Mandiant ties OT attacks to Sandworm. Russia-linked hackers target Texas water utilities. Belarusian hacktivists hit fertilizer company. CISA issues eight ICS advisories. Dave Bittner's Caveat podcast co host Ben Yelin joins him to discuss pending legislation with potential to affect critical infrastructure, as well as the Department of Energy’s assessment of the potential risks and rewards from AI. The Learning Lab is on a hiatus this episode, and will be returning soon! Control Loop News Brief. Mandiant ties OT attacks to Sandworm. Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm (Mandiant) Russia-linked hackers target Texas water facilities. Rural Texas Towns Report Cyberattacks That Caused One Water System to Overflow (SecurityWeek) Russia-linked hacking group suspected of carrying out cyberattack on Texas water facility, cybersecurity firm says (CNN) Belarusian hacktivists hit fertilizer company. Belarusian hackers claim to breach fertilizer plant in retaliation for support of Lukashenko regime (The Record) CISA issues eight ICS advisories. CISA Releases Eight Industrial Control Systems Advisories (CISA) Control Loop Interview. Host Dave Bittner and his co host from the Caveat podcast on the N2K CyberWire network, Ben Yelin, share some discussion about pending legislation with potential to affect critical infrastructure, and Department of Energy’s assessment of the potential risks and rewards from AI. Links to articles:  Crawford puts forward bill on cybersecurity risks to water systems (The Arkansas Democrat-Gazette) US DOE rolls out initial assessment report on AI benefits and risks for critical energy infrastructure (Industrial Cyber)  Control Loop Learning Lab. The Learning Lab is on a break and will be back soon. Stay tuned.  Control Loop Audience Survey. Please take a moment to fill out our super quick survey. It’s only 5 short questions. Thanks! Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on N2K Networks website.

Chinese-manufactured devices in US networks see a 41% YoY increase. Ukraine-linked hackers deploy ICS malware against Russian infrastructure company. A look at cyberattacks that had physical consequences in 2023. Lessons from NERC’s GridEx exercise. Extension requested for comment period on CISA’s incident reporting rule. Guest Kate Ledesma, Senior Director Government Affairs at Dragos, talks about the Cybersecurity Incident Reporting for Critical Infrastructure Proposed rule (CIRCIA). The Learning Lab returns has part 2 of Mark Urban and Josh Hanrahan's discussion adversary hunting and VOLTZITE (aka Volt Typhoon). Control Loop News Brief. Chinese-manufactured devices in US networks see a 41% YoY increase. “All your base are belong to us” – A probe into Chinese-connected devices in US networks (Forescout) Ukraine-linked hackers deploy ICS malware against Russian infrastructure company. Unpacking the Blackjack Group's Fuxnet Malware (Claroty) A look at cyberattacks that had physical consequences in 2023. 2024 Threat Report – OT Cyberattacks with Physical Consequences (Waterfall) Lessons from NERC’s GridEx exercise. GridEx VII: Lessons Learned Report (NERC) Extension requested for comment period on CISA’s incident reporting rule. US Chamber of Commerce, industry groups call for 30-day delay in CIRCIA rules (The Record) Control Loop Interview. Guest Kate Ledesma, Senior Director Government Affairs at Dragos, discussing Cybersecurity Incident Reporting for Critical Infrastructure Proposed rule (CIRCIA).  Control Loop Learning Lab. On the Learning Lab segment, listen to Dragos’ Mark Urban talking with Josh Hanrahan, Principal Adversary Hunter at Dragos, in part two of their discussion on adversary hunting and VOLTZITE (aka Volt Typhoon).  Resources: VOLTZITE Threat Group’s Under the Radar Cyber Espionage on U.S. Critical Systems. The 5 Critical Controls for ICS/OT Cybersecurity – SANS webinar. Control Loop Audience Survey. Please take a moment to fill out our super quick survey. It’s only 5 short questions. Thanks! Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on N2K Networks website.

Sellafield nuclear waste site to be prosecuted for alleged cybersecurity failings. CISA issues draft proposal for cyber incident reporting by critical infrastructure entities. Threat actor targets Indian government and energy entities. Suspicious NuGet package appears to target developers in the industrial sector. Guest Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, shares their CIRCIA Notice of Proposed Rulemaking. The Learning Lab returns! Mark Urban and Josh Hanrahan discuss adversary hunting. Control Loop News Brief. Sellafield nuclear waste site to be prosecuted for alleged cybersecurity failings. Sellafield nuclear waste dump to be prosecuted for alleged cybersecurity offences (The Guardian) Sellafield nuclear site hacked by groups linked to Russia and China (The Guardian) CISA issues draft proposal for cyber incident reporting by critical infrastructure entities. CISA releases draft rule for cyber incident reporting (CyberScoop) Threat actor targets Indian government and energy entities. Operation FlightNight: Indian Government Entities and Energy Sector Targeted by Cyber Espionage Campaign (EclecticIQ) Suspicious NuGet package appears to target developers in the industrial sector. Suspicious NuGet package grabs data from industrial systems (ReversingLabs) Control Loop Interview. Guest is Eric Goldstein, Executive Assistant Director for Cybersecurity at  CISA. Eric shares their CIRCIA Notice of Proposed Rulemaking that goes into effect this week. Control Loop Learning Lab. The Learning Lab is back! On today’s segment, listen to Dragos’ Mark Urban talking with Josh Hanrahan, Principal Adversary Hunter at Dragos, in part one of their discussion on adversary hunting and VOLTZITE (aka Volt Typhoon).  Resources: VOLTZITE Threat Group’s Under the Radar Cyber Espionage on U.S. Critical Systems .  Control Loop Audience Survey. Please take a moment to fill out our super quick survey. Thanks! Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on N2K Networks website.

