I am guessing that this is just the tip of the iceberg. That by itself is scary. Researchers discovered nearly 35,000 solar power systems from 42 vendors that have exposed management interfaces. This includes devices like power inverters, data loggers, monitors, etc. The researchers found nearly 50 vulnerabilities that could be exploited. Most of these […]
Continue reading → [DISPLAY_ACURAX_ICONS]We have seen multiple attacks in the last few years on municipal water supplies. The good news is that none of them killed anyone. Mostly, that was just because we were lucky. A bug in a TLS certificate (used to implement HTTPS) allowed researchers to view the water system control panel in hundreds of public […]
Continue reading → [DISPLAY_ACURAX_ICONS]This is a bit scary and something I know way too much about. Back in the dark ages, I worked on a team that developed the first first GPS system – for the Air Force. It was not designed to help you find the nearest Starbucks, but rather to protect Air Force personnel from our […]
Continue reading → [DISPLAY_ACURAX_ICONS]Shoddy security practices. Short of cash. Lack of personnel to deal with threats. Outdated equipment connected to the Internet. Weak passwords. CISA and the FBI say these are just some of the issues that critical infrastructure operators are facing. Anti U.S. (pro-Russian) hackers are intensifying attacks on critical infrastructure such as water, wastewater, dams, energy […]
Continue reading → [DISPLAY_ACURAX_ICONS]At least 68 cyberattacks last year caused physical consequences to operational technology (OT) networks at more than 500 locations worldwide. Damage from these attacks ranged up to $100 millon. OT attacks are attacks on the systems that run businesses like manufacturing, transportation and the cities themselves. If you think about all of the computers that […]
Continue reading → [DISPLAY_ACURAX_ICONS]If that headline doesn’t keep you up at night, I don’t know what will. The Government Accountability Office (GAO) says they have have found inefficiencies in CISA’s information sharing practices, in particular with critical infrastructure stakeholders. They also say that CISA is understaffed for handling OT incidents. Just to make sure everyone is on the […]
Continue reading → [DISPLAY_ACURAX_ICONS]