\"One thing to note here is that ransomware has to announce itself to be successful,\" adds Tim Erlin, VP at Tripwire. \"In industrial environments, cyber events aren\u2019t always this visible. Increasing visibility into industrial networks becomes more important as attackers continue to target critical infrastructure.\u201d<\/p>\n\n\n\n

Brad Brooks, CEO and President of OneLogin, rightfully concludes: \"This attack represents just how quickly the stakes are escalating on Cybersecurity, with controlling and knowing who has access to your IT systems a board level priority for every company. We are moving from an invisible Cold War that was focused on stealing data to a highly visible hot war that has real implications for physical property and people\u2019s lives.\u201d<\/p>\n","post_title":"Ransomware roundtable | A threat in the pipeline","post_excerpt":"","post_status":"publish","comment_status":"open","ping_status":"open","post_password":"","post_name":"ransomware-roundtable-a-threat-in-the-pipeline","to_ping":"","pinged":"","post_modified":"2021-05-10 18:12:55","post_modified_gmt":"2021-05-10 17:12:55","post_content_filtered":"","post_parent":0,"guid":"http:\/\/securityonscre.wpenginepowered.com\/?p=6024","menu_order":0,"post_type":"post","post_mime_type":"","comment_count":"0","filter":"raw"},{"ID":4871,"post_author":"3","post_date":"2021-02-09 19:22:22","post_date_gmt":"2021-02-09 19:22:22","post_content":"Detectives assigned to the Digital Forensics Unit at Pinellas County Sheriff\u2019s Office are investigating an unlawful computer software intrusion at the City of Oldsmar\u2019s water treatment plant. While the cyber attack was unsuccessful, it does highlight the need for cybersecurity tools in critical infrastructure applications.\n\nOn Friday, February 5, 2021, the Pinellas County Sheriff\u2019s Office was notified by the City of Oldsmar that its computer system had been remotely accessed at 8:00am and 1:30pm by an unknown suspect. According to detectives, the City of Oldsmar\u2019s computer system at the water treatment plant allows for remote access by authorised users to troubleshoot any system problems from other locations.\n\nThe initial intrusion was brief and not cause for concern due to supervisors regularly accessing the system remotely to monitor the system. At 1:30, a plant operator witnessed a second remote access user opening various functions in the system that control the amount of sodium hydroxide in the water. The operator noted the remote access user raised the levels of sodium hydroxide in the water from 100 parts per million to 11,100 parts per million. The operator immediately reduced the levels to their appropriate amount. Sodium hydroxide is used in small amounts to control acidity, but a large amount could have caused major problems in the water.\n\nThe initial investigation revealed that the hacker remotely accessed the treatment plant\u2019s computer for approximately 3 to 5 minutes. Speaking at a press conference about the cyber attack, Sheriff Bob Gualtieri stated: \u201cAt no time was there a significant effect on the water being treated, and more importantly the public was never in danger.\u201d\n\nCommenting on the attack, Andrea Carcano, co-founder at Nozomi Networks stated: \u201cUnfortunately, this attack plays into a troubling trend we\u2019ve been following over the last year. As the pandemic forced critical infrastructure organisations to quickly shift to remote access options to keep systems up and running, we\u2019ve seen threats rise and bad actors reach new lows \u2013 setting their sights on life threatening targets. Fortunately, in this case, operators monitoring Oldsmar\u2019s treatment plant spotted the attack and were able to respond before anyone could be harmed. But it\u2019s a stark reminder that with limited cybersecurity resources and few regulations water utilities are vulnerable to attack. When it comes critical infrastructure, operational resilience must a top priority and advances in AI-powered OT security and network monitoring are available to give operators the network visibility they need to quickly spot trouble and respond before harm is done.\u201d\n\n\u201cThis targeted attack appears to have started by the \u2018bad actor\u2019 getting access to a vulnerable network\/system and working their way through the network trying to find the next weak access point while gathering data and understanding how the organisation operates along the way,\u201d added Niamh Muldoon, Global Data Protection Officer at OneLogin. \u201cIn this instance, understanding the information assets, applying not only MFA but enhanced multi-factor authentication, would have reduced the risk of this unauthorised attack materializing. It\u2019s a critical part of the MFA policy to enforce time limits for end-users and their trusted devices to re-authenticate, requiring them not only to validate themselves but also the identity of the device trying to access critical systems\/applications and the network. Without knowing more of the details, applying enhanced MFA to the execution of critical actions particularly for IT and systems administrators would have reduced the associated risk further. Having logging in place, and understanding logged events would support with the associated monitoring and alerting events. After the event has happened, crisis management is critical for successfully managing the attack response to reduce business impact and consequences, and it appears the Florida agency has done that.