Researchers discover a way to hijack web-based PLCs. Threat actor targets manufacturing entities in North America. US Department of Defense launches CORA program. CISA issues ICS advisories. Guest Aura Sabadus, Senior Journalist at ICIS, joins us to discuss how energy insiders are approaching the renewed risks of China's ramp up toward potential attacks on critical infrastructure and what the energy industry is saying about these risks. The Learning Lab is taking a break and will return soon. Stay tuned. Control Loop News Brief. Researchers discover a way to hijack web-based PLCs. Critical Infrastructure Systems Are Vulnerable to a New Kind of Cyberattack (Georgia Tech) Threat actor targets manufacturing entities in North America. Blind Eagle's North American Journey (eSentire) APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs (Trend Micro) US Department of Defense launches CORA program. JFHQ-DODIN Officially Launches its New Cyber Operational Readiness Assessment Program (US Department of Defense) CISA issues ICS advisories. CISA Releases Fifteen Industrial Control Systems Advisories (CISA) Control Loop Interview. Guest Aura Sabadus, Senior Journalist at ICIS, joins us to discuss how energy insiders are approaching the renewed risks of China's ramp up toward potential attacks on critical infrastructure and what the energy industry is saying about these risks. Control Loop Learning Lab. The Learning Lab is on break and will return in the near future. Stay tuned. Control Loop Audience Survey. Please take a moment to fill out our super quick survey. Thanks! Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on N2K Networks website.

NIST releases Cybersecurity Framework 2.0. Biden administration issues executive order on maritime cybersecurity. Suspected Chinese threat actor continues to exploit Ivanti vulnerabilities. ThyssenKrupp sustains ransomware attack. Guests Liz Martin, Global Advisory Solution Architect at Dragos, and Blake Benson, Senior Director at ABS Group, talk through the latest Maritime Executive Order. The Learning Lab is taking a break and will return soon. Stay tuned. Control Loop News Brief. NIST releases Cybersecurity Framework 2.0. NIST Releases Version 2.0 of Landmark Cybersecurity Framework (NIST) Biden administration issues executive order on maritime cybersecurity. On-the-Record Press Call on the Biden-⁠Harris Administration Initiative to Bolster the Cybersecurity of U.S. Ports (The White House) Biden to sign executive order on US port cybersecurity targeting Chinese-manufactured shipping cranes (CNBC) Suspected Chinese threat actor continues to exploit Ivanti vulnerabilities. Cutting Edge, Part 3: Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts (Mandiant) ThyssenKrupp sustains ransomware attack. German Steelmaker Thyssenkrupp Confirms Ransomware Attack (SecurityWeek) Control Loop Interview. Guests Liz Martin, Global Advisory Solution Architect at Dragos, and Blake Benson, Senior Director at ABS Group, talk through the latest Maritime Executive Order. For more information, review the Executive Order on Amending Regulations Relating to the Safeguarding of Vessels, Harbors, Ports, and Waterfront Facilities of the United States and White House’s FACT SHEET: Biden-⁠Harris Administration Announces Initiative to Bolster Cybersecurity of U.S. Ports.  Control Loop Learning Lab. The Learning Lab is on break and will return in the near future. Stay tuned. Control Loop Audience Survey. Please take a moment to fill out our super quick survey. Thanks! Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on N2K Networks website.

Five Eyes publish report on Volt Typhoon. Volt Typhoon targets emergency management services in the US. Siemens and Schneider Electric issue patches. Guest is Magpie Graham, Principal Adversary Hunter Technical Director at Dragos, sharing the findings of Dragos Cybersecurity Year in Review report. The Learning Lab segment will return next episode. Control Loop News Brief. Five Eyes publish report on Volt Typhoon. PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure (CISA) Volt Typhoon targets emergency management services in the US. VOLTZITE Espionage Operations Targeting U.S. Critical Systems (Dragos) Siemens and Schneider Electric issue patches. ICS Patch Tuesday: Siemens Addresses 270 Vulnerabilities (SecurityWeek) Control Loop Interview. Guest Magpie Graham, Principal Adversary Hunter Technical Director at Dragos, reviews the key findings of Dragos’ Cybersecurity Year in Review report. You can download a copy of the report here.  Control Loop Learning Lab. The Learning Lab segment will return next episode. Control Loop Audience Survey. Please take a moment to fill out our super quick survey. Thanks! Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on N2K Networks website.

