palestinian Hacking Group Compromises Berghof PLCs in Israel ,” (OTIRO) Lazarus Group targets the energy sector. “ Lazarus and the tale of three RATs ,” (Cisco Talos) White House issues memorandum on software supply chain security. “ Enhancing the Security of the Software Supply Chain to Deliver a Secure Government Experience ,” (The White House) CISA issues ICS advisories. MZ Automation libIEC61850 (CISA) PTC Kepware KEPServerEX (CISA) Baxter Sigma Spectrum Infusion Pump (CISA) Hillrom Medical Device Management (Update A) (CISA) Hitachi Energy TXpert Hub CoreTec 4 Sudo Vulnerability (CISA) Honeywell SoftMaster (CISA) Delta Industrial Automation DIAEnergie (CISA) Kingspan TMS300 CS (CISA) Paradox IP150 (Update A) (CISA) Siemens Mobility CoreShield OWG Software (CISA) Siemens Simcenter Femap and Parasolid (CISA) Siemens RUGGEDCOM ROS (CISA) Siemens Mendix SAML Module (CISA) Siemens S
S1 E8 · Wed, September 07, 2022
The fundamentals of the control loop.
Cybersecurity for the food industry. Montenegro works to recover from Russian cyber offensive. NSTAC recommends cataloging Federal OT assets. Chemical sector cybersecurity. Kinetic attacks affect Ukrainian nuclear power plant. CISA ICS alerts. Guest Dean Parsons from SANS joins us to discuss attacks against critical infrastructure. The Learning Lab finds Dragos' Mark Urban joined by Miriam Lorbert breaking down the fundamentals of the control loop. Control Loop News Brief. Food industry cybersecurity. Food Processing Special Report Reveals Increasing Concern of Cyber Attacks for Food & Beverage Industry (Dragos) Montenegro works to recover from Russian cyber offensive. FBI's team to investigate massive cyberattack in Montenegro (AP NEWS) US issues rare security alert as Montenegro battles ransomware (TechCrunch) Cuba ransomware group claims attack on Montenegro government (IT PRO) Cuba Ransomware Team claims credit for attack on Montenegro (Databreaches.net) Montenegro blames Cuba ransomware for cyberattack (Cybernews) Montenegro Sent Back to Analog by Unprecedented Cyber Attacks (Balkan Insight) Montenegro blames criminal gang for cyber attacks on government (EU Reporter) Ransomware Attack Sends Montenegro Reaching Out to NATO Partners (Bloomberg) NSTAC recommends cataloging Federal OT assets. NSTAC Urges CISA Action to Boost Security of Feds’ OT Systems (MeriTalk) Chemical sector cybersecurity. Chemical Sector Next in Line for White House Plan to Incentivize Cybe
S1 E7 · Wed, August 24, 2022
Executive discussions and how to communicate your cyber risks to the Board.
DOE invests in securing the US power grid. CISA’s recent ICS security advisories. Industroyer2 makes an appearance in Ukraine. DDoS attack against Energoatom’s website. Ransomware trends and the threat to OT systems. Ransomware gang attempts to extort the wrong water company. Control Loop News Brief. DOE invests in securing the US power grid. DOE invests $45 million in cyber technology that protects power sector (The Hill) CISA’s recent ICS security advisories. Cisco Releases Security Update for Multiple Products (CISA) Siemens Simcenter STAR-CCM+ (CISA) Siemens Teamcenter (CISA) Schneider Electric EcoStruxure, EcoStruxure Process Expert, SCADAPack RemoteConnect for x70 (CISA) Emerson ROC800, ROC800L and DL8000 (CISA) Siemens SICAM A8000 Web Server Module (CISA) Siemens SICAM TOOLBOX II (CISA) Siemens SCALANCE (CISA) Siemens SIMATIC S7-400 (CISA) Siemens Industrial Products Intel CPUs (Update A) (CISA) Siemens Industrial Products LLDP (Update B) (CISA) Siemens Linux-based Products (Update G) (CISA) Siemens Datalogics File Parsing Vulnerability (CISA) Siemens S7-400 CPUs (Update A) (CISA) Siemens SIMATIC Software Products (Update B) (CISA) Siemens SIMATIC S7-1200 and S7-1500 CPU Families (Update B) (CISA) Baxter Sigma Spectrum Infusion Pumps (Update B) (CISA) Siemens Industrial Products with OPC UA (Update H) (CISA) <a href="https://www.cisa.gov/uscert/
S1 E6 · Wed, August 10, 2022
Pipeline cybersecurity mitigation actions, contingency planning, and testing.
