Industrial Control Systems

DHS, federal agencies urge vigilance from infrastructure operators, facilities

Then last week, the CISA published another Insights bulletin – Enhancing Chemical Security During Heightened Geopolitical Tensions – which “urges facilities with chemicals of interest (COI)…to consider enhanced security measures to decrease the likelihood of a successful attack.” COI is a term used for a list of more than 300 hazardous chemicals that if misused could cause harm to individuals, facilities or society in general, such as if they were stolen and converted into weapons. Utilities should report any physical security incidents or threats to WaterISAC (analyst@waterisac.org or 866-H2O-ISAC), their local police department, and the FBI (via a local field office). Malicious cyber activity should be reported to WaterISAC as well as to the FBI …

DHS, federal agencies urge vigilance from infrastructure operators, facilities Read More »

DHS, federal agencies urge vigilance from infrastructure operators, facilities

Recommendations for IoT Device Manufacturers

Foundational Activities and Core Device Cybersecurity Capability Baseline (2nd Draft)   Date Published: January 2020 Comments Due: February 7, 2020 Email Comments to: iotsecurity@nist.gov Author(s) Michael Fagan (NIST), Katerina Megas (NIST), Karen Scarfone (Scarfone Cybersecurity), Matthew Smith (G2) Abstract Internet of Things (IoT) devices often lack device cybersecurity capabilities their customers—organizations and individuals—can use to help mitigate their cybersecurity risks. Manufacturers can help their customers by improving how securable the IoT devices they make are, meaning the devices provide functionality that their customers need to secure them within their systems and environments, and manufacturers can also help their customers by providing them with the cybersecurity-related information they need. This publication describes voluntary, recommended activities related to …

Recommendations for IoT Device Manufacturers Read More »

Recommendations for IoT Device Manufacturers

Mitre Adds ICS-Specific Techniques To ATT&CK Framework

#MITRE has released a version of its ATT&CK knowledgebase covering tactics and techniques used in attacks against industrial control systems. MITRE’s ATT&CK, which stands for Adversarial Tactics, Techniques and Common Knowledge, is a framework widely used by cybersecurity professionals to check whether their defenses are enough to detect and block attacks. The first ATT&CK model was released in 2013 with a focus on Microsoft Windows. Since then, it has expanded to include Linux, Mac OS, and cloud platforms. The matrix of tactics and techniques describe how attackers break into and move within systems, from initial access and exfiltration. By breaking out different tactics into specific categories, defenders can detect and …

Mitre Adds ICS-Specific Techniques To ATT&CK Framework Read More »

MITRE ATT&CK FRAMEWORK
Scroll to Top