Critical Infrastructure
Critical Infrastructure | News, how-tos, features, reviews, and videos
Infrastructure bill includes $1.9 billion for cybersecurity
Passage of the infrastructure bill includes $1.9 billion for cybersecurity, and more could be on the way with the Build Back Better and other bills working their way through Congress.
Biden’s cybersecurity executive order, a progress report
Of the 46 tasks President Biden mandated to protect digital government assets, 19 are now completed, though not all agencies have reported their progress.
Lack of C3PAO assessors jeopardizes DoD CMMC certification goal
Only 100 approved assessors are available to certify that 300,000 US DoD providers are in compliance with the Cybersecurity Maturity Model Certification by the 2023 deadline.
Tech giants pledge at least $30 billion to improve cybersecurity following White House meeting
Technology, financial, and education leaders commit to a wide range of initiatives to enhance the nation's cybersecurity posture in collaboration with the Biden Administration.
CISA’s Joint Cyber Defense Collaborative: Why it just might work
New CISA director Jen Easterly is tasked with implementing the JCDC, which promises to make US critical infrastructure more resilient to cyberattacks. Her history makes her the right person for the job.
BlackBerry faces bad PR by failing to go public with BadAlloc vulnerability
Although the company informed its OEM customers of the vulnerability, users of IoT devices running its QNX OS were potentially kept in the dark.
What is physical security? How to keep your facilities and devices safe from on-site attackers
Securing premises and devices from physical attacks can be just as challenging as defending against cyber threats. Automation and AI are increasingly used to shore up defenses.
Serious flaws in widespread embedded TCP/IP stack endanger industrial control devices
Critical vulnerabilities potentially affect millions of devices, but finding and patching them will be difficult.
Basic flaws put pneumatic tube transport systems in hospitals at risk
Multiple vulnerabilities could allow persistent take-over and ransom demands by attackers.
Biden memo, infrastructure deal deliver cybersecurity performance goals and money
The White House initiatives and expected passage of the US infrastructure plan will set new cybersecurity standards for critical infrastructure, provide money to state and local governments.
TSA issues second cybersecurity directive for pipeline companies
Experts applaud the agency's new, detailed security requirements for US pipeline operators but question how they will be enforced or monitored.
CISA: China successfully targeted US oil and natural gas infrastructure
CISA alert details past network compromises and exposes a lack of preparedness among ICS companies.
Authentication bypass allows complete takeover of Modicon PLCs used across industries
The vulnerability could allow attackers to insert malicious code and easily avoid detection.
Colonial Pipeline take-away for CISOs: Embrace the mandates
The DarkSide attack on Colonial is yet another wake-up call for companies to harden their systems against ransomware. History suggests that might not happen despite new government guidance.
video
What the Colonial Pipeline ransomware attack suggests about critical infrastructure security
The largest fuel pipeline in the United States, Colonial Pipeline, halted operations because of a ransomware attack. The attack was carried out by the cybercriminal group DarkSide. Much of the pipeline remains offline, although the...
Colonial Pipeline shutdown highlights need for better OT cybersecurity practices
Experts weigh in on what the Colonial attack teaches critical infrastructure providers about preparation and incident response.
Biden administration releases 100-day plan to address electric system cybersecurity risks
The plan focuses largely on supply chain risks to the electric grid, requests input on the DOE's role in coordinating cybersecurity efforts.
