A cyber incident disrupts Australian ports. Sandworm and Ukraine's power grid: 2022 attacks. Department of Energy hosts simulated cyberattack competition. CISA, FEMA, and Shields Ready. Cyber and electronic threats to space systems. Four cyber phases of a hybrid war. Guest Austin Reid of ABS Group discusses cyber risk and threats to Maritime Transportation Systems (MTS). On the Learning Lab, catch an encore of Dragos CEO Robert M. Lee and Mark Urban about the five critical controls for ICS. Control Loop News Brief. Australian ports disrupted in a “cyber incident.” Major Australian port operator shuts down amid cyber security incident, impacting goods in and out of the country (ABC News) Sandworm and Ukraine's power grid: 2022 attacks. Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology (Mandiant) CaddyWiper: New wiper malware discovered in Ukraine (ESET) Four cyber phases of a hybrid war.. Cyber Escalation in Modern Conflict: Exploring Four Possible Phases of the Digital Battlefield (Flashpoint) The Evolution of Cyber Attacks on Electric Operations (Dragos) CISA, FEMA, and Shields Ready. Shields Ready (CISA) DHS Unveils New Shields Ready Campaign to Promote Critical Infrastructure Security and Resilience (FEMA) Department of Energy hosts simulated cyberattack competition. DOE hosting simulated cyberattack for students (CyberScoop) Cyber and electronic threats to space systems. Space Operators Should Harden Cryptography Defenses, NSA Cyber Official Says (Via Satellite) Cyber Security of Space Systems ‘Crucial,’ As US Space Force Official Notes Recent Attacks (Via Satellite) Control Loop Interview. Guest is Austin Reid of ABS Group discussing cyber risk and threats to Maritime Transportation Systems (MTS). Control Loop Learning Lab. On the Learning Lab, we share an encore of Dragos CEO Robert M. Lee and Mark Urban explaining the five critical controls for ICS. Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Rockwell Stratix routers vulnerable to Cisco zero-day. SecurityWeek’s ICS Cyber Security Conference. Malware attacks against IoT devices increase by 400%. Nuclear power plant operator cited over cybersecurity plan. CISA’s ICS advisories. Guest Garrett Bladow, Distinguished Engineer at Dragos, joins us from the CyberCon 2023 event in Bismarck, North Dakota. Garrett discusses active visibility into OT systems. On the Learning Lab, Mark Urban shares the second part of his conversation about cyber threat intelligence with Paul Lukoskie, who is Dragos’ Director of Intelligence Services. Control Loop News Brief. Rockwell Stratix routers vulnerable to Cisco zero-day. PN1653 | Stratix® 5800 & 5200 vulnerable to Cisco IOS XE Web UI Privilege Escalation (Active Exploit) (Rockwell Automation) SecurityWeek’s ICS Cyber Security Conference. 2023 ICS Cybersecurity Conference (SecurityWeek) Malware attacks against IoT devices increase by 400%. Zscaler ThreatLabz 2023 Enterprise IoT and OT Threat Report (Zscaler) Nuclear power plant operator cited over cybersecurity plan. UK Cites Nuclear Plant Operator Over Cybersecurity Strategy (Silicon UK) Rockwell and Dragos announce partnership. Dragos and Rockwell Automation Strengthen Industrial Control System Cybersecurity for Manufacturers with Expanded Capabilities (Business Wire) CISA’s ICS advisories. CISA Releases Two Industrial Control Systems Advisories (CISA) Hitachi Energy’s RTU500 Series Product (Update B) (CISA) CISA Releases Nine Industrial Control Systems Advisories (CISA) Control Loop Interview. Guest is Garrett Bladow, Distinguished Engineer at Dragos, discussing active visibility into OT systems.  Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos’ Director of Intelligence Services, Paul Lukoskie, for part two of their discussion on cyber threat intelligence. Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Microsoft on the state of OT security. Israeli and Palestinian hacktivists target ICS. Coinmining as an (alleged, potential) front for espionage or stage for sabotage. EPA withdraws water system cybersecurity memorandum. Colonial Pipeline says new ransomware claims are due to unrelated third-party breach. Most organizations are struggling with IoT security. CISA views China as the top threat to US critical infrastructure. Improving security for open-source ICS software. CISA ICS advisories. Guest Kuldip Mohanty, CIO of North Dakota, joins us from the CyberCon 2023 event in Bismarck, North Dakota. Kuldip shares how critical infrastructure is treated within the "Whole-of-State” cybersecurity strategy his team implements in North Dakota. On the Learning Lab, Mark Urban shares the first part of his conversation about cyber threat intelligence with Paul Lukoskie, who is Dragos’ Director of Intelligence Services. Control Loop News Brief. Microsoft on the state of OT security. Microsoft Digital Defense Report 2023 (Microsoft) Microsoft Digital Defense Report: Behind the Scenes Creating OT Vulnerabilities (aDolus) Zero-days affect industrial routers. 