logo
episode-header-image
Jul 2022
46m 3s

Demystifying the alphabet soup of OT, IT...

N2K Networks
About this episode

More deniable DDoS attacks strike countries friendly to Ukraine. Russian intentions and capabilities in its hybrid war. Log4j is now “endemic.” CISA’s ICS security advisories. Operational technology and the C2C market. TSA issues revised pipeline cybersecurity guidelines. Zero-trust comes to OT.

Our guest is Puesh Kumar from the Department of Energy, discussing the DOE’s efforts to secure critical infrastructure, and to secure clean energy infrastructure.

In the Learning Lab, Kimberly Graham, senior director of product management at Dragos, talks with Mark Urban about the alphabet soup of OT. 


Control Loop News Brief.

Threats to infrastructure in a hybrid war.

Ignitis Group hit by DDoS attack as Killnet continues Lithuania campaign (Tech Monitor) Ignitis services were knocked offline this weekend in a DDoS attack as Russian hackers Killnet target Ukraine's allies.

US seeking to understand Russia’s failure to project cyber power in Ukraine (Defense News) “With regard to the Russian use of cyber and our takeaways,” Anne Neuberger said, “there are any number of theories for what we saw and what, frankly, we didn’t see.”

Battling Moscow's hackers prior to invasion gave Kyiv 'full dress rehearsal' for today's cyber warfare (CyberScoop) Years of cyberattacks have helped prepare Ukraine to fight back against Russia's arsenal of digital weapons.

Log4j is now “endemic.”

DHS Review Board Deems Log4j an 'Endemic' Cyber Threat (Dark Reading) Vulnerability will remain a "significant" threat for years to come and highlighted the need for more public and private sector support for open source software ecosystem, Cyber Safety Review Board says.

DHS board: No one used software inventories to find vulnerable Log4j deployment (FedScoop) Many in government and industry want SBOMs to be the secure software development compliance standard, but the technology remains limited.

Review of the December 2021 Log4j Event (Cyber Safety Review Board) We write this report at a transformational moment for the digital ecosystem. The infrastructure on which we rely daily has become deeply interconnected through the use of shared communications, software, and hardware, making it susceptible to vulnerabilities on a global scale.

Dragos and Emerson Expand Global Agreement to Secure Industrial Infrastructure for Process Industries (Dragos) Dragos Extends ICS/OT Cybersecurity to Emerson’s DeltaV Distributed Control System to Protect Process Industries.

CISA’s ICS security advisories.

Hundreds of ICS Vulnerabilities Disclosed in First Half of 2022 (Security Week) More than 600 industrial control system (ICS) product vulnerabilities were disclosed in the first half of 2022 by the US Cybersecurity and Infrastructure Security Agency (CISA), according to an analysis conducted by industrial asset and network monitoring company SynSaber.

Operational technology and the criminal-to-criminal market. 

Hackers are targeting industrial systems with malware (Ars Technica) An entire ecosystem of sketchy software is targeting potentially critical infrastructure.

Hackers Distributing Password Cracking Tool for PLCs and HMIs to Target Industrial Systems (The Hacker News) Hackers Distributing Password Cracking Tool for PLCs and HMIs to Infect Industrial Systems with Sality Malware

The Trojan Horse Malware & Password “Cracking” Ecosystem Targeting Industrial Operators (Dragos) Learn more about Dragos's discovery of an exploit introduced through password "cracking" software that targets industrial engineers and operators.

TSA issues revised pipeline cybersecurity guidelines. 

TSA revises and reissues cybersecurity requirements for pipeline owners and operators (Transportation Security Administration) The Transportation Security Administration (TSA) announced the revision and reissuance of its Security Directive regarding oil and natural gas pipeline cybersecurity. This revised directive will continue the effort to build cybersecurity resiliency for the nation’s critical pipelines.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Up next
Jun 2024
Digging into regulatory compliance issues.
UK will propose law to ban ransom payments for critical infrastructure entities. EPA outlines enforcement measures to protect water utilities against cyberattacks. Rockwell advises customers to disconnect ICS devices from the internet. Senator Vance asks CISA for information on V ... Show More
18m 23s
May 2024
Hacktivism targeting OT devices.
US Defense Department warns of Russian hacktivists targeting OT devices. The US government establishes safety and security board to advise the deployment of AI in critical infrastructure sectors. Vulnerabilities affect CyberPower UPS management software. US congressmen put forwar ... Show More
24m 36s
May 2024
Critical infrastructure: Pending legislation and risks and rewards from AI.
Mandiant ties OT attacks to Sandworm. Russia-linked hackers target Texas water utilities. Belarusian hacktivists hit fertilizer company. CISA issues eight ICS advisories. Dave Bittner's Caveat podcast co host Ben Yelin joins him to discuss pending legislation with potential to af ... Show More
24m 20s
Recommended Episodes
Sep 2024
UK’s newest cybersecurity MVPs.
The UK designates data centers as Critical National Infrastructure. Cisco releases patches for multiple vulnerabilities in its IOS XR network operating system. BYOD is a growing security risk. A Pennsylvania healthcare network has agreed to a $65 million settlement stemming from ... Show More
34m 29s
Jul 2023
Taking steps to stop a Chinese APT. Implementing the US National Cybersecurity Strategy. LokiBot is back. Malware masquerading as a proof-of-concept. Swapping cyber ops in a hybrid war.
CISA and the FBI issue a joint Cybersecurity Advisory on exploitation of Microsoft Exchange Online. Implementing the US National Cybersecurity Strategy. FortiGuard discovers a new LokiBot campaign. Training code turns out to be malicious in a new proof-of-concept attack discovere ... Show More
32m 18s
May 30
All systems not go.
SentinelOne suffers a global service outage. A major DDoS attack hits a Russian internet provider. U.S. banking groups urge the SEC to scrap cybersecurity disclosure rules. Australia mandates reporting of ransomware payments. Researchers uncover a new Browser-in-the-Middle (BitM) ... Show More
37m 5s
Dec 2024
Cyber Security Today: Year End Panel Discussion. Saturday, December 21, 2024
Cybersecurity Year in Review: Future Challenges and Industry Insights Join host Jim Love and a panel of cybersecurity experts—Terry Cutler from Cyology Labs, David Shipley from Beauceron Security, and Laura Payne of White Tuque—as they review the key cybersecurity events of the p ... Show More
52m 28s
Jan 2025
DeepSeek Security Failure: Cyber Security Today, Friday, January 31, 2025
Cybersecurity Today: DeepSeek AI's Data Breach, New API Threats, & Operation Talent In this episode of 'Cybersecurity Today,' host Jim Love delves into the recent security lapse by DeepSeek AI, highlighting the exposure of sensitive data through an open ClickHouse database. Learn ... Show More
9m 20s
Jan 2025
DeepSeek - New AI Disruptor Gets Hit With Cyber Attack: Cyber Security Today for Wednesday, January 29, 2025
Navigating AI Cyber Threats and Critical Infrastructure Vulnerabilities In this episode of Cybersecurity Today, host Jim Love discusses the recent cyber attack on AI platform DeepSeek that exploited open source vulnerabilities. He highlights significant challenges in U.S. cyberse ... Show More
5m 17s
May 5
Hardcoded credentials and hard lessons.
Researchers uncover serious vulnerabilities in the Signal fork reportedly used by top government officials. CISA adds a second Commvault flaw to its Known Exploited Vulnerabilities catalog. xAI exposed a private API key on GitHub for nearly two months. FortiGuard uncovers a cyber ... Show More
29m 46s