\u201d\n\n\u201cWhile this incident will rightfully cause concern, it appears that likelihood of real damage was minimal due to the fail safes in place,\u201d observes Tim Erlin, VP at Tripwire. \u201cThere are real impacts to be worried about, and actions to be taken, but this doesn\u2019t appear to be a sophisticated or novel attack. From a cybersecurity standpoint, we should be particularly concerned about how the attacker was able to authenticate into the remote access software. That entry point should be very well protected, given that it provides access to such obviously sensitive capabilities. Protecting remote access into industrial systems where these types of changes can be made should be a high priority for any industrial environment.\u201d\n\nLocal, State, and Federal investigators are working together to identify those responsible and the investigation is ongoing. Other utility providers have been informed of the intrusion, so they can take their own protective measures.","post_title":"Florida water system cyber attack highlights role of cybersecurity in critical infrastructure","post_excerpt":"","post_status":"publish","comment_status":"open","ping_status":"open","post_password":"","post_name":"florida-water-system-cyber-attack-highlights-role-of-cybersecurity-in-critical-infrastructure","to_ping":"","pinged":"","post_modified":"2021-02-09 19:22:25","post_modified_gmt":"2021-02-09 19:22:25","post_content_filtered":"","post_parent":0,"guid":"http:\/\/securityonscre.wpenginepowered.com\/?p=4871","menu_order":0,"post_type":"post","post_mime_type":"","comment_count":"0","filter":"raw"},{"ID":4178,"post_author":"3","post_date":"2020-12-07 14:52:36","post_date_gmt":"2020-12-07 14:52:36","post_content":"Nozomi Networks and Chinook Systems have partnered to provide advanced cybersecurity solutions to protect industrial and critical infrastructure facilities across North America. Under the deal, Chinook will offer Nozomi Networks\u2019 complete portfolio of OT and IoT security solutions.\n\n\u201cFacilities that fully leverage their OT systems deliver tremendous returns when it comes to energy and operational savings, the safety and comfort of occupants and lower total cost of ownership,\u201d said Chinook\u2019s President, Wanda Lenkewich. \u201cAt the same time, the network connectivity that enables these systems, also introduces new and growing cyber threats. Partnering with Nozomi Networks allows Chinook to support clients with an integrated, comprehensive cybersecurity solution that ensures cyber threats are actively discovered, monitored and managed.\u201d\n\n\u201cWe are absolutely delighted to team with Chinook to help industrial and critical infrastructure facilities meet new requirements for secure connectivity across OT, IT and IoT networks,\u201d said Chet Namboodri, Vice President, Worldwide Business Development and Channel Sales at Nozomi. \u201cWe\u2019ve already worked together to deliver on a number of joint customer engagements in both the government and commercial sectors. Partnering with Chinook accelerates our joint efforts to make sure facility-related control and building management systems are safe from cyber threats.\u201d\n\nwww.nozominetworks.com<\/a>\n\nwww.chinooksystems.com<\/a>\n\n ","post_title":"Nozomi Networks and Chinook Systems partner for OT and IoT security solutions","post_excerpt":"","post_status":"publish","comment_status":"open","ping_status":"open","post_password":"","post_name":"nozomi-networks-and-chinook-systems-partner-for-ot-and-iot-security-solutions","to_ping":"","pinged":"","post_modified":"2020-12-07 14:52:40","post_modified_gmt":"2020-12-07 14:52:40","post_content_filtered":"","post_parent":0,"guid":"http:\/\/securityonscre.wpenginepowered.com\/?p=4178","menu_order":0,"post_type":"post","post_mime_type":"","comment_count":"0","filter":"raw"},{"ID":4140,"post_author":"3","post_date":"2020-12-03 11:07:21","post_date_gmt":"2020-12-03 11:07:21","post_content":"Civil Nuclear Constabulary (CNC) police officers based at Harwell have launched Project Servator a collaborative community approach to policing. Project Servator aims to disrupt a range of criminal activity, including terrorism, while providing a reassuring presence for the public.\n\nCNC\u2019s officers are experienced and specially trained to spot the tell-tale signs that someone is planning or preparing to commit an illegal act. It works with other police forces, local businesses and the public to protect the Harwell site and the surrounding area and everyone who lives, works or visits there and to make it a difficult place for terrorists and other criminals to operate. Project Servator has been successful in gathering intelligence that has assisted Counter Terrorism Units across the UK in investigating and preventing acts of terror.