Volt Typhoon targets US critical infrastructure. Ransomware attacks in the OT sector. Ransomware attack against Johnson Controls cost $27 million. Bill would add ICS security to President’s Cup Cybersecurity Competition. Guest is Dragos CEO and Founder Robert M. Lee from the hearing before the U.S. Congressional Subcommittee on Cybersecurity and Infrastructure Protection on February 6, 2024. We share Rob’s opening statement before the committee. On the Learning Lab, we have the concluding part of a 2-part discussion on building community in OT that Dragos Mark Urban had with Dragos Strategic Accounts Director Sam Van Ryder. Control Loop News Brief. Volt Typhoon targets US critical infrastructure. Exclusive: US disabled Chinese hacking network targeting critical infrastructure (Reuters) Wray warns Chinese hackers are aiming to 'wreak havoc' on U.S. critical infrastructure (NPR) Ransomware attacks in the OT sector. Dragos Industrial Ransomware Analysis: Q4 2023 (Dragos) The Crisis of Convergence: OT/ICS Cybersecurity 2023 (TXOne Networks) Ransomware attack against Johnson Controls cost $27 million. Johnson Controls says ransomware attack cost $27 million, data stolen (BleepingComputer) Schneider Electric confirms ransomware attack. Schneider Electric confirms it was hit by ransomware attack (Silicon Republic) Energy giant Schneider Electric hit by Cactus ransomware attack (BleepingComputer) US sanctions Iranian officials for attacks on critical infrastructure. Treasury Sanctions Actors Responsible for Malicious Cyber Activities on Critical Infrastructure (OFAC) US House Energy Subcommittee holds hearing on cyberattacks against water infrastructure. US House Energy Subcommittee holds hearing on safeguarding drinking water infrastructure from cyberattacks (Industrial Cyber) Bill would add ICS security to President’s Cup Cybersecurity Competition. Senate HSGAC Approves Cyber, Software Bills (Meritalk) Control Loop Interview. Dragos CEO and Founder Robert M. Lee testified at the hearing before the U.S. Congressional Subcommittee on Cybersecurity and Infrastructure Protection on February 6, 2024. We share Rob’s opening statement before the committee. The purpose of the hearing was to discuss threats to water and wastewater ICS/OT systems in the U.S. that have the potential to disrupt operations and pose safety risks and examine the steps needed to secure operational technology in the water sector.  Read the press release. Watch the video of the hearing: Securing Operational Technology: A Deep Dive into the Water Sector.  Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos Strategic Accounts Director Sam Van Ryder to conclude their discussion of building community in OT. Learn more about Hou.Sec.Con. Learn more about the Dragos Community Defense Program which provides free access to Dragos OT cybersecurity technology for qualifying utility providers to better protect their communities from potentially destructive cyber attacks. Control Loop Audience Survey. Please take a moment to fill out our super quick survey. Thanks! Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on N2K Networks website.

An analysis of cyberattacks against Danish energy infrastructure. US government outlines threats posed by Chinese-manufactured drones. Vulnerability in Bosch thermostats. OIG says CISA needs to improve collaboration with the water sector. Guests Mark Stacey of Dragos and Charles Kano from WestCap discuss cyber insurance as an important part of your organization's security plan. On the Learning Lab, we have the first part of a 2-part discussion on building community in OT that Dragos Mark Urban had with Dragos Strategic Accounts Director Sam Van Ryder. Control Loop News Brief. OIG says CISA needs to improve collaboration with the water sector. CISA needs better collaboration with the EPA and water sector, watchdog says (Nextgov) Volt Typhoon targets end-of-life Cisco routers. Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure (Dark Reading) Cyberattacks against Israeli ports. Israeli Ports Hit in Cyberattack: Anonymous Sudan Takes Credit (The Cyber Express) An analysis of cyberattacks against Danish energy infrastructure. Clearing the Fog of War: A Critical Analysis of Recent Energy Sector Attacks in Denmark and Ukraine (Forescout) US government outlines threats posed by Chinese-manufactured drones. Cybersecurity Guidance: Chinese-Manufactured UAS (CISA) Vulnerability in Bosch thermostats.  Vulnerabilities identified in Bosch BCC100 Thermostat (Bitdefender) Control Loop Interview. On this episode, we are joined by Mark Stacey of Dragos and Charles Kano from WestCap discussing cyber insurance as an important part of your organization's security plan. Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos Strategic Accounts Director Sam Van Ryder to discuss building community in OT. Learn more about Hou.Sec.Con. Learn more about the Dragos Community Defense Program which provides free access to Dragos OT cybersecurity technology for qualifying utility providers to better protect their communities from potentially destructive cyber attacks. Control Loop Audience Survey. Please take a moment to fill out our super quick survey. Thanks! Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on N2K Networks website.

