ICS

Software Security

Issued by: Security Week

Forescout Research Labs and JFrog Security Research found a total of 14 vulnerabilities in NicheStack, a TCP/IP stack used by many operational technology (OT) vendors. The flaws, a majority of which have been assigned critical and high severity ratings, can be exploited for remote code execution, denial of service (DoS) attacks, obtaining information, TCP spoofing,…

Vulnerabilities

Issued by: Security Week

Vulnerabilities in CODESYS software could have serious implications considering that it’s used in the industrial control systems (ICS) made by several major companies. Last month, a cybersecurity firm warned that programmable logic controllers (PLCs) made by over a dozen manufacturers were exposed to attacks due to critical security bugs discovered in CODESYS software. CODESYS on…

Network Security

Issued by: Security Week

One of the bills focusing on critical infrastructure is the Cybersecurity Vulnerability Remediation Act, which aims to authorize the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to assist owners and operators of critical infrastructure with mitigation strategies against serious vulnerabilities. The bill covers vulnerabilities in IT and OT systems, as well as security holes in…

Malware & Threats

Issued by: Security Week

The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued a new joint advisory on a gas pipeline intrusion campaign allegedly conducted by Chinese state-sponsored hackers between 2011 and 2013. In addition, CISA has updated five advisories released between 2012 and 2017 to attribute malware and malicious activity to various nation states….

Network Security

Issued by: Security Week

The new service, named Advanced Monitoring and Incident Response (AMIR), is part of Honeywell’s Forge managed security services offering. It’s designed to help security teams detect and respond to attacks targeting industrial control systems (ICS) and operational technology (OT) networks. Honeywell says AMIR is designed to continuously monitor OT environments for suspicious events. It collects…

Malware & Threats

Issued by: Security Week

Grid Solutions is a GE Renewable Energy business that provides electricity management solutions for the energy sector, including oil and gas, as well as industry and infrastructure organizations. Advisories published this week by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and GE Grid Solutions (account required) inform customers that more than a dozen UR…

Vulnerabilities

Issued by: Security Week

ENTSO-E represents 42 electricity transmission system operators (TSOs) from 35 countries in Europe. TSOs are responsible for the transmission of electric power across the main high-voltage networks, and ENTSO-E works with them on the implementation of energy policies and achieving Europe’s energy and climate policy objectives. “A risk assessment has been performed and contingency plans…

Vulnerabilities

Issued by: Security Week

An analysis of industrial control systems (ICS) has shown that many products contain features and functions that have been designed with no security in mind, allowing malicious hackers to abuse them and potentially cause serious damage. PAS, which provides industrial cybersecurity and operations management solutions, has analyzed data collected over the past year from over…

Malware & Threats

Issued by: Security Week

House Passes Bill to Enhance Industrial Cybersecurity

The U.S. House of Representatives on Monday passed a bill aimed at protecting industrial control systems (ICS), particularly ones used in critical infrastructure, against cyberattacks. The legislation, H.R. 5733, formally known as the “DHS Industrial Control Systems Capabilities Enhancement Act,” was introduced on May 9 by Rep. Don Bacon (R-NE) and it was approved by…

Malware & Threats

Issued by: Security Week

Simulation Shows Threat of Ransomware Attacks on ICS

Researchers at the Georgia Institute of Technology have demonstrated the potential impact of ransomware on industrial control systems (ICS) by simulating an attack aimed at a water treatment plant. David Formby, a Ph.D. student in the Georgia Tech School of Electrical and Computer Engineering, and his faculty advisor, Raheem Beyah, identified several commonly used programmable…