Cybersecurity has, since its inception, been a corporate-based problem. Whether it is a public, or private corporation, these entities were the primary targets of most cybercrime. In recent years, the industrial sector has increasingly become the target of attack for malicious actors. The reasons include newly internet-connected devices that were once...

The lack of healthcare cybersecurity is one of the most significant threats to the sanctity of the global healthcare industry. This is made evident by the fact that in 2020 more than 18 million patient records were affected by successful cyber-attacks on the U.S. healthcare system. Health professionals should not take this issue lightly, as financial...

Agencies of the US Government have issued a joint warning that hackers have revealed their capability to gain full system access to industrial control systems that might help enemy states sabotage critical infrastructure. In a joint cybersecurity advisory issued by the Department of Energy, the Cybersecurity and Infrastructure Security Agency (CISA),...

In recent years, cyber espionage has been growing in magnitude and complexity. One of the most common targets is Industrial Control Systems (ICS) within critical infrastructure sectors. With many organizations relying more heavily on ICS networks, there has been an increase in threats and cyberattacks aimed at these systems. Not only do these attacks...

Cloud adoption has come a long way from its early days where corporate executives questioned the stewardship of their data. The initial suspicions of “where’s my data” have been laid to rest, as administrative tools and contractual obligations have emerged to give better visibility to, and accountability of, data custodianship. Even the capabilities of...

Industrial control systems (ICS) are specific kinds of assets and associated instrumentation that help to oversee industrial processes. According to the National Institute of Standards and Technology, there are three common types of ICS. These are supervisory control and data acquisition (SCADA) systems, which help organizations to control dispersed...

Which Flavor of the Purdue Model Should You Follow? If you enter the term "Purdue Model" into your favorite search engine, the resulting images will vary considerably. There's almost no better way to stir up an Operational Technology (OT) security conversation than to begin debating what belongs on Level 1 or Level 3 of the model. You might even find...

It seems that the most popular topics in cybersecurity for the last year have been zero trust as well as the convergence of Information Technology (IT) and Operational Technology (OT). These developments are good, as they signal some positive motion towards better overall security. Some of the current risks are worth noting, with a forward glance to...

Web browsers and email clients are used to interact with external and internal assets. Both applications can be used as a point of entry within an organization. Users of these applications can be manipulated using social engineering attacks. A successful social engineering attack needs to convince users to interact with malicious content. A successful...

In this episode, Patrick Miller, Founder of Ampere Industrial Security, discusses what utilities and other industrial companies need to consider when it comes to the goldmines of data they're collecting from their machines and customers. He also explains why security and privacy needs to be incorporated in these operations by design. https://open...

Throughout this blog series, I have examined real-world ICS cyber-related incidents as a way of looking back to predict what the next attack may look like. The three categories of attacker that I have considered so far are disgruntled insiders, ransomware groups, and APT. Knowing about past events, their impact, and how they unfolded can be critical for...

No discussion on ICS attacks could be complete without talking about what some would call, ‘the elephant in the room.’ Critical infrastructure has always been a target for warfare, and modern ICS are no exception. Several high-profile ICS disruptions have in fact been attributed to malicious hackers working at the behest of a military or intelligence...