10 zero-day vulnerabilities in industrial cell router could lead to code execution, buffer overflows (Cisco Talos) Israeli and Palestinian hacktivists target ICS. Hacktivists in Palestine and Israel after SCADA and other industrial control systems (Cybernews) Coinmining as an (alleged, potential) front for espionage or stage for sabotage. Across U.S., Chinese Bitcoin Mines Draw National Security Scrutiny (The New York Times) EPA withdraws water system cybersecurity memorandum. EPA withdraws cyber audit requirement for water systems (Nextgov) Colonial Pipeline says new ransomware claims are due to unrelated third-party breach. Reports of second cyberattack on Colonial Pipeline false, company says (Fox 5 Atlanta) Colonial Pipeline attributes ransomware claims to ‘unrelated’ third-party data breach (The Record) Most organizations are struggling with IoT security. New Global Survey Reveals 97% of Organizations Face Challenges Securing IoT and Connected Devices (Keyfactor) Ransomware attack on Clorox. Clorox Security Breach Linked to Group Behind Casino Hacks (Bloomberg) Clorox Warns of a Sales Mess After Cyberattack (The Wall Street Journal) CISA views China as the top threat to US critical infrastructure. China is top cyber threat to US utilities, other critical infrastructure: CISA (Utility Dive) Improving security for open-source ICS software. Improving Security of Open Source Software in Operational Technology and Industrial Control Systems (CISA) CISA’s ICS advisories. Mitsubishi Electric MELSEC-Q Series PLCs (Update A) (CISA) CISA Releases Nineteen Industrial Control Systems Advisories (CISA) Control Loop Interview. Guest is Kuldip Mohanty, CIO of North Dakota, discussing how critical infrastructure is treated within the “whole of state” security strategy used in North Dakota. Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos’ Director of Intelligence Services, Paul Lukoskie, to examine cyber threat intelligence.  Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Johnson Controls sustains cyberattack. Nearly 100,000 ICS services exposed to the Internet. FBI anticipates an increase in Chinese and Russian targeting of the energy sector. Joint advisory warns of Beijing’s “BlackTech” threat activity. CISA's push for hardware bills of materials. Cybersecurity in the US industrial base. Guest Michael Toecker, Cyber Security Advisor at the United States Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response, continues his discussion of community defense and Neighborhood Keeper. On the Learning Lab, Mark Urban is joined by Alex Baretta, a senior solution architect at Dragos, for part two of their discussion about secure remote access. Control Loop News Brief. Homeland Security IG finds flaws in TSA pipeline security regulations. https://www.oig.dhs.gov/sites/default/files/assets/2023-09/OIG-23-57-Sep23-Redacted.pdf  https://www.cisa.gov/news-events/news/attack-colonial-pipeline-what-weve-learned-what-weve-done-over-past-two-years  Johnson Controls sustains cyberattack. Building automation giant Johnson Controls hit by ransomware attack (BleepingComputer) Nearly 100,000 ICS services exposed to the Internet. Bitsight identifies nearly 100,000 exposed industrial control systems (BitSight) FBI anticipates an increase in Chinese and Russian targeting of the energy sector. FBI warns energy sector of likely increase in targeting by Chinese, Russian hackers (The Record) Joint advisory warns of Beijing’s “BlackTech” threat activity. CISA, NSA, FBI and Japan Release Advisory Warning of BlackTech, PRC-Linked Cyber Activity (CISA) CISA's push for hardware bills of materials.  Hardware Bill of Materials (HBOM) Framework for Supply Chain Risk Management (CISA) CISA task force aims to improve supply chain security with new hardware standards (Nextgov) Cybersecurity in the US industrial base. Aprio Releases U.S. National Manufacturing Survey, Highlighting the Need for Improved Operational Excellence, Digitization and Cybersecurity Practices (Aprio) Control Loop Interview. Guest is Michael Toecker, Cyber Security Advisor at the United States Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response, continues his discussion of community defense and Neighborhood Keeper. Control Loop Learning Lab. On the Learning Lab, Mark Urban concludes his conversation about secure remote access with Alex Baretta, senior solution architect at Dragos.  Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Redfly cyberespionage targets a national grid. DHS Threat Assessment looks at critical infrastructure threats. A look at the ICS threat landscape. DoE grants for research into distributed energy cybersecurity. CISA offers free vulnerability scanning for water infrastructure. CISA issues ICS advisories. Guest Michael Toecker, Cyber Security Advisor at the United States Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response, discusses community defense. On the Learning Lab, Mark Urban is joined by Alex Baretta, a senior solution architect at Dragos, for part one of their discussion about secure remote access. Control Loop News Brief. Redfly cyberespionage targets a national grid. Redfly: Espionage Actors Continue to Target Critical Infrastructure (Symantec) China caught – again – with its malware in another nation's power grid (The Register) China-Linked Hackers Breached a Power Grid—Again (WIRED) DHS Threat Assessment looks at critical infrastructure threats. DHS warns of malicious AI use against critical infrastructure (CyberScoop) A look at the ICS threat landscape. Threat landscape for industrial automation systems. Statistics for H1 2023 (Kaspersky) DoE grants for research into distributed energy cybersecurity. Distributed Energy Resources Get Cybersecurity Boost With $39M DOE Funding (SecurityWeek) DOE Announces $39 Million in Research Funding to Enhance Cybersecurity of Clean Distributed Energy Resources (Department of Energy) Ransomware remains a threat to industrial operations. Massive MGM and Caesars Hacks Epitomize a Vicious Ransomware Cycle (WIRED) US-Canada water org confirms 'cybersecurity incident' after ransomware crew threatens leak (Register) CISA offers free vulnerability scanning for water infrastructure. Free Cyber Vulnerability Scanning for Water Utilities (CISA) Control Loop Interview. Guest is Michael Toecker, Cyber Security Advisor at the United States Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response, discussing community defense. Control Loop Learning Lab. On the Learning Lab, Mark Urban discusses secure remote access with Alex Baretta, senior solution architect at Dragos.  Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Crude "cyberattack" on rail control systems stops Polish trains. Energy One discloses cyberattack against its corporate systems. NIAC calls for a National Water Strategy. Department of Energy holds contest to provide cybersecurity funding for rural utilities. Researchers aim to secure US military’s power grids. A technical issue grounds the UK’s air traffic control system’s automated features. Guest Mark Ryland, Director of the Office of the CISO at Amazon Web Services, joining us as part of a Dragos webinar, Securing Digital Transformation: OT Cybersecurity Innovation and Resilience. On the Learning Lab, Mark Urban is joined by Dragos Vice President of Product Management Kimberly Graham in part three of their discussion on the convergence of OT and IT.  Control Loop News Brief. Crude "cyberattack" on rail control systems stops Polish trains. Two Men Arrested Following Poland Railway Hacking (SecurityWeek) Century-old technology hack brought 20 trains to a halt in Poland (Cybernews) Poland investigates hacking attack on state railway network (Reuters) Poland investigates train mishaps for possible Russian connection (Washington Post) Energy One discloses cyberattack against its corporate systems. Australian Energy Software Firm Energy One Hit by Cyberattack (SecurityWeek) US energy company suffers third-party data breach. Eversource Data Breach: Utility Warns MA Customers (Patch) NIAC calls for a National Water Strategy. Presidential Council Calls for Water Department to Address Cyber Threats (MeriTalk) Department of Energy holds contest to provide cybersecurity funding for rural utilities. DOE launches cyber contest to benefit rural utilities (CyberScoop) Researchers aim to secure US military’s power grids. Protecting the protectors: Virginia Tech researchers work to secure power grid communication on military bases. (Newswise) A technical issue grounds the UK’s air traffic control system’s automated features. Cancelled flights: Air traffic disruption caused by flight data issue (BBC) Flight chaos ‘to last for days’ after air traffic control failure (The Telegram) Control Loop Interview. Our guest is Mark Ryland, Director of the Office of the CISO at Amazon Web Services, joining us as part of a Dragos webinar, Securing Digital Transformation: OT Cybersecurity Innovation and Resilience. You can view the entire webinar here.  Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos Vice President of Product Management Kimberly Graham in part three of their discussion on the convergence of OT and IT.  Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Radiation sensor reports from Chernobyl may have been manipulated. South African power generator hit with malware. APT31 linked to attacks on industrial systems in Eastern Europe. Environmental regulation and increased maritime cyber risk. CISA Director warns of Chinese infrastructure attack staging. Threats to the power grid. CODESYS vulnerabilities.  Today's guest is Dragos’ Lesley Carhart, sharing their RSAC 2023 talk on real world stories of incident response and threat intelligence.  The Learning Lab continues the conversation between Dragos’ Mark Urban and Kimberly Graham about the convergence. Control Loop News Brief. Radiation sensor reports from Chernobyl may have been manipulated. Seeing Through the Invisible: Radiation Spikes Detected in Chernobyl During the Russian Invasion Show Possible Evidence of Fabrication (Ruben Santamarta) The Mystery of Chernobyl’s Post-Invasion Radiation Spikes (WIRED) CISA Director warns of Chinese infrastructure attack staging. Top U.S. cyber official offers 'stark warning' of potential attacks on infrastructure if tensions with China escalate (NBC News) China's Volt Typhoon snoops into US infrastructure, with special attention to Guam. (CyberWire) CODESYS vulnerabilities. Microsoft reveals severe vulnerabilities in CODESYS industrial automation software (The Record) Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS (Microsoft) South African power generator hit with malware. Focus on DroxiDat/SystemBC (Kaspersky) Ransomware Trends in the HPH Sector - Q1 2022 (HHS) Environmental regulation and increased maritime cyber risk. Navigating Cybersecurity's Seas: Environmental Regulations, OT & the Maritime Industry's New Challenges (Dark Reading) Threats to the power grid. EXCLUSIVE: ‘Release our men’: Far-right used power grid threats to try and blackmail government into freeing neo-Nazi bank robbery suspects (The Daily Dot) APT31 linked to attacks on industrial systems in Eastern Europe. Common TTPs of attacks against industrial organizations. Implants for uploading data (Kaspersky) Control Loop Interview. Our guest is Dragos’ Technical Director for Industrial Incident Response, Lesley Carhart, sharing real world stories of incident response and threat intelligence from their RSAC 2023 talk.  Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos Vice President of Product Management Kimberly Graham in part two of their discussion on the convergence of OT and IT.  Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