BlackCat ransomware gang hits Luxembourg energy company. Predatory Sparrow's assault on Iran's steel industry. MOXA issues patches for two vulnerabilities. ICS security advisories. Two security bills pass the US House. Insider threat: Spain arrests nuclear plant employees. The human risk to OT systems. Control Loop News Brief. BlackCat ransomware gang hits Luxembourg energy company. BlackCat ransomware gang hits Luxembourg energy supplier Creos (Computing) Luxembourg energy provider Encevo Group battles ransomware attack by BlackCat (Tech Monitor) BlackCat ransomware claims attack on European gas pipeline (BleepingComputer) Luxembourg energy companies struggling with alleged ransomware attack, data breach (The Record by Recorded Future) Predatory Sparrow's assault on Iran's steel industry. Predatory Sparrow: Who are the hackers who say they started a fire in Iran? (BBC News) Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents' (CyberScoop) MOXA issues patches for two vulnerabilities. Moxa NPort Device Flaws Can Expose Critical Infrastructure to Disruptive Attacks (SecurityWeek) Two Moxa Zerodays — ICSRange.com - Powered by En Garde Security (ICSRange.com - Powered by En Garde Security) ICS security advisories. Inductive Automation Ignition (CISA) Honeywell Safety Manager (CISA) Honeywell Saia Burgess PG5 (CISA) MOXA NPort 5110 (CISA) Mitsubishi MELSEC and MELIPC Series (Update D) (CISA) Rockwell Products Impacted by Chromium Type Confusion Vulnerability (CISA) Mitsubis
S1 E5 · Wed, July 27, 2022
Demystifying the alphabet soup of OT, IT, IOT.
More deniable DDoS attacks strike countries friendly to Ukraine. Russian intentions and capabilities in its hybrid war. Log4j is now “endemic.” CISA’s ICS security advisories. Operational technology and the C2C market. TSA issues revised pipeline cybersecurity guidelines. Zero-trust comes to OT. Our guest is Puesh Kumar from the Department of Energy, discussing the DOE’s efforts to secure critical infrastructure, and to secure clean energy infrastructure. In the Learning Lab, Kimberly Graham, senior director of product management at Dragos, talks with Mark Urban about the alphabet soup of OT. Control Loop News Brief. Threats to infrastructure in a hybrid war. Ignitis Group hit by DDoS attack as Killnet continues Lithuania campaign (Tech Monitor) Ignitis services were knocked offline this weekend in a DDoS attack as Russian hackers Killnet target Ukraine's allies. US seeking to understand Russia’s failure to project cyber power in Ukraine (Defense News) “With regard to the Russian use of cyber and our takeaways,” Anne Neuberger said, “there are any number of theories for what we saw and what, frankly, we didn’t see.” Battling Moscow's hackers prior to invasion gave Kyiv 'full dress rehearsal' for today's cyber warfare (CyberScoop) Years of cyberattacks have helped prepare Ukraine to fight back against Russia's arsenal of digital weapons. Log4j is now “endemic.” DHS Review Board Deems Log4j an 'Endemic' Cyber Threat (Dark Reading) Vulnerability will remain a "significant" threat for years to come and highlighted the need for more public and private sector support for open source software ecosystem, Cyber Safety Review Board says. DHS board: No one used software inventories to find vulnerable Log4j deployment (FedScoop) Many in government and industry want SBOMs to be the secure software development compliance standard, but the technology remains limited. Review of the December 2021 Log4j Event (Cyber Safety Review Board) We write this report at a transformational moment for the digital ecosystem. The infrastructure on which we rely daily has become deeply interconnected through the use of shared communications, software, and hardware, making it susceptible to vulnerabilities on a global scale. <a href="https:/
S1 E4 · Wed, July 13, 2022
CMMC and your industrial environment, plus the five most critical security controls.
