The GAO pointed out that the DHS, CISA and NIST have issued guidance, alerts, advisories, and other resources in an effort to help federal and private entities manage the cybersecurity risks associated with internet-of-things (IoT) and operational technology (OT) systems. While steps have been taken to protect critical infrastructure against cyberattacks, GAO believes more should…

The flaw affects Time-Triggered Ethernet (TTE), a networking technology specifically designed for real-time applications and cyber-physical systems with high safety and availability requirements. TTE is often used to reduce costs and improve efficiency as it allows mission-critical components to exist on the same network hardware as less important systems. For instance, life support systems can…

Trend Micro is presenting the research this week at SecurityWeek’s 2022 ICS Cyber Security Conference in Atlanta, which can also be joined online via SecurityWeek’s virtual event platform. Registration for the event is still open. CNC machines can be programmed to carry out a wide range of tasks with a high level of efficiency, consistency…

The flaws were discovered by researchers at industrial cybersecurity firm Claroty in Carlo Gavazzi’s CPY Car Park Server and UWP 3.0 monitoring gateway and controller products. The vendor released patches for the impacted products earlier this year. The Germany-based CERT@VDE, which coordinates the disclosure of vulnerabilities impacting the industrial control system (ICS) and operational technology…

The Guidelines for Testing of IoT Security Products cover the principles for testing security products for IoT, recommendations on setting up testing environments, the testing for specific security functionality, and performance benchmarking. The document encourages testers to focus on validating the end result and the performance of the provided protections and not to differentiate products…

OPC UA (Open Platform Communications United Architecture) is a machine-to-machine communication protocol that is used by many industrial solutions providers to ensure interoperability between various types of industrial control systems (ICS). JFrog’s researchers discovered several vulnerabilities in OPC UA and disclosed some of them at the Pwn2Own Miami 2022 competition in April, where participants earned…

The National Institute of Standards and Technology (NIST) is expected to publish the standard in 2024, but CISA urges stakeholders to prepare in advance, citing potential risks from quantum computing to the entire critical infrastructure. Quantum computers use qubits, or ‘quantum bits’, to deliver higher computing power and speed in certain scenarios, including solving mathematical…

A major impact of the pandemic has been the acceleration of digital transformation, which has expanded from advanced digitization into increasingly unmanaged automation. This automation is largely controlled by unmanaged cyber/physical devices. It started with the first generation of largely consumer oriented IoT devices but has grown into what some now call Industry 5.0. The…