The Five Eyes outline the top exploited vulnerabilities. The Brunswick Corporation loses millions to cyberattack. Ransomware in the industrial space. The US Transportation Security Administration (TSA) updates security rules for oil and natural gas pipeline operators. Our guest is Mea Clift of Woodard & Curran sharing her perspective on mentorship, internships, and apprenticeships with an eye on OT security. The Learning Lab has the first part of a discussion about the convergence of OT and IT with Dragos’ Mark Urban and Kimberly Graham, Dragos’ VP of Product Management.  Control Loop News Brief. Five Eyes outlines top exploited vulnerabilities. 2022 Top Routinely Exploited Vulnerabilities (CISA) Brunswick Corporation loses millions to cyberattack. Marine industry giant Brunswick Corporation lost $85 million in cyberattack, CEO confirms (The Record by Recorded Future) Brunswick Corporation (NYSE:BC) Q2 2023 Earnings Call Transcript (Insider Monkey) Ransomware in the industrial space. Dragos Industrial Ransomware Attack Analysis: Q2 2023 (Dragos) TSA updates security rules for oil and natural gas pipeline operators. TSA updates, renews cybersecurity requirements for pipeline owners, operators (TSA) Control Loop Interview. The interview is with Mea Clift of Woodard & Curran sharing her perspective and efforts around mentorship and internship/apprenticeship with an eye on OT security and her experience in securing the water/utilities space. Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos Vice President of Product Management Kimberly Graham in part one of their discussion on the convergence of OT and IT.  Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

An unnamed APT has a remote code execution exploit for Rockwell Automation ControlLogix communications modules. Court temporarily blocks water system cybersecurity mandate. Industrial controller vulnerabilities pose a risk to critical infrastructure. US Federal government issues voluntary IoT security guidelines. Our guest is Mea Clift of Woodard & Curran discussing how compliance should not be a checkbox activity with an eye on OT security and shares her experience in securing the water/utilities space. On the Learning Lab, Mark Urban is joined by Dragos Vulnerability Analyst Logan Carpenter in final part of three segments focused on vulnerabilities in the OT world. Webinars. Webinar: Operationalizing OT Threat Intelligence – a Rockwell Automation ControlLogix Case Study Join us for this exclusive behind-the-scenes look at how Dragos approaches this on a regular basis, using the recently disclosed Rockwell Automation ControlLogix EtherNet/IP (ENIP) communication module vulnerabilities (CVE-2023-3595 and CVE-2023-3596). Webinar: Securing Digital Transformation: OT Cybersecurity Innovation and Resilience As business and innovation come together, digital transformation isn’t a future concept - it’s happening right now. Join Dave Bittner and our friends from AWS, Splunk and Dragos on August 3rd @ 2pm EST for a live panel on “Securing Digital Transformation: OT Cybersecurity Innovation and Resilience” where we’ll dive into secure digital transformation, managing OT/IT cyber risk and the value and vision of Cloud resources. Control Loop News Brief. ControlLogix RCE exploit. Rockwell warns of new APT RCE exploit targeting critical infrastructure (BleepingComputer) Dragos Enabled Defense Against APT Exploits for Rockwell Automation ControlLogix (Dragos) Court temporarily blocks water system cybersecurity mandate. EPA ’disappointed’ by hold on agency efforts to spur water systems cybersecurity (The Washington Post) Industrial controller vulnerabilities pose a risk to critical infrastructure. Security flaws in Honeywell devices could be used to disrupt critical industries (TechCrunch) Implementing the US National Cybersecurity Strategy. National Cybersecurity Strategy Implementation Plan (The White House) US Federal government issues voluntary IoT security guidelines. Biden-⁠Harris Administration Announces Cybersecurity Labeling Program for Smart Devices to Protect American Consumers (The White House) White House, FCC advance efforts to add security labels to connected devices (CyberScoop) Control Loop Interview. The interview is with Mea Clift of Woodard & Curran discussing how compliance should not be a checkbox activity with an eye on OT security and her experience in securing the water/utilities space. Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos Vulnerability Analyst Logan Carpenter in final part of three segments focused on vulnerabilities in the OT world. Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Japan’s largest port disrupted by ransomware. Cl0p breaches Schneider Electric and Siemens Energy. Solar panel vulnerabilities. Threats and risks to electric vehicle charging stations. RedEnergy ransomware and information stealer targets industrial sectors. CISA advisories. Our guest is Christopher Ebley from Blackwood returns to discuss the IT/OT cultural divide in the federal space and IT threats that are impacting OT systems. The Learning Lab continues with part 2 of the 3-part discussion between Dragos’ Mark Urban and Vulnerability Analyst Logan Carpenter talking about vulnerabilities in the OT world. Control Loop News Brief. Japan’s largest port disrupted by ransomware. Japan’s largest port stops operations after ransomware attack (BleepingComputer) Japan's biggest port, Nagoya, hit by suspected cyberattack (Nikkei Asia) Pro-Russian hackers target Port of Nagoya, disrupting loading of Toyota parts (The Japan Times) Nagoya Port Resumes Some Operations After Ransomware Attack (Bloomberg) Cl0p breaches Schneider Electric and Siemens Energy. Schneider Electric and Siemens Energy are two more victims of a MOVEit attack (SecurityAffairs) Siemens Energy confirms data breach after MOVEit data-theft attack (BleepingComputer) Solar panel vulnerabilities. Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks (SecurityWeek) IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits (Unit 42) Actively Exploited Industrial Control Systems Hardware - SolarView Series (VulnCheck) Threats and risks to electric vehicle charging stations. EV Charger Hacking Poses a ‘Catastrophic’ Risk (WIRED) RedEnergy ransomware and information stealer targets industrial sectors. Ransomware Redefined: RedEnergy Stealer-as-a-Ransomware attacks (Zscaler) CISA advisories. CISA Releases Three Industrial Control Systems Advisories (CISA) Control Loop Interview. The interview is with Christopher Ebley of Blackwood talking about the IT/OT cultural divide in the federal space and IT threats impacting OT systems. Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos Vulnerability Analyst Logan Carpenter in part two of three segments on vulnerabilities in the OT world. Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