A cyberattack hits a Ukrainian energy provider. A Chinese-speaking threat actor targets building automation systems. An Iranian steel mill suspends production due to a cyberattack. The US US TSA issues relaxed pipeline cybersecurity directives. A US cybersecurity bill focuses on training. Ian Frist from BlueVoyant joins us to discuss on what CMMC will mean for ICS environments. And in the Learning Lab, Robert M Lee joins us to explain the five critical controls for ICS. Control Loop News Brief. Russian hackers allegedly target Ukraine's biggest private energy firm (CNN) Russian hackers carried out a "cyberattack" on Ukraine's biggest private energy conglomerate in retaliation for its owner's opposition to Russia's war in Ukraine, the firm said Friday. Attacks on industrial control systems using ShadowPad (Kaspersky) In mid-October 2021 Kaspersky ICS CERT researchers uncovered an active ShadowPad backdoor infection on industrial control systems (ICS) in Pakistan. Cyberattack Forces Iran Steel Company to Halt Production (SecurityWeek) One of Iran’s major steel companies said Monday it was forced to halt production after being hit by a cyberattack that also targeted two other plants, apparently marking one of the biggest such assaults on the country’s strategic industrial sector in recent memory. Iran’s steel industry halted by cyberattack (The Jerusalem Post) Predatory Sparrow, a hacktivist group that is little known, took credit for the hacking that halted Iran's steel industry. Iranian steel facilities suffer apparent cyberattacks (CyberScoop) Three Iranian steel companies suffered apparent cyberattacks Monday, claimed a hacktivist group that previously took responsibility for a digital assault on the Iranian train system with wiper malware. Smart Factories Need to Prioritize Cybersecurity (Capgemini) Smart factories are increasingly being utilized by industry as part of the transition toward digitization. Being connected to cloud or the internet, they bring a plethora of communicative advantages. However, this network connection also creates a larger surface area vulnerable to attack via digital means. TSA Eases Pipeline Cybersecurity Rules Issued After Colonial Hack (Wall Street Jou
S1 E3 · Wed, June 29, 2022
The OT-CERT provides critical resources to the industrial community.
ICEFALL affects OT devices. Thermal cameras and industrial processes. Sandworm spies on infrastructure. Ransomware hits auto parts manufacturer. Most electricity, oil & gas, manufacturing firms have seen cyberattacks. Nuclear facility cyber exercises. Connecticut Guard trains to defend utilities. Dawn Cappelli joins us to discuss how the OT Cyber Emergency Readiness Team is planning to address cybersecurity resource gaps for industrial infrastructure. And in the learning lab, Nick Shaw joins us for part two of OT fundamentals, where he explains the Purdue reference model for industrial cybersecurity. Control Loop News Brief. ICEFALL vulnerabilities affect OT devices OT:ICEFALL: 56 Vulnerabilities Caused by Insecure-by-Design Practices in OT (Forescout) Thermal camera vulnerabilities. Multiple Vulnerabilities in Infiray IRAY-A8Z3 thermal camera (SEC Consult) Vulnerabilities in access control panels. Trellix Threat Labs Uncovers Critical Flaws in Widely Used Building Access Control System (Trellix) Sandworm exploits Follina in phishing campaign. Russian hackers start targeting Ukraine with Follina exploits (BleepingComputer) Ransomware hits automotive hose manufacturer. US Subsidiary of Automotive Hose Maker Nichirin Hit by Ransomware (SecurityWeek) Most ransomware victims are attacked a second time. Ransomware: The True Cost to Businesses (Cybereason) 89% of electricity, oil & gas, and manufacturing firms have been hit by cyberattacks. Cyber-Attacks on Industrial Assets Cost Firms Millions (Trend Micro) Control Loop Interview. Dawn Cappelli on how the OT Cyber Emergency Readiness Team (OT-CERT) is addressing the cybersecurity resource gaps that exist in industrial infrastructure. Follow Dawn on LinkedIn . OT-CERT is an Operational Technology – Cyber Emergency Readiness Team dedicated to addressing the O
S1 E2 · Wed, June 15, 2022
ICS training and education is a maturing domain.