Responses to Aliquippa water authority attack. Predatory Sparrow disrupts Iran’s gas stations. MITRE launches a threat model for critical infrastructure embedded devices. Guest Dawn Cappelli,  Head of Dragos's OT-Cyber Emergency Readiness Team shares details about  the launch of Dragos’s free community initiative to protect small utilities that serve majority of Americans. Learn more about the Dragos Community Defense Program that includes Dragos Platform and Neighborhood Keeper. On the Learning Lab, we have the final part of the 3-part discussion on building automation systems that Dragos Mark Urban had with colleagues Daniel Gaeta and Zach Spencer. Control Loop News Brief. Responses to Aliquippa water authority attack. States and Congress wrestle with cybersecurity after Iran attacks small town water utilities (AP) Predatory Sparrow disrupts Iran’s gas stations. A suspected cyberattack paralyzes the majority of gas stations across Iran (AP) Iran petrol stations hit by cyberattack, oil minister says (Reuters) Israel-linked group claims cyberattack that shut down 70% of Iran’s gas stations (The Times of Israel) Energy Department offers $70 million in funding for cybersecurity research. Energy Department has cyber threats to infrastructure in mind with $70 million funding offer (FedScoop) MITRE launches a threat model for critical infrastructure embedded devices. MITRE, Red Balloon Security, and Narf Announce EMB3D – A Threat Model for Critical Infrastructure Embedded Devices (MITRE) US Department of Homeland Security’s Annual Threat Assessment. Homeland Threat Assessment 2024 (DHS) Control Loop Interview. Guest Dawn Cappelli, Dragos's Head of OT-Cyber EmergencyReadiness Team, joins us this episode to discuss the launch of free community initiative to protect small utilities that serve majority of Americans. Learn more about the Dragos Community Defense Program that includes Dragos Platform and Neighborhood Keeper. Control Loop Learning Lab. On the Learning, Mark Urban is back with part 3 of his discussion on building automation systems with Dragos' Daniel Gaeta, ICS/OT Cybersecurity Senior Solutions Architect, and Zach Spencer. Senior Enterprise Account Executive. Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on N2K Networks website.

Rockwell Stratix routers vulnerable to Cisco zero-day. SecurityWeek’s ICS Cyber Security Conference. Malware attacks against IoT devices increase by 400%. Nuclear power plant operator cited over cybersecurity plan. CISA’s ICS advisories. Guest Garrett Bladow, Distinguished Engineer at Dragos, joins us from the CyberCon 2023 event in Bismarck, North Dakota. Garrett discusses active visibility into OT systems. On the Learning Lab, Mark Urban shares the second part of his conversation about cyber threat intelligence with Paul Lukoskie, who is Dragos’ Director of Intelligence Services. Control Loop News Brief. Rockwell Stratix routers vulnerable to Cisco zero-day. PN1653 | Stratix® 5800 & 5200 vulnerable to Cisco IOS XE Web UI Privilege Escalation (Active Exploit) (Rockwell Automation) SecurityWeek’s ICS Cyber Security Conference. 2023 ICS Cybersecurity Conference (SecurityWeek) Malware attacks against IoT devices increase by 400%. Zscaler ThreatLabz 2023 Enterprise IoT and OT Threat Report (Zscaler) Nuclear power plant operator cited over cybersecurity plan. UK Cites Nuclear Plant Operator Over Cybersecurity Strategy (Silicon UK) Rockwell and Dragos announce partnership. Dragos and Rockwell Automation Strengthen Industrial Control System Cybersecurity for Manufacturers with Expanded Capabilities (Business Wire) CISA’s ICS advisories. CISA Releases Two Industrial Control Systems Advisories (CISA) Hitachi Energy’s RTU500 Series Product (Update B) (CISA) CISA Releases Nine Industrial Control Systems Advisories (CISA) Control Loop Interview. Guest is Garrett Bladow, Distinguished Engineer at Dragos, discussing active visibility into OT systems.  Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos’ Director of Intelligence Services, Paul Lukoskie, for part two of their discussion on cyber threat intelligence. Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Iranian hacktivists hit Pennsylvania water utility. Attacks against water systems are an instance of a larger threat. Supply chain vulnerabilities in the electrical sector. Guest Nick Sanna of the FAIR Institute and Safe Security talks about the challenges the White House faces in attempting to harmonize critical infrastructure regulations. The Learning Lab has part 2 of the 3-part discussion on building automation systems that Dragos Mark Urban had with colleagues Daniel Gaeta and Zach Spencer. Control Loop News Brief. Iranian hacktivists hit Pennsylvania water utility. Municipal Water Authority of Aliquippa hacked by Iranian-backed cyber group (CBS News) Iranian-Linked Cyber Army had Partial Control of Aliquippa Water System (BeaverCountian) A hack in hand is worth two in the bush (Securelist) Cyber phases of hybrid wars spread beyond the theaters of operation. How cybersecurity teams should prepare for geopolitical crisis spillover (CSO) And attacks against water systems are an instance of a larger threat. Iran-Backed Cyber Av3ngers Escalates Campaigns Against U.S. Critical Infrastructure (SentinelOne) Anti-Israel hacking campaign highlights danger of internet-connected devices (CyberScoop) Chinese operators intrude into infrastructure. China’s cyber army is invading critical U.S. services (Washington Post) Supply chain vulnerabilities in the electrical sector. A Software Supply Chain Dependent on Adversaries (Fortress) Control Loop Interview. Guest Nick Sanna of the FAIR Institute and Safe Security  details the challenges the White House faces in attempting to harmonize critical infrastructure regulations. Control Loop Learning Lab. On the Learning, Mark Urban is back with part 2 of 3 of his discussion on building automation systems with Dragos' Daniel Gaeta, ICS/OT Cybersecurity Senior Solutions Architect, and Zach Spencer. Senior Enterprise Account Executive. Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on N2K Networks website.

