Through ISMG’s Lens: Critical Infrastructure | Edition 19

The energy, utilities and industrial verticals have long been significant targets for criminals and state-sponsored threat actors.

There is a significant surge in OT #cybersecurity threats. Are you prepared?

#CriticalInfrastructure organizations increasingly realize that downtime from #cyberattacks can be catastrophic. The Colonial Pipeline #ransomwareattack, for example, resulted in five days of downtime, millions of dollars in ransoms, recovery and federal fines, and caused widespread gas outages across Southern U.S. states. Are we informed about the state of cybersecurity preparedness in critical infrastructure today?

Let’s hear it from the industry leaders:

TSA?Plans?Cyber?Risk?Regulation?for?Pipeline?and?Rail?Sector

The oil pipeline and rail sectors could be required to implement cyber risk management following the Transportation Security Administration's initiation of a rule-making process. The Biden administration is pressuring critical infrastructure operators through voluntary measures and new regulations. Read the full story by David Perera

Addressing?the?Shortage?of?Medical?Device?Cyber?Talent

The shortage of cybersecurity professionals in the United States includes a scarcity of expertise in medical device security, says Bill Aerts , senior fellow and managing director of the 美国明尼苏达大学双城分校 's recently launched Center for Medical Device Cybersecurity. Listen to the full interview by Marianne McGee

Cyber?Resilience?Minimizes?Risks?for?Digital?Services?

Cyber?resilience?extends beyond cyberattacks and encompasses the convergence of security and disaster recovery, and takes into account other factors such as supply chain disruption, attacks on critical infrastructure, epidemics, market fluctuations, power outages and natural disasters. Watch the full interview by Brian Pereira

Tata?Power?Attack?Linked?to?Bug?in?Nearly?20-Year-Old?Server

微软 says vulnerabilities?in?outdated web?servers?are likely responsible for a cyberattack last month against Indian energy giant? TATA Power .?Attackers?targeted Boa?servers, which were discontinued?in?2005,?to?potentially compromise?Tata?and other critical infrastructure organizations around the world. Read the full story by Mihir Bagwe

Cyberwarfare's?Role?in?the?Next?National?Defense?Strategy

Despite?the?strategic priorities laid out by?the?Biden administration and initial indicators provided by?the?Department of?Defense, it's unclear how?the?next?national?defense?strategy?will prioritize threats and define?the?primary?role?of?the?U.S. military. Christopher Dougherty discusses?cyberwarfare. Listen to the full interview by Steve King, CISM, CISSP

Want to know more? Join us for CyberEdBoard Community ’s Mission Critical Summit & pledge to secure Critical Infrastructure, Connected Devices and Crypto & Payments. Register now!

Cyberattack?at?Boeing?Disrupts?Flight?Planning

Distribution of airspace safety notices are affected by a cyber incident?at?Boeing?subsidiary Jeppesen, the nature of which the company won't disclose. "At?this time we have no reason to believe that this incident poses a threat to aircraft or?flight?safety," a company spokesperson said. Read the full story by Prajeet Nair

Cyberattack?Hits?German?Copper?Manufacturing?Giant

One of the world's largest?copper?smelters disclosed it underwent a?cyberattack, stating that production "could largely be maintained." Germany-based Aurubis owns Europe's largest?copper?smelting facility, capable of refining 450,000 metric tonnes annually and located in Hamburg. Read the full story by Akshaya Asokan

LockBit?Claims?Attack?on?German?Auto?Parts?Giant?Continental

Ransomware-as-a-service group?LockBit?is threatening the release of data it says it stole from?German?auto?parts?maker?Continental. The company in August acknowledged an incident involving its IT systems, but didn't respond Friday with additional information. Read the full story by Akshaya Asokan

Know Your Editors

We are the world’s largest media organization devoted solely to information security and risk management with reportage and analysis from the industry’s award-winning journalists. A look at who's behind the wire:

Here’s putting the spotlight on Tony Morbin , Executive News Editor, EU

• What do you enjoy doing in your spare time?

Used to be travelling and scuba diving, but now mostly swimming, walking in the woods, reading, entertaining the grandkids and just the occasional travel/bands/theatre/drunken reunions.

• Your biggest productivity hack?

Do the job you don’t want to do right now or it will be hanging over you and spoil the stuff you enjoy.

• Your advice for young cybersecurity enthusiasts?

However marvellous the tech, the way around it is often how the human uses it, so think like a hacker - how can the tech be abused or the user fooled?

• Your favourite book/piece of an article?

Sapiens: A Brief History of Humankind - who and what we are and where we might be going. Illuminating, frightening and thought provoking.

• Your recent must-read on ISMG’s network?

Love the whole series of The Ransomware Files

• A famous saying that you abide by?

I agree with the principle: "Do unto others as you would have done unto you," or as my mum would put it, "Be careful how you treat people on your way up, you might meet them on your way down."

• Your fondest memory of ISMG?

Several enjoyable roundtables, but I'll say interviewing John Matherly , creator of Shodan.

• Next big technology or concept you’re looking forward to in the cyberspace?

Not so much looking forward, as anticipating, more takeover of real-world things, and countermeasures - carjacking, taking over drones, planes, ships, cars, machinery by attackers.

That's all for today, we will be back next week. Don’t forget to register for our CyberEdBoard Community 's Mission Critical Summit happening from December 13 to 15, 2022.

Until next time!

Have a nice day ahead.

-- ISMG Social Media Desk