Critical Infrastructure
Critical Infrastructure | News, how-tos, features, reviews, and videos
5G security is a mess. Could digital certificates help?
5G inherited security vulnerabilities from earlier mobile technology, but digital certificates might solve the issue of unauthenticated messages.
Presidential campaigns taking email security more seriously--not so much at the local level
DMARC now protects the email domains for most U.S. presidential candidates, according to a new report, but local election bodies lag behind and are vulnerable to spoofing.
On the 2020 Congressional cybersecurity agenda: Critical infrastructure, copyright exemptions
Despite the distraction of an election year, Congress is expected to give the Department of Homeland Security tools to identify critical infrastructure threats and copyright exemptions to security researchers.
Implementation flaws make LoRaWAN networks vulnerable to attack
New report from IOActive details implementation errors that expose LoRaWAN networks to attack and provides a framework for mitigating the risk.
Insecure configurations expose GE Healthcare devices to attacks
The six high-risk vulnerabilities result from hard-coded or no credentials in remote access software and the use of outdated applications.
How the Tour de France secures its broadcast from disruption
Few sporting events have the scale and logistics challenges that the Tour de France presents. Event organizer ASO uses the cloud and tight physical security to avoid cyberattacks and broadcast integrity.
US elections remain vulnerable to attacks, despite security improvements
Continued Russian interference, insecure paperless voting processes will sow doubt about the next election despite some security improvements.
2020 outlook for cybersecurity legislation
Here's a rundown of all the security-related bills working their way through this year's U.S. Congress, plus some hot security topics likely to be debated.
High-profile departures widen federal government’s security talent shortage
Recent key departures--voluntary and forced--might make it harder for government agencies to find the talent needed to fulfill their security missions.
Are we running out of time to fix aviation cybersecurity?
A new report from the Atlantic Council on aviation cybersecurity underscores the poor state of aviation security — and worse, how poorly understood the problem is within the industry.
How a nuclear plant got hacked
India's Kudankulam Nuclear Power Plant (KNPP) publicly admitted they discovered malware on their networks. It likely could have been easily avoided.
CrowdStrike, Ukraine, and the DNC server: Timeline and facts
Politicizing cybersecurity only serves to undermine trust in its practices and objectivity, experts fear.
Russia’s Sandworm hacking group heralds new era of cyber warfare
In-depth research on Sandworm shows broad capabilities and scope to disrupt anything from critical infrastructure to political campaigns in any part of the world.
Boeing's poor information security posture threatens passenger safety, national security, researcher says
The aircraft maker failed to perform minimum due diligence in securing its networks, then tried to cover it up, security researcher Chris Kubecka tells Aviation Cyber Security conference attendees.
China’s MLPS 2.0: Data grab or legitimate attempt to improve domestic cybersecurity?
The new version China’s Multi-Level Protection Scheme (MLPS) expands what companies fall under its purview and lower the threshold for government inspection. Should companies with operations in China be concerned?
Cell phones don't belong in SCIFs, says Republican congressman
Rep. Mike Rogers says his phone was infected by Russian malware three years ago. Also, why he believes we need fewer federal cybersecurity agencies and election laws.
How to secure Microsoft-based election, campaign systems
Microsoft has issued guidance and provided resources for local election bodies and candidate campaigns to help protect systems and communications.