GRU's Sandworm implicated in campaign against Danish electrical power providers. Paris wastewater agency hit by cyberattack. LockBit hits Boeing. Bletchley Declaration represents a consensus starting point for AI governance. The US Executive Order on artificial intelligence is out. Guest Austin Reid of ABS Group discusses Ship and Shore challenges for security and the current and emerging regulatory landscape. On the Learning Lab, Dragos Mark Urban part 1 of 3 discussing building automation systems with Dragos' Daniel Gaeta and Zach Spencer. Control Loop News Brief. GRU's Sandworm implicated in campaign against Danish electrical power providers. The attack against Danish critical infrastructure (SektorCERT) Exclusive: This pizza box-sized equipment could be key to Ukraine keeping the lights on this winter (CNN) Paris wastewater agency hit by cyberattack. Greater Paris wastewater agency dealing with cyberattack (The Record) Cyberattaque D'Ampleur Au SIAAP (SIAAP) Iranian hacktivists claim an attack on a Pennsylvania water utility. Iranian-Linked Cyber Army Had Partial Control Of Aliquippa Water System (BeaverCountian.com) Municipal Water Authority of Aliquippa hacked by Iranian-backed cyber group (CBS News)  LockBit hits Boeing. Ransomware groups rack up victims among corporate America (CyberScoop) #StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability (CISA) Bletchley Declaration represents a consensus starting point for AI governance. Can Rishi Sunak’s big summit save us from AI nightmare? (BBC) The Bletchley Declaration by Countries Attending the AI Safety Summit, 1-2 November 2023 (Gov.uk) The US Executive Order on artificial intelligence is out. Administration Actions on AI (AI.gov) Control Loop Interview. Guest is Austin Reid of ABS Group discussing ship and shore challenges for security and the current and emerging regulatory landscape. Control Loop Learning Lab. On the Learning, Mark Urban discusses building automation systems in part 1 of 3 with Dragos' Daniel Gaeta, ICS/OT Cybersecurity Senior Solutions Architect, and Zach Spencer. Senior Enterprise Account Executive. Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

A cyber incident disrupts Australian ports. Sandworm and Ukraine's power grid: 2022 attacks. Department of Energy hosts simulated cyberattack competition. CISA, FEMA, and Shields Ready. Cyber and electronic threats to space systems. Four cyber phases of a hybrid war. Guest Austin Reid of ABS Group discusses cyber risk and threats to Maritime Transportation Systems (MTS). On the Learning Lab, catch an encore of Dragos CEO Robert M. Lee and Mark Urban about the five critical controls for ICS. Control Loop News Brief. Australian ports disrupted in a “cyber incident.” Major Australian port operator shuts down amid cyber security incident, impacting goods in and out of the country (ABC News) Sandworm and Ukraine's power grid: 2022 attacks. Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology (Mandiant) CaddyWiper: New wiper malware discovered in Ukraine (ESET) Four cyber phases of a hybrid war.. Cyber Escalation in Modern Conflict: Exploring Four Possible Phases of the Digital Battlefield (Flashpoint) The Evolution of Cyber Attacks on Electric Operations (Dragos) CISA, FEMA, and Shields Ready. Shields Ready (CISA) DHS Unveils New Shields Ready Campaign to Promote Critical Infrastructure Security and Resilience (FEMA) Department of Energy hosts simulated cyberattack competition. DOE hosting simulated cyberattack for students (CyberScoop) Cyber and electronic threats to space systems. Space Operators Should Harden Cryptography Defenses, NSA Cyber Official Says (Via Satellite) Cyber Security of Space Systems ‘Crucial,’ As US Space Force Official Notes Recent Attacks (Via Satellite) Control Loop Interview. Guest is Austin Reid of ABS Group discussing cyber risk and threats to Maritime Transportation Systems (MTS). Control Loop Learning Lab. On the Learning Lab, we share an encore of Dragos CEO Robert M. Lee and Mark Urban explaining the five critical controls for ICS. Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Rockwell Stratix routers vulnerable to Cisco zero-day. SecurityWeek’s ICS Cyber Security Conference. Malware attacks against IoT devices increase by 400%. Nuclear power plant operator cited over cybersecurity plan. CISA’s ICS advisories. Guest Garrett Bladow, Distinguished Engineer at Dragos, joins us from the CyberCon 2023 event in Bismarck, North Dakota. Garrett discusses active visibility into OT systems. On the Learning Lab, Mark Urban shares the second part of his conversation about cyber threat intelligence with Paul Lukoskie, who is Dragos’ Director of Intelligence Services. Control Loop News Brief. Rockwell Stratix routers vulnerable to Cisco zero-day. PN1653 | Stratix® 5800 & 5200 vulnerable to Cisco IOS XE Web UI Privilege Escalation (Active Exploit) (Rockwell Automation) SecurityWeek’s ICS Cyber Security Conference. 