\n\nProject Servator\u2019s patrols are highly visible and can happen at any time and in any location. Officers will talk to the public and local businesses to let them know what they\u2019re doing and remind them to be vigilant, trust their instincts and report any suspicious or unusual behaviour.\n\n\u201cWe are deploying these additional tactics to further complement the operational activity that exists in and around our Operational Policing Units,\u201d explained Supt Donna Jones, who is leading on the implementation of the project across the Constabulary. \u201cOur aim is to build upon relationships with partners as well as businesses and communities. These tactics are not new but allow us to have a focus on community engagement and encourage people to be our extra eyes and ears. This is not restricted to the Harwell site but also extends to the surrounding area. We are aware of the vast amount of information members of our community have and they are aware of what is out of the ordinary. All we ask is that they report any suspicions to us and we\u2019ll do the rest. The deployments will be unpredictable and our tactics will vary from one deployment to the next. The aim is to work with our local communities to deter any hostile threat.\u201d\n\nwww.gov.uk\/government\/organisations\/civil-nuclear-constabulary<\/a>","post_title":"CNC Harwell launches Project Servator","post_excerpt":"","post_status":"publish","comment_status":"open","ping_status":"open","post_password":"","post_name":"cnc-harwell-launches-project-servator","to_ping":"","pinged":"","post_modified":"2020-12-03 11:07:23","post_modified_gmt":"2020-12-03 11:07:23","post_content_filtered":"","post_parent":0,"guid":"http:\/\/securityonscre.wpenginepowered.com\/?p=4140","menu_order":0,"post_type":"post","post_mime_type":"","comment_count":"0","filter":"raw"},{"ID":4102,"post_author":"3","post_date":"2020-11-30 17:30:23","post_date_gmt":"2020-11-30 17:30:23","post_content":"Radiflow and Mitsubishi Electric UK are collaborating to address the needs of IEC62443 cyber security standards in the Critical Infrastructure and Industrial Automation markets. The companys believe that the combination of the automation knowledge and tools of Mitsubishi Electric UK with the cyber security and IEC 62443 compliance skills of Radiflow will provide a holistic view of a client\u2019s risk posture.\n\nRadiflow will also provide Mitsubishi Electric UK customers with a consultancy service for cyber security, which includes the provision of OT security risk assessments, provision of Radiflow intrusion detection software and general advice on alignment with IEC 62443-3. In addition, the solution is intended to help customers to support asset owners in satisfying the requirements of the NIS Directive along with due diligence in alignment with CPNI (Centre for the Protection of National Infrastructure) best practice.\n\n\u201cOur new collaboration with Radiflow provides expertise in the field of OT cyber security which compliments and broadens the services that we offer our customers through the Mitsubishi Electric UK System Service Operation,\u201d said David Bean, Solutions Manager for Mitsubishi Electric UK. \u201cThere is a growing demand for solutions that address the requirements of cyber security in the OT space and we are looking forward to delivering those solutions and building our relationship further with the team at Radiflow.\u201d\n\n\u201cRadiflow sees huge value for OT organisations to have cyber security services and solutions aligned with their automation systems,\u201d added Ilan Barda, Founder and CEO of Radiflow. \u201cBy combining the automation knowledge and tools of Mitsubishi with the OT cyber security skills and tools of Radiflow, we are able to provide a holistic view of an organisation\u2019s OT risk posture.\u201d\n\nwww.radiflow.com<\/a>","post_title":"Radiflow and Mitsubishi Electric UK collaborate on cyber security standards","post_excerpt":"","post_status":"publish","comment_status":"open","ping_status":"open","post_password":"","post_name":"radiflow-and-mitsubishi-electric-uk-collaborate-on-cyber-security-standards","to_ping":"","pinged":"","post_modified":"2020-11-30 17:30:25","post_modified_gmt":"2020-11-30 17:30:25","post_content_filtered":"","post_parent":0,"guid":"http:\/\/securityonscre.wpenginepowered.com\/?p=4102","menu_order":0,"post_type":"post","post_mime_type":"","comment_count":"0","filter":"raw"},{"ID":3359,"post_author":"3","post_date":"2020-10-16 17:11:16","post_date_gmt":"2020-10-16 16:11:16","post_content":"Senstar explains how its products can be applied to protect the full range of upstream, midstream, and downstream facilities in the oil and gas industry.","post_title":"Senstar explains its security solutions for oil and gas","post_excerpt":"","post_status":"publish","comment_status":"open","ping_status":"open","post_password":"","post_name":"senstar-explains-its-security-solutions-for-oil-and-gas","to_ping":"","pinged":"","post_modified":"2020-10-16 17:11:17","post_modified_gmt":"2020-10-16 16:11:17","post_content_filtered":"","post_parent":0,"guid":"http:\/\/securityonscre.wpenginepowered.com\/?p=3359","menu_order":0,"post_type":"post","post_mime_type":"","comment_count":"0","filter":"raw"}],"next":false,"prev":false,"total_page":1},"paged":1,"column_class":"jeg_col_2o3","class":"epic_block_14"};