The US Department of Energy was affected by Cl0p exploitation of MOVEit Transfer. Canada’s oil-and-gas sector is a likely target for Russian cyberattacks. Nuclear weapons cybersecurity is lacking. Access to a US satellite is being hawked in a Russophone cybercrime forum. ICS patches. Today’s guest is Christopher Ebley from Blackwood talking with us about OT cybersecurity concerns for Federal IT leaders. The Learning Lab has part one of a 3-part discussion between Dragos’ Mark Urban and Vulnerability Analyst Logan Carpenter talking about vulnerabilities in the OT world. Control Loop News Brief. US Department of Energy affected by Cl0p exploitation of MOVEit Transfer. US government hit by Russia's Clop in MOVEit mass attack (The Register) Energy Department among ‘several’ federal agencies hit by MOVEit breach (Federal News Network) Canada’s oil-and-gas sector a likely target for Russian cyberattacks. The cyber threat to Canada’s oil and gas sector (Canadian Centre for Cyber Security) Nuclear weapons cybersecurity is lacking. Nuclear Weapons Cybersecurity: Status of NNSA's Inventory and Risk Assessment Efforts for Certain Systems (GAO) Access to a US satellite is being hawked in a Russophone cybercrime forum. Military Satellite Access Sold on Russian Hacker Forum for $15,000 (HackRead) ICS patches. ICS Patch Tuesday: Siemens Addresses Over 180 Third-Party Component Vulnerabilities (SecurityWeek) CISA Releases Four Industrial Control Systems Advisories (CISA) Lessons learned from the electrical power sector. Electric Industry Cybersecurity: Lessons Learned from the Frontlines (Dragos) Control Loop Interview. The interview is with Christopher Ebley of Blackwood talking about OT cybersecurity concerns for Federal IT leaders. Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos Vulnerability Analyst Logan Carpenter in the first of three segments to discuss vulnerabilities in the OT world. Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

The Cyberspace Solarium Commission looks at obstacles to public-private collaboration in the industrial sector. Malware in the industrial sector increases. Organizations plan to increase their OT cybersecurity budgets. CISA and its partners have released a Joint Guide to Securing Remote Access Software. And the US DoD holds its Cyber Yankee exercise. Today’s guest is Will Edwards of Schweitzer Engineering Labs discussing cyber awareness syndrome. The Learning Lab has the conclusion off the discussion between Dragos’ Mark Urban, Principal Adversary Hunter Kyle O’Meara, and Principal Intelligence Technical Account Manager Michael Gardner on threat hunting.  Control Loop News Brief. Obstacles to public-private collaboration in the industrial sector. Revising Public-Private Collaboration to Protect U.S. Critical Infrastructure (CSC 2.0) NERC’s role in public-private security collaboration can deter utilities from sharing information: report (Utility Dive) Malware in the industrial sector increases. 2023 Unit 42 Network Threat Trends Research Report (Unit 42) CISA and partners release Joint Guide to Securing Remote Access Software. Guide to Securing Remote Access Software (CISA) US DoD holds Cyber Yankee exercise. Cyber Yankee Prepares Military, Business for Cyber Threats (Air National Guard) Control Loop Interview. The interview is with Will Edwards of Schweitzer Engineering Labs discussing cyber awareness syndrome. Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos Principal Adversary Hunter Kyle O’Meara and Dragos Principal Intelligence Technical Account Manager Michael Gardener to conclude their discussion on threat hunting.  Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

China's Volt Typhoon snoops into US infrastructure, with special attention to Guam. Is CosmicEnergy just red-teaming, or is it a threat straight out of Red Square? Siemens patches a vulnerability endemic to the energy sector. An update on the Vulkan Papers. A cyberattack leads Suzuki to shut down its Indian production line. BlackBasta conducts ransomware attack against Swiss technology company ABB, and claims responsibility for Rheinmetall attack. Food and Agriculture Information Sharing and Analysis Center stands up. Control Loop News Brief. China's Volt Typhoon snoops into US infrastructure, with special attention to Guam. People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection (Joint Cybersecurity Advisory) Volt Typhoon targets US critical infrastructure with living-off-the-land techniques (Microsoft) Chinese hackers spying on US critical infrastructure, Western intelligence says (Reuters) CosmicEnergy, from Russia. COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises (Mandiant) This newly-discovered malware could disrupt power generation — and do physical damage (Washington Post) Siemens patches a vulnerability endemic to the energy sector. Command Injection Vulnerability in CPCI85 Firmware of SICAM A8000 Devices (Siemens) An update on Russia’s NTC Vulkan: SIGINT, EW, and cyber ops. 7 takeaways from the Vulkan Files investigation (Washington Post) Russian Software Programs Threatening Critical Civilian Infrastructure (Dragos) A cyberattack leads Suzuki to shut down its Indian production line. Suzuki Motorcycle India plant shut down after cyber attack, production affected (Hindustan Times) Suzuki motorcycle plant shut down by cyber attack (Bitdefender) BlackBasta conducts ransomware attack against Swiss technology company ABB. Multinational tech firm ABB hit by Black Basta ransomware attack (BleepingComputer) BlackBasta claims responsibility for Rheinmetall attack. Arms maker Rheinmetall confirms BlackBasta ransomware attack (BleepingComputer) Food and Agriculture Information Sharing and Analysis Center stands up. The food and agriculture industry gets a new center to share cybersecurity information (Washington Post) Control Loop Interview. The interview is with Gerry Glombicki of Fitch Ratings talking about cyber insurance and his opinions on industrial space. Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos Principal Adversary Hunter Kyle O’Meara and Dragos Principal Intelligence Technical Account Manager Michael Gardner to continue their discussion on threat hunting.  Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Ukraine argues that cyberattacks against civilian infrastructure should be classified as war crimes. The Five Eyes take down Turla and its Snake malware. An Iranian threat actor turns its attention to infrastructure. The Bitter APT may be targeting Asia-Pacific energy companies. A Colonial Pipeline retrospective. ETHOS: a new private-sector OT risk information-sharing platform. CISA requests comment on software self-attestation form. Guest is Patrick Miller, CEO of Ampere Industrial Security, discussing INSM (Internal Network Security Monitoring) as a concept for the electric sector. In the Learning Lab, Dragos’ Mark Urban is joined by Dragos Principal Adversary Hunter Kyle O’Meara and Dragos Principal Intelligence Technical Account Manager Michael Gardner to discuss threat hunting.  Control Loop News Brief. Ukraine argues that cyberattacks against civilian infrastructure should be classified as war crimes. Russia attacks civilian infrastructure in cyberspace just as it does on ground - watchdog (UKRINFORM) Russians launch mass cyber attack on online service for queueing to cross border by trucks (Ukrainska Pravda) Europe’s Air-Traffic Agency Under Attack From Pro-Russian Hackers (Wall Street Journal) #RSAC: Cyber-Attacks on Civilian Infrastructure Should Be War Crimes, says Ukraine Official (Infosecurity Magazine) Five Eyes take down Turla and its Snake malware. Hunting Russian Intelligence “Snake” Malware (Joint Cybersecurity Advisory) Iranian threat actor exploits N-day vulnerabilities, turns its attention to infrastructure. Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets (Microsoft) Bitter APT may be targeting Asia-Pacific energy companies. Phishing Campaign Targets Chinese Nuclear Energy Industry (Intezer) The Colonial Pipeline ransomware attack, two years later. The Attack on Colonial Pipeline: What We’ve Learned & What We’ve Done Over the Past Two Years (CISA) ETHOS: a new private-sector OT risk information-sharing platform. OT Cybersecurity Leaders to Deliver First Open-Source Information Sharing for Collective Early Warning in Critical Infrastructure (Globe Newswire) CISA requests comment on software self-attestation form. Request for Comment on Secure Software Self-Attestation Common Form (CISA) OMB, CISA set to release common form for software self-attestation (Infosecurity Magazine) Control Loop Interview. The interview is with Patrick Miller, CEO of Ampere Industrial Security, discussing INSM (Internal Network Security Monitoring) as a concept for the electric sector. Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos Principal Adversary Hunter Kyle O’Meara and Dragos Principal Intelligence Technical Account Manager Michael Gardner to discuss threat hunting.  Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Hacktivists versus irrigation. Maritime cybersecurity. JCDC and pre-ransomware notification. Ransomware at Fincantieri Marinette Marine. NSA warns of Russian ransomware disrupting supply chains. Guest Mike Hoffman is Technical Leader Global Services at Dragos & a SANS instructor. Mike will be discussing IT/OT misalignment.. In the Learning Lab, Dragos’ Mark Urban is joined by Dragos’s Senior Product Manager Jordan Wilkerson to dig into ICS network visibility and monitoring, which is the third of the SANS Institute’s 5 ICS Cybersecurity Critical Controls.  Control Loop News Brief. Hacktivists versus irrigation.  Irrigation Systems in Israel Hit with Cyber Attack that Temporarily Disabled Farm Equipment (CPO Magazine) Maritime cybersecurity.  Full Steam Ahead: Enhancing Maritime Cybersecurity (CSC 2.0) Cyber experts call for CISA to establish maritime equipment test bed (FedScoop) JCDC and pre-ransomware notification.  JCDC Cultivates Pre-Ransomware Notification Capability. (CISA) Ransomware at Fincantieri Marinette Marine. Ransomware Attack Hits Marinette Marine Shipyard, Results in Short-Term Delay of Frigate, Freedom LCS Construction (USNI News) Russian ransomware operations aim at disrupting supply chains into Ukraine. NSA sees ‘significant’ Russian intel gathering on European, U.S. supply chain entities (CyberScoop) ETHOS: a new private-sector OT risk information-sharing platform. OT Cybersecurity Leaders to Deliver First Open-Source Information Sharing for Collective Early Warning in Critical Infrastructure (Globe Newswire) Control Loop Interview. The interview is with Mike Hoffman, Technical Leader Global Services at Dragos & SANS instructor, discussing the IT/OT misalignment that often occurs when IT counterparts take on the responsibility of carrying out vulnerability management in the OT space. Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos Senior Product Manager Jordan Wilkerson to discuss the third of the SANS Institute’s 5 ICS Cybersecurity Critical Controls: ICS network visibility and monitoring. Background link:  The Five ICS Cybersecurity Critical Controls Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Cyberattacks against Canada’s agriculture sector. Hitachi ransomware incident. Africa’s industrial sector under cyberattack. TSA issues new aviation cybersecurity requirements. Ransomware Vulnerability Warning Pilot supports critical infrastructure operators. Patch Tuesday and OT. Guest JD Christopher, Dragos’ Director of Cyber Risk, discusses ICS security standards and regulations and how efforts finalized in 2022 will shape the OT programs of the next decade. In the Learning Lab, Dragos’ Mark Urban is joined by their CEO Robert M. Lee to talk about the unique characteristics of OT and points of IT convergence. Control Loop News Brief. Cyberattacks against Canada’s agriculture sector. Safety Net: A flock of chickens, held for ransom — Growing cyberattacks on Canada's food system threaten disaster (Financial Post) Hitachi ransomware incident. Hitachi Energy confirms data breach after Clop GoAnywhere attacks (BleepingComputer) Africa’s industrial sector targeted with malware. Threat landscape for industrial automation systems. Statistics for H2 2022 (Kaspersky ICS CERT) A border-hopping PlugX USB worm takes its act on the road (Sophos) TSA issues new cybersecurity requirements for the aviation industry. TSA issues new cybersecurity requirements for airport and aircraft operators (PRNewswire) Ransomware Vulnerability Warning Pilot supports critical infrastructure operators. CISA Establishes Ransomware Vulnerability Warning Pilot Program (CISA) CISA now warns critical infrastructure of ransomware-vulnerable devices (BleepingComputer) Patch Tuesday and ICS. ICS Patch Tuesday: Siemens, Schneider Electric Address Dozens of Vulnerabilities (SecurityWeek) Control Loop Interview. The interview is with JD Christopher, Director of Cyber Risk at Dragos, sharing ICS security standards and regulations and how the efforts finalized in 2022 will shape OT programs of the next decade. Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos CEO Robert M. Lee to discuss unique OT characteristics and points of IT convergence. Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

The Vulkan Papers. The Cyberspace Solarium Commission recommends that CISA set up a test bed to improve maritime cybersecurity. Dragos CEO on critical infrastructure cybersecurity. The JCDC’s pre-ransomware notification efforts. Guest Mike Hoffman, Technical Leader Global Services at Dragos & a SANS instructor, discusses challenges carrying out vulnerability management. In the Learning Lab, Dragos’ VP Product & Industry Market Strategy Mark Urban concludes his two-part discussion about industrial cyber threat intel & collective intelligence with Seth Lacy, Principal Threat Hunter at Dragos. Control Loop News Brief. The Vulkan Papers. A Look Inside Putin's Secret Plans for Cyber-Warfare (Der Spiegel) Secret trove offers rare look into Russian cyberwar ambitions (The Washington Post) Maritime cybersecurity. Full Steam Ahead: Enhancing Maritime Cybersecurity (Cyberspace Solarium Commission 2.0) Cyber experts call for CISA to establish maritime equipment test bed (FedScoop) Dragos CEO on critical infrastructure cybersecurity. Full Committee Hearing to Examine Cybersecurity Vulnerabilities to the United States' Energy Infrastructure (Senate Committee on Energy and Natural Resources) JCDC and pre-ransomware notification. JCDC Cultivates Pre-Ransomware Notification Capability (CISA) Getting Ahead of the Ransomware Epidemic: CISA’s Pre-Ransomware Notifications Help Organizations Stop Attacks Before Damage Occurs (CISA) Control Loop Interview. The interview is with Mike Hoffman, Technical Leader Global Services at Dragos & SANS instructor, discussing challenges carrying vulnerability management. Control Loop Learning Lab. In Part 2 of 2, Dragos’ VP Product & Industry Market Strategy Mark Urban speaks with Seth Lacy, Principal Threat Hunter at Dragos, about industrial cyber threat intel & collective intelligence.  Industrial Cyber Threat Intel & Collective Intelligence links: Neighborhood Keeper in the Broader Context of Cyber Threat Intelligence Using Trend Analysis to Operationalize OT Threat Intelligence with Neighborhood Keeper Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Cyberattacks against Canada’s agriculture industry. HItachi ransomware incident. African industrial sector targeted with malware. TSA issues new cybersecurity requirements for the aviation industry. CISA issues a guide for resilience in the maritime industry. Ransomware Vulnerability Warning Pilot supports critical infrastructure operators. Guest is JD Christopher, Dragos’ Director of Cyber Risk, talking about the CISO evolution. In the Learning Lab, Dragos’ VP Product & Industry Market Strategy Mark Urban kicks off his two-part discussion about industrial cyber threat intel & collective intelligence with Seth Lacy, who is a Principal Threat Hunter at Dragos. Control Loop News Brief. Cyberattacks against Canada’s agriculture industry. Safety Net: A flock of chickens, held for ransom — Growing cyberattacks on Canada's food system threaten disaster (Financial Post) HItachi ransomware incident. Hitachi Energy confirms data breach after Clop GoAnywhere attacks (BleepingComputer) African industrial sector targeted with malware. Threat landscape for industrial automation systems. Statistics for H2 2022 (Kaspersky) A border-hopping PlugX USB worm takes its act on the road (Sophos) TSA issues new cybersecurity requirements for the aviation industry. TSA issues new cybersecurity requirements for airport and aircraft operators (TSA) CISA issues a guide for resilience in the maritime industry. Marine Transportation System Resilience Assessment Guide (CISA) Ransomware Vulnerability Warning Pilot supports critical infrastructure operators. CISA Establishes Ransomware Vulnerability Warning Pilot Program (CISA) CISA now warns critical infrastructure of ransomware-vulnerable devices (BleepingComputer) Control Loop Interview. The interview is with JD Christopher, Director of Cyber Risk at Dragos, discussing the CISO evolution. Control Loop Learning Lab. In Part 1 of 2, Dragos’ VP Product & Industry Market Strategy Mark Urban speaks with Seth Lacy, Principal Threat Hunter at Dragos, about industrial cyber threat intel & collective intelligence.  