2023 ICS Cybersecurity Conference (SecurityWeek) Malware attacks against IoT devices increase by 400%. Zscaler ThreatLabz 2023 Enterprise IoT and OT Threat Report (Zscaler) Nuclear power plant operator cited over cybersecurity plan. UK Cites Nuclear Plant Operator Over Cybersecurity Strategy (Silicon UK) Rockwell and Dragos announce partnership. Dragos and Rockwell Automation Strengthen Industrial Control System Cybersecurity for Manufacturers with Expanded Capabilities (Business Wire) CISA’s ICS advisories. CISA Releases Two Industrial Control Systems Advisories (CISA) Hitachi Energy’s RTU500 Series Product (Update B) (CISA) CISA Releases Nine Industrial Control Systems Advisories (CISA) Control Loop Interview. Guest is Garrett Bladow, Distinguished Engineer at Dragos, discussing active visibility into OT systems.  Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos’ Director of Intelligence Services, Paul Lukoskie, for part two of their discussion on cyber threat intelligence. Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Microsoft on the state of OT security. Israeli and Palestinian hacktivists target ICS. Coinmining as an (alleged, potential) front for espionage or stage for sabotage. EPA withdraws water system cybersecurity memorandum. Colonial Pipeline says new ransomware claims are due to unrelated third-party breach. Most organizations are struggling with IoT security. CISA views China as the top threat to US critical infrastructure. Improving security for open-source ICS software. CISA ICS advisories. Guest Kuldip Mohanty, CIO of North Dakota, joins us from the CyberCon 2023 event in Bismarck, North Dakota. Kuldip shares how critical infrastructure is treated within the "Whole-of-State” cybersecurity strategy his team implements in North Dakota. On the Learning Lab, Mark Urban shares the first part of his conversation about cyber threat intelligence with Paul Lukoskie, who is Dragos’ Director of Intelligence Services. Control Loop News Brief. Microsoft on the state of OT security. Microsoft Digital Defense Report 2023 (Microsoft) Microsoft Digital Defense Report: Behind the Scenes Creating OT Vulnerabilities (aDolus) Zero-days affect industrial routers. 10 zero-day vulnerabilities in industrial cell router could lead to code execution, buffer overflows (Cisco Talos) Israeli and Palestinian hacktivists target ICS. Hacktivists in Palestine and Israel after SCADA and other industrial control systems (Cybernews) Coinmining as an (alleged, potential) front for espionage or stage for sabotage. Across U.S., Chinese Bitcoin Mines Draw National Security Scrutiny (The New York Times) EPA withdraws water system cybersecurity memorandum. EPA withdraws cyber audit requirement for water systems (Nextgov) Colonial Pipeline says new ransomware claims are due to unrelated third-party breach. Reports of second cyberattack on Colonial Pipeline false, company says (Fox 5 Atlanta) Colonial Pipeline attributes ransomware claims to ‘unrelated’ third-party data breach (The Record) Most organizations are struggling with IoT security. New Global Survey Reveals 97% of Organizations Face Challenges Securing IoT and Connected Devices (Keyfactor) Ransomware attack on Clorox. Clorox Security Breach Linked to Group Behind Casino Hacks (Bloomberg) Clorox Warns of a Sales Mess After Cyberattack (The Wall Street Journal) CISA views China as the top threat to US critical infrastructure. China is top cyber threat to US utilities, other critical infrastructure: CISA (Utility Dive) Improving security for open-source ICS software. Improving Security of Open Source Software in Operational Technology and Industrial Control Systems (CISA) CISA’s ICS advisories. Mitsubishi Electric MELSEC-Q Series PLCs (Update A) (CISA) CISA Releases Nineteen Industrial Control Systems Advisories (CISA) Control Loop Interview. Guest is Kuldip Mohanty, CIO of North Dakota, discussing how critical infrastructure is treated within the “whole of state” security strategy used in North Dakota. Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos’ Director of Intelligence Services, Paul Lukoskie, to examine cyber threat intelligence.  Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Johnson Controls sustains cyberattack. Nearly 100,000 ICS services exposed to the Internet. FBI anticipates an increase in Chinese and Russian targeting of the energy sector. Joint advisory warns of Beijing’s “BlackTech” threat activity. CISA's push for hardware bills of materials. Cybersecurity in the US industrial base. Guest Michael Toecker, Cyber Security Advisor at the United States Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response, continues his discussion of community defense and Neighborhood Keeper. On the Learning Lab, Mark Urban is joined by Alex Baretta, a senior solution architect at Dragos, for part two of their discussion about secure remote access. Control Loop News Brief. Homeland Security IG finds flaws in TSA pipeline security regulations. https://www.oig.dhs.gov/sites/default/files/assets/2023-09/OIG-23-57-Sep23-Redacted.pdf  https://www.cisa.gov/news-events/news/attack-colonial-pipeline-what-weve-learned-what-weve-done-over-past-two-years  Johnson Controls sustains cyberattack. Building automation giant Johnson Controls hit by ransomware attack (BleepingComputer) Nearly 100,000 ICS services exposed to the Internet. Bitsight identifies nearly 100,000 exposed industrial control systems (BitSight) FBI anticipates an increase in Chinese and Russian targeting of the energy sector. FBI warns energy sector of likely increase in targeting by Chinese, Russian hackers (The Record) Joint advisory warns of Beijing’s “BlackTech” threat activity. CISA, NSA, FBI and Japan Release Advisory Warning of BlackTech, PRC-Linked Cyber Activity (CISA) CISA's push for hardware bills of materials.  