We have seen multiple attacks in the last few years on municipal water supplies. The good news is that none of them killed anyone. Mostly, that was just because we were lucky. A bug in a TLS certificate (used to implement HTTPS) allowed researchers to view the water system control panel in hundreds of public […]
Continue reading → [DISPLAY_ACURAX_ICONS]This is a bit scary and something I know way too much about. Back in the dark ages, I worked on a team that developed the first first GPS system – for the Air Force. It was not designed to help you find the nearest Starbucks, but rather to protect Air Force personnel from our […]
Continue reading → [DISPLAY_ACURAX_ICONS]Shoddy security practices. Short of cash. Lack of personnel to deal with threats. Outdated equipment connected to the Internet. Weak passwords. CISA and the FBI say these are just some of the issues that critical infrastructure operators are facing. Anti U.S. (pro-Russian) hackers are intensifying attacks on critical infrastructure such as water, wastewater, dams, energy […]
Continue reading → [DISPLAY_ACURAX_ICONS]At least 68 cyberattacks last year caused physical consequences to operational technology (OT) networks at more than 500 locations worldwide. Damage from these attacks ranged up to $100 millon. OT attacks are attacks on the systems that run businesses like manufacturing, transportation and the cities themselves. If you think about all of the computers that […]
Continue reading → [DISPLAY_ACURAX_ICONS]If that headline doesn’t keep you up at night, I don’t know what will. The Government Accountability Office (GAO) says they have have found inefficiencies in CISA’s information sharing practices, in particular with critical infrastructure stakeholders. They also say that CISA is understaffed for handling OT incidents. Just to make sure everyone is on the […]
Continue reading → [DISPLAY_ACURAX_ICONS]I have written several times about the need to start thinking about post-quantum crypto. At this point, “Q-Day” is somewhere between this year and ten years from now. If you believe my blog last week, Q-Day could be today. NIST has published draft post quantum standards, but there is a lot more to do besides […]
Continue reading → [DISPLAY_ACURAX_ICONS]