Industrial Cyber Threat Intel & Collective Intelligence links: Neighborhood Keeper in the Broader Context of Cyber Threat Intelligence Using Trend Analysis to Operationalize OT Threat Intelligence with Neighborhood Keeper Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

The White House has released its National Cybersecurity Strategy. MKS Instruments discloses a ransomware incident that spread to some of its vendors. Ransomware hits the Dole Food Company. CISA runs a red team assessment against a critical infrastructure organization. And LockBit has claimed responsibility for an attack on a water utility in Portugal. The CyberWire's Tré Hester shares the news this week. Guest Tom Winston, Dragos’ Director of Intelligence Content, recently spoke with Dave Bittner about Dragos’ recently released 2022 Year in Review report. In the Learning Lab, Dragos’ VP Product & Industry Market Strategy Mark Urban completes his two-part discussion about the importance of incident response planning with Vern McCandlish, who is a Principal Industrial Incident Responder at Dragos. Control Loop News Brief. White House releases the National Cybersecurity Strategy. National Cybersecurity Strategy (The White House) Cranes as a security threat. Pentagon Sees Giant Cargo Cranes as Possible Chinese Spying Tools (Wall Street Journal) EPA Memo requires water systems to include cybersecurity in their safety audits. EPA Takes Action to Improve Cybersecurity Resilience for Public Water Systems (EPA) MKS Instruments discloses ransomware incident. Applied Materials will take a $250M hit to sales this quarter, thanks to a cyberattack at one of its suppliers (Silicon Valley Business Journal) Semiconductor industry giant says ransomware attack on supplier will cost it $250 million (The Record) Ransomware hits a major food producer. Cyberattack on food giant Dole temporarily shuts down North America production, company memo says (CNN) Dole Experiences Cybersecurity Incident (Dole) Red-teaming critical infrastructure. CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks (CISA) LockBit claims attack on water utility in Portugal. LockBit gang takes credit for attack on water utility in Portugal (The Record) Control Loop Interview. The interview is with Tom Winston, Director of Intelligence Content at Dragos, sharing their recently released 2022 Year in Review report. Control Loop Learning Lab. In Part 2 of 2, Dragos’ VP Product & Industry Market Strategy Mark Urban speaks with Vern McCandlish, Principal Industrial Incident Responder at Dragos, about the importance of incident response planning.  Industrial Cyber Threat Intel & Collective Intelligence links: Neighborhood Keeper in the Broader Context of Cyber Threat Intelligence Using Trend Analysis to Operationalize OT Threat Intelligence with Neighborhood Keeper Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Dragos has released its ICS/OT Cybersecurity Year in Review for 2022, finding a rise in ransomware attacks targeting industrial organizations. Forescout discloses two vulnerabilities affecting the Unity line of Schneider Electric’s Modicon programmable logic controllers. Dozens of vulnerabilities in industrial internet-of-things (IIoT) devices. Tim Starks from the Washington Post's Cybersecurity 202. discusses the upcoming White House National Cyber Strategy and its possible effects on critical infrastructure. In the Learning Lab, Dragos’ VP Product & Industry Market Strategy Mark Urban begins his two-part discussion about the importance of incident response planning with Vern McCandlish, who is a Principal Industrial Incident Responder at Dragos. Control Loop News Brief. Dragos releases its ICS/OT Cybersecurity Year in Review for 2022. 2022 ICS/OT Cybersecurity Year in Review (Dragos) Russian-linked malware was close to putting U.S. electric, gas facilities ‘offline’ last year (Politico) Schneider PLC vulnerabilities. Deep Lateral Movement in OT Networks: When Is a Perimeter Not a Perimeter? (Forescout) The return of ICEFALL: Two critical bugs revealed in Schneider Electric tech (The Record) Wireless IIoT devices at risk from vulnerabilities. Industrial Wireless IoT - The direct path to your Level 0 (Otorio) Control Loop Interview. The interview is with Tim Starks from the Washington Post's Cybersecurity 202 discussing the upcoming White House National Cyber Strategy and its possible effects on critical infrastructure. Control Loop Learning Lab. In Part 1 of 2, Dragos’ VP Product & Industry Market Strategy Mark Urban speaks with Vern McCandlish, Principal Industrial Incident Responder at Dragos, about the importance of incident response planning.  Industrial Cyber Threat Intel & Collective Intelligence links: Neighborhood Keeper in the Broader Context of Cyber Threat Intelligence Using Trend Analysis to Operationalize OT Threat Intelligence with Neighborhood Keeper Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.