Critical Infrastructure

Critical Infrastructure | News, how-tos, features, reviews, and videos

Gate Smart Lock
Feature

What is physical security? How to keep your facilities and devices safe from on-site attackers

industrial power plant hacked skull and crossbone pixels security breach power plant by jason black
News Analysis

Serious flaws in widespread embedded TCP/IP stack endanger industrial control devices

stethoscope mobile healthcare ipad tablet doctor patient
News Analysis

Basic flaws put pneumatic tube transport systems in hospitals at risk

Multiple vulnerabilities could allow persistent take-over and ransom demands by attackers.

USA / United States of America stars + stripes and binary code superimposed over The White House
News Analysis

Biden memo, infrastructure deal deliver cybersecurity performance goals and money

The White House initiatives and expected passage of the US infrastructure plan will set new cybersecurity standards for critical infrastructure, provide money to state and local governments.

data pipeline primary
News Analysis

TSA issues second cybersecurity directive for pipeline companies

Experts applaud the agency's new, detailed security requirements for US pipeline operators but question how they will be enforced or monitored.

industrial power plant hacked skull and crossbone pixels security breach power plant by jason black
Opinion

CISA: China successfully targeted US oil and natural gas infrastructure

CISA alert details past network compromises and exposes a lack of preparedness among ICS companies.

skull and crossbones in binary code
News Analysis

Authentication bypass allows complete takeover of Modicon PLCs used across industries

The vulnerability could allow attackers to insert malicious code and easily avoid detection.

A Colonial Pipeline facility in Baltimore, Maryland, USA, 10 May 2021.
Opinion

Colonial Pipeline take-away for CISOs: Embrace the mandates

The DarkSide attack on Colonial is yet another wake-up call for companies to harden their systems against ransomware. History suggests that might not happen despite new government guidance.

tt21 020 thumb
video

What the Colonial Pipeline ransomware attack suggests about critical infrastructure security

The largest fuel pipeline in the United States, Colonial Pipeline, halted operations because of a ransomware attack. The attack was carried out by the cybercriminal group DarkSide. Much of the pipeline remains offline, although the...

data pipeline primary
News Analysis

Colonial Pipeline shutdown highlights need for better OT cybersecurity practices

Experts weigh in on what the Colonial attack teaches critical infrastructure providers about preparation and incident response.

power plant utilities energy innovation industrial iot american public power association unsplash
News Analysis

Biden administration releases 100-day plan to address electric system cybersecurity risks

The plan focuses largely on supply chain risks to the electric grid, requests input on the DOE's role in coordinating cybersecurity efforts.

cso security hack breach water leak gettyimages 466029458 by firmafotografen 2400x1600px
News Analysis

Oldsmar cyberattack raises importance of water utility assessments, training

The attempt to poison a city's water supply by remotely accessing its ICS underscores the need for cybersecurity assistance at under-resourced critical infrastructure facilities.

Unitd States cybersecurity > U.S. flag with a digital network of locks instead of stars
News Analysis

Biden administration brings expertise, new attitude to cybersecurity

The US president promises a reckoning for SolarWinds hackers and places cybersecurity at the top of the administration's agenda.

United States Capitol building / United States Congress / abstract security concept
News Analysis

SolarWinds hack is quickly reshaping Congress’s cybersecurity agenda

More cybersecurity funding for states and Capitol, new breach reporting rules, and ransomware-related bills will likely be on the agenda for the 117th Congress.

power plant utilities energy innovation industrial iot american public power association unsplash
News Analysis

US bulk energy providers must now report attempted breaches

US bulk energy providers must now report attempted breaches as well as successful breaches. Guidance is murky over what constitutes an "attempted" breach.

Security system alert, warning of a cyberattack.
Feature

How to prepare for the next SolarWinds-like threat

It is possible to minimize the risk from nation-state attacks like SolarWinds. This is the best advice based on what experts have learned so far.

United States Capitol building / United States Congress / abstract security concept
News Analysis

26 Cyberspace Solarium Commission recommendations likely to become law with NDAA passage

Once passed, the National Defense Authorization Act will create a White House cybersecurity director role, expand CISA's capabilities, and create a K-12 security education assistance program.

medical network h/ ealthcare IoT / hospital connections and communications
News Analysis

Publicly known support credentials expose GE Healthcare imaging devices to hacking

The vulnerability gives hackers a means to access sensitive data, execute malicious code on devices and impact their operation.

Election security > Backlit hand drops a vote in a ballot box with US flag + binary code overlay
News Analysis

Cybersecurity under fire: CISA’s former deputy director decries post-election vilification

Matt Travis talks about CISA's role in the recent US elections and how President Trump and his surrogates have politicized the security function.

Russian hammer and sickle / binary code
News Analysis

US DOJ indictments might force Russian hacker group Sandworm to retool

Experts hope that indictments against six Russian military intelligence agents will make Russia rethink plans to disrupt the US election.

Load More