Hardware Bill of Materials (HBOM) Framework for Supply Chain Risk Management (CISA) CISA task force aims to improve supply chain security with new hardware standards (Nextgov) Cybersecurity in the US industrial base. Aprio Releases U.S. National Manufacturing Survey, Highlighting the Need for Improved Operational Excellence, Digitization and Cybersecurity Practices (Aprio) Control Loop Interview. Guest is Michael Toecker, Cyber Security Advisor at the United States Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response, continues his discussion of community defense and Neighborhood Keeper. Control Loop Learning Lab. On the Learning Lab, Mark Urban concludes his conversation about secure remote access with Alex Baretta, senior solution architect at Dragos.  Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Redfly cyberespionage targets a national grid. DHS Threat Assessment looks at critical infrastructure threats. A look at the ICS threat landscape. DoE grants for research into distributed energy cybersecurity. CISA offers free vulnerability scanning for water infrastructure. CISA issues ICS advisories. Guest Michael Toecker, Cyber Security Advisor at the United States Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response, discusses community defense. On the Learning Lab, Mark Urban is joined by Alex Baretta, a senior solution architect at Dragos, for part one of their discussion about secure remote access. Control Loop News Brief. Redfly cyberespionage targets a national grid. Redfly: Espionage Actors Continue to Target Critical Infrastructure (Symantec) China caught – again – with its malware in another nation's power grid (The Register) China-Linked Hackers Breached a Power Grid—Again (WIRED) DHS Threat Assessment looks at critical infrastructure threats. DHS warns of malicious AI use against critical infrastructure (CyberScoop) A look at the ICS threat landscape. Threat landscape for industrial automation systems. Statistics for H1 2023 (Kaspersky) DoE grants for research into distributed energy cybersecurity. Distributed Energy Resources Get Cybersecurity Boost With $39M DOE Funding (SecurityWeek) DOE Announces $39 Million in Research Funding to Enhance Cybersecurity of Clean Distributed Energy Resources (Department of Energy) Ransomware remains a threat to industrial operations. Massive MGM and Caesars Hacks Epitomize a Vicious Ransomware Cycle (WIRED) US-Canada water org confirms 'cybersecurity incident' after ransomware crew threatens leak (Register) CISA offers free vulnerability scanning for water infrastructure. Free Cyber Vulnerability Scanning for Water Utilities (CISA) Control Loop Interview. Guest is Michael Toecker, Cyber Security Advisor at the United States Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response, discussing community defense. Control Loop Learning Lab. On the Learning Lab, Mark Urban discusses secure remote access with Alex Baretta, senior solution architect at Dragos.  Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Crude "cyberattack" on rail control systems stops Polish trains. Energy One discloses cyberattack against its corporate systems. NIAC calls for a National Water Strategy. Department of Energy holds contest to provide cybersecurity funding for rural utilities. Researchers aim to secure US military’s power grids. A technical issue grounds the UK’s air traffic control system’s automated features. Guest Mark Ryland, Director of the Office of the CISO at Amazon Web Services, joining us as part of a Dragos webinar, Securing Digital Transformation: OT Cybersecurity Innovation and Resilience. On the Learning Lab, Mark Urban is joined by Dragos Vice President of Product Management Kimberly Graham in part three of their discussion on the convergence of OT and IT.  Control Loop News Brief. Crude "cyberattack" on rail control systems stops Polish trains. Two Men Arrested Following Poland Railway Hacking (SecurityWeek) Century-old technology hack brought 20 trains to a halt in Poland (Cybernews) Poland investigates hacking attack on state railway network (Reuters) Poland investigates train mishaps for possible Russian connection (Washington Post) Energy One discloses cyberattack against its corporate systems. Australian Energy Software Firm Energy One Hit by Cyberattack (SecurityWeek) US energy company suffers third-party data breach. Eversource Data Breach: Utility Warns MA Customers (Patch) NIAC calls for a National Water Strategy. Presidential Council Calls for Water Department to Address Cyber Threats (MeriTalk) Department of Energy holds contest to provide cybersecurity funding for rural utilities. DOE launches cyber contest to benefit rural utilities (CyberScoop) Researchers aim to secure US military’s power grids. Protecting the protectors: Virginia Tech researchers work to secure power grid communication on military bases. (Newswise) A technical issue grounds the UK’s air traffic control system’s automated features. Cancelled flights: Air traffic disruption caused by flight data issue (BBC) Flight chaos ‘to last for days’ after air traffic control failure (The Telegram) Control Loop Interview. Our guest is Mark Ryland, Director of the Office of the CISO at Amazon Web Services, joining us as part of a Dragos webinar, Securing Digital Transformation: OT Cybersecurity Innovation and Resilience. You can view the entire webinar here.  Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos Vice President of Product Management Kimberly Graham in part three of their discussion on the convergence of OT and IT.  Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Radiation sensor reports from Chernobyl may have been manipulated. South African power generator hit with malware. APT31 linked to attacks on industrial systems in Eastern Europe. Environmental regulation and increased maritime cyber risk. CISA Director warns of Chinese infrastructure attack staging. Threats to the power grid. CODESYS vulnerabilities.  Today's guest is Dragos’ Lesley Carhart, sharing their RSAC 2023 talk on real world stories of incident response and threat intelligence.  The Learning Lab continues the conversation between Dragos’ Mark Urban and Kimberly Graham about the convergence. Control Loop News Brief. Radiation sensor reports from Chernobyl may have been manipulated. Seeing Through the Invisible: Radiation Spikes Detected in Chernobyl During the Russian Invasion Show Possible Evidence of Fabrication (Ruben Santamarta) The Mystery of Chernobyl’s Post-Invasion Radiation Spikes (WIRED) CISA Director warns of Chinese infrastructure attack staging. Top U.S. cyber official offers 'stark warning' of potential attacks on infrastructure if tensions with China escalate (NBC News) China's Volt Typhoon snoops into US infrastructure, with special attention to Guam. (CyberWire) CODESYS vulnerabilities. Microsoft reveals severe vulnerabilities in CODESYS industrial automation software (The Record) Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS (Microsoft) South African power generator hit with malware. Focus on DroxiDat/SystemBC (Kaspersky) Ransomware Trends in the HPH Sector - Q1 2022 (HHS) Environmental regulation and increased maritime cyber risk. Navigating Cybersecurity's Seas: Environmental Regulations, OT & the Maritime Industry's New Challenges (Dark Reading) Threats to the power grid. EXCLUSIVE: ‘Release our men’: Far-right used power grid threats to try and blackmail government into freeing neo-Nazi bank robbery suspects (The Daily Dot) APT31 linked to attacks on industrial systems in Eastern Europe. Common TTPs of attacks against industrial organizations. Implants for uploading data (Kaspersky) Control Loop Interview. Our guest is Dragos’ Technical Director for Industrial Incident Response, Lesley Carhart, sharing real world stories of incident response and threat intelligence from their RSAC 2023 talk.  Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos Vice President of Product Management Kimberly Graham in part two of their discussion on the convergence of OT and IT.  Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

The Five Eyes outline the top exploited vulnerabilities. The Brunswick Corporation loses millions to cyberattack. Ransomware in the industrial space. The US Transportation Security Administration (TSA) updates security rules for oil and natural gas pipeline operators. Our guest is Mea Clift of Woodard & Curran sharing her perspective on mentorship, internships, and apprenticeships with an eye on OT security. The Learning Lab has the first part of a discussion about the convergence of OT and IT with Dragos’ Mark Urban and Kimberly Graham, Dragos’ VP of Product Management.  Control Loop News Brief. Five Eyes outlines top exploited vulnerabilities. 2022 Top Routinely Exploited Vulnerabilities (CISA) Brunswick Corporation loses millions to cyberattack. Marine industry giant Brunswick Corporation lost $85 million in cyberattack, CEO confirms (The Record by Recorded Future) Brunswick Corporation (NYSE:BC) Q2 2023 Earnings Call Transcript (Insider Monkey) Ransomware in the industrial space. Dragos Industrial Ransomware Attack Analysis: Q2 2023 (Dragos) TSA updates security rules for oil and natural gas pipeline operators. TSA updates, renews cybersecurity requirements for pipeline owners, operators (TSA) Control Loop Interview. The interview is with Mea Clift of Woodard & Curran sharing her perspective and efforts around mentorship and internship/apprenticeship with an eye on OT security and her experience in securing the water/utilities space. Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos Vice President of Product Management Kimberly Graham in part one of their discussion on the convergence of OT and IT.  Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.