Control Loop: The OT Cybersecurity Podcast N2K Networks

GRU's Sandworm implicated in campaign against Danish electrical power providers. Paris wastewater agency hit by cyberattack. LockBit hits Boeing. Bletchley Declaration represents a consensus starting point for AI governance. The US Executive Order on artificial intelligence is out. Guest Austin Reid of ABS Group discusses Ship and Shore challenges for security and the current and emerging regulatory landscape. On the Learning Lab, Dragos Mark Urban part 1 of 3 discussing building automation systems with Dragos' Daniel Gaeta and Zach Spencer.

Control Loop News Brief.
GRU's Sandworm implicated in campaign against Danish electrical power providers.
The attack against Danish critical infrastructure (SektorCERT)
Exclusive: This pizza box-sized equipment could be key to Ukraine keeping the lights on this winter (CNN)
Paris wastewater agency hit by cyberattack.
Greater Paris wastewater agency dealing with cyberattack (The Record)
Cyberattaque D'Ampleur Au SIAAP (SIAAP)
Iranian hacktivists claim an attack on a Pennsylvania water utility.
Iranian-Linked Cyber Army Had Partial Control Of Aliquippa Water System (BeaverCountian.com)
Municipal Water Authority of Aliquippa hacked by Iranian-backed cyber group (CBS News) 
LockBit hits Boeing.
Ransomware groups rack up victims among corporate America (CyberScoop)
#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability (CISA)
Bletchley Declaration represents a consensus starting point for AI governance.
Can Rishi Sunak’s big summit save us from AI nightmare? (BBC)
The Bletchley Declaration by Countries Attending the AI Safety Summit, 1-2 November 2023 (Gov.uk)
The US Executive Order on artificial intelligence is out.
Administration Actions on AI (AI.gov)

Control Loop Interview.
Guest is Austin Reid of ABS Group discussing ship and shore challenges for security and the current and emerging regulatory landscape.

Control Loop Learning Lab.
On the Learning, Mark Urban discusses building automation systems in part 1 of 3 with Dragos' Daniel Gaeta, ICS/OT Cybersecurity Senior Solutions Architect, and Zach Spencer. Senior Enterprise Account Executive.

Control Loop OT Cybersecurity Briefing.
A companion monthly newsletter is available through free subscription and on the CyberWire's website.

A cyber incident disrupts Australian ports. Sandworm and Ukraine's power grid: 2022 attacks. Department of Energy hosts simulated cyberattack competition. CISA, FEMA, and Shields Ready. Cyber and electronic threats to space systems. Four cyber phases of a hybrid war. Guest Austin Reid of ABS Group discusses cyber risk and threats to Maritime Transportation Systems (MTS). On the Learning Lab, catch an encore of Dragos CEO Robert M. Lee and Mark Urban about the five critical controls for ICS.

Control Loop News Brief.
Australian ports disrupted in a “cyber incident.”
Major Australian port operator shuts down amid cyber security incident, impacting goods in and out of the country (ABC News)
Sandworm and Ukraine's power grid: 2022 attacks.
Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology (Mandiant)
CaddyWiper: New wiper malware discovered in Ukraine (ESET)
Four cyber phases of a hybrid war..
Cyber Escalation in Modern Conflict: Exploring Four Possible Phases of the Digital Battlefield (Flashpoint)
The Evolution of Cyber Attacks on Electric Operations (Dragos)
CISA, FEMA, and Shields Ready.
Shields Ready (CISA)
DHS Unveils New Shields Ready Campaign to Promote Critical Infrastructure Security and Resilience (FEMA)
Department of Energy hosts simulated cyberattack competition.
DOE hosting simulated cyberattack for students (CyberScoop)
Cyber and electronic threats to space systems.
Space Operators Should Harden Cryptography Defenses, NSA Cyber Official Says (Via Satellite)
Cyber Security of Space Systems ‘Crucial,’ As US Space Force Official Notes Recent Attacks (Via Satellite)

Control Loop Interview.
Guest is Austin Reid of ABS Group discussing cyber risk and threats to Maritime Transportation Systems (MTS).

Control Loop Learning Lab.
On the Learning Lab, we share an encore of Dragos CEO Robert M. Lee and Mark Urban explaining the five critical controls for ICS.

Control Loop OT Cybersecurity Briefing.
A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Rockwell Stratix routers vulnerable to Cisco zero-day. SecurityWeek’s ICS Cyber Security Conference. Malware attacks against IoT devices increase by 400%. Nuclear power plant operator cited over cybersecurity plan. CISA’s ICS advisories. Guest Garrett Bladow, Distinguished Engineer at Dragos, joins us from the CyberCon 2023 event in Bismarck, North Dakota. Garrett discusses active visibility into OT systems. On the Learning Lab, Mark Urban shares the second part of his conversation about cyber threat intelligence with Paul Lukoskie, who is Dragos’ Director of Intelligence Services.