Subscribe to the Control Loop Newsletter here with new editions published every month. UK Attorney General discusses hacking back in defense of critical infrastructure. Ethiopia says it stopped cyberattacks on its Nile dam. Recommended cybersecurity improvements for dams in the Southeastern US. Water system security. MITRE releases supply chain security framework. CISA and its partners issue guidelines for evaluating 5G implementation. Deloitte opens a Smart Factory at Wichita State University. Tim Conway from SANS discusses his path to OT cybersecurity, workforce and cyber skills development for OT personnel, and new developments in cybersecurity education for industrial security. And in the Learning Lab, Mark Urban is joined by Nick Shaw for part one of an intro to OT. Control Loop News Brief. Hacking back in defense of critical infrastructure. Defensive Cyber Attacks Declared Legal by UK AG, Path Cleared to “Hack Back” When Critical Infrastructure & Services Attacked . (CPO Magazine) TVA recommends cybersecurity improvements for dams in Southeastern US. Request for Final Action - Audit 2020-17340 Non-Power Dam Control Cybersecurity . (Office of the Inspector General, TVA) INSA says cyber attack on GERD, financial institutions foiled . (Addis Standard) Water system security. Cyberspace Solarium congressman, water officials decry EPA inaction on cybersecurity . (CyberScoop) MITRE releases supply chain security framework. Mitre’s New “System Of Trust” Protects Vulnerable Supply Chains (MITRE) CISA and its partners issue guidelines for evaluating 5G implementation. 5G Security Evaluation Process Investigation Version 1 (CISA) Ransomware attack on FOXCONN Mexico factory operations.. Foxconn: Mexico factory operations ‘gradually returning to normal’ after ransomware attack . (The Record) Loc
S1 E1 · Wed, June 01, 2022
Welcome to Control Loop: Giving back to the OT community.
Every two weeks, get the latest in OT news in Control Loop News Brief, an interview featuring a thought leader in the OT space sharing current industry trends, and the Control Loop Learning Lab’s educational segment. A companion monthly newsletter is available through free subscription and on the CyberWire's website . Headlines include: Russia’s hybrid war against Ukraine. Russian threat actors against industrial control systems. Exploits for Bluetooth Low Energy. Hacktivists claim attacks against Russian ground surveillance robots. New wiper loader. Turla threat actor reconnaissance in Estonian and Austrian networks. Robert M. Lee, CEO of Dragos, talks giving back to the OT community and shares insights on Pipedream malware. Learning Lab has Dragos' Mark Urban and Jackson Evans-Davies talking about the fundamentals of OT cybersecurity. Control Loop News Brief. Continuing expectations of escalation in cyberspace. Microsoft President: Cyber Space Has Become the New Domain of Warfare - Infosecurity Magazine Cyber Attacks on Ukraine: Not What You Think | PCMag Warning: threat actor targets industrial systems. US warns energy firms of a rapidly advancing hacking threat - E&E News PIPEDREAM: CHERNOVITE's Emerging Malware Targeting Industrial Environments | Dragos Pipedream Malware: Feds Uncover 'Swiss Army Knife' for Industrial System Hacking | WIRED Indestroyer2 and Ukraine's power grid. Twitter: @ESETresearch Industroyer2: Industroyer reloaded | WeLiveSecurity Russian hackers tried to bring down Ukraine's power grid to help the invasion | MIT Technology Review Bluetooth vulnerabilities demonstrated in proof-of-concept. NCC Group uncovers Bluetooth Low Energy (BLE) vulnerability that puts millions of cars, mobile devices and locking systems at risk
Trailer · Thu, May 26, 2022
Introducing Control Loop, the industrial cybersecurity podcast.
Cybersecurity for Operational Technology and Industrial Control Systems. The Control Loop podcast, hosted by the CyberWire’s Dave Bittner, investigates the latest threat intelligence, security strategies, and technologies that industry professionals rely on to safeguard civilization. Every two weeks, Dave analyzes the biggest stories in OT security with commentary from key industry leaders and operators. Each episode includes new guests who provide the insider’s perspective on major threats and vulnerabilities, novel ideas and solutions, and critical training topics. Control Loop Episode 1 premieres on June 1st, 2022. Listen and subscribe to the podcast wherever you get your favorite shows and subscribe to the newsletter on the CyberWire website.
loading...