Control Loop News Brief.
Rockwell Stratix routers vulnerable to Cisco zero-day.
PN1653 | Stratix® 5800 & 5200 vulnerable to Cisco IOS XE Web UI Privilege Escalation (Active Exploit) (Rockwell Automation)
SecurityWeek’s ICS Cyber Security Conference.
2023 ICS Cybersecurity Conference (SecurityWeek)
Malware attacks against IoT devices increase by 400%.
Zscaler ThreatLabz 2023 Enterprise IoT and OT Threat Report (Zscaler)
Nuclear power plant operator cited over cybersecurity plan.
UK Cites Nuclear Plant Operator Over Cybersecurity Strategy (Silicon UK)
Rockwell and Dragos announce partnership.
Dragos and Rockwell Automation Strengthen Industrial Control System Cybersecurity for Manufacturers with Expanded Capabilities (Business Wire)
CISA’s ICS advisories.
CISA Releases Two Industrial Control Systems Advisories (CISA)
Hitachi Energy’s RTU500 Series Product (Update B) (CISA)
CISA Releases Nine Industrial Control Systems Advisories (CISA)

Control Loop Interview.
Guest is Garrett Bladow, Distinguished Engineer at Dragos, discussing active visibility into OT systems. 

Control Loop Learning Lab.
On the Learning Lab, Mark Urban is joined by Dragos’ Director of Intelligence Services, Paul Lukoskie, for part two of their discussion on cyber threat intelligence.

Control Loop OT Cybersecurity Briefing.
A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Microsoft on the state of OT security. Israeli and Palestinian hacktivists target ICS. Coinmining as an (alleged, potential) front for espionage or stage for sabotage. EPA withdraws water system cybersecurity memorandum. Colonial Pipeline says new ransomware claims are due to unrelated third-party breach. Most organizations are struggling with IoT security. CISA views China as the top threat to US critical infrastructure. Improving security for open-source ICS software. CISA ICS advisories. Guest Kuldip Mohanty, CIO of North Dakota, joins us from the CyberCon 2023 event in Bismarck, North Dakota. Kuldip shares how critical infrastructure is treated within the "Whole-of-State” cybersecurity strategy his team implements in North Dakota. On the Learning Lab, Mark Urban shares the first part of his conversation about cyber threat intelligence with Paul Lukoskie, who is Dragos’ Director of Intelligence Services.

Control Loop News Brief.
Microsoft on the state of OT security.
Microsoft Digital Defense Report 2023 (Microsoft)
Microsoft Digital Defense Report: Behind the Scenes Creating OT Vulnerabilities (aDolus)
Zero-days affect industrial routers.
10 zero-day vulnerabilities in industrial cell router could lead to code execution, buffer overflows (Cisco Talos)
Israeli and Palestinian hacktivists target ICS.
Hacktivists in Palestine and Israel after SCADA and other industrial control systems (Cybernews)
Coinmining as an (alleged, potential) front for espionage or stage for sabotage.
Across U.S., Chinese Bitcoin Mines Draw National Security Scrutiny (The New York Times)
EPA withdraws water system cybersecurity memorandum.
EPA withdraws cyber audit requirement for water systems (Nextgov)
Colonial Pipeline says new ransomware claims are due to unrelated third-party breach.
Reports of second cyberattack on Colonial Pipeline false, company says (Fox 5 Atlanta)
Colonial Pipeline attributes ransomware claims to ‘unrelated’ third-party data breach (The Record)
Most organizations are struggling with IoT security.
New Global Survey Reveals 97% of Organizations Face Challenges Securing IoT and Connected Devices (Keyfactor)
Ransomware attack on Clorox.
Clorox Security Breach Linked to Group Behind Casino Hacks (Bloomberg)
Clorox Warns of a Sales Mess After Cyberattack (The Wall Street Journal)
CISA views China as the top threat to US critical infrastructure.
China is top cyber threat to US utilities, other critical infrastructure: CISA (Utility Dive)
Improving security for open-source ICS software.
Improving Security of Open Source Software in Operational Technology and Industrial Control Systems (CISA)
CISA’s ICS advisories.
Mitsubishi Electric MELSEC-Q Series PLCs (Update A) (CISA)
CISA Releases Nineteen Industrial Control Systems Advisories (CISA)

Control Loop Interview.
Guest is Kuldip Mohanty, CIO of North Dakota, discussing how critical infrastructure is treated within the “whole of state” security strategy used in North Dakota.

Control Loop Learning Lab.
On the Learning Lab, Mark Urban is joined by Dragos’ Director of Intelligence Services, Paul Lukoskie, to examine cyber threat intelligence. 

Control Loop OT Cybersecurity Briefing.
A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Johnson Controls sustains cyberattack. Nearly 100,000 ICS services exposed to the Internet. FBI anticipates an increase in Chinese and Russian targeting of the energy sector. Joint advisory warns of Beijing’s “BlackTech” threat activity. CISA's push for hardware bills of materials. Cybersecurity in the US industrial base. Guest Michael Toecker, Cyber Security Advisor at the United States Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response, continues his discussion of community defense and Neighborhood Keeper. On the Learning Lab, Mark Urban is joined by Alex Baretta, a senior solution architect at Dragos, for part two of their discussion about secure remote access.

Control Loop News Brief.
Homeland Security IG finds flaws in TSA pipeline security regulations.
https://www.oig.dhs.gov/sites/default/files/assets/2023-09/OIG-23-57-Sep23-Redacted.pdf 
https://www.cisa.gov/news-events/news/attack-colonial-pipeline-what-weve-learned-what-weve-done-over-past-two-years 
Johnson Controls sustains cyberattack.
Building automation giant Johnson Controls hit by ransomware attack (BleepingComputer)
Nearly 100,000 ICS services exposed to the Internet.
Bitsight identifies nearly 100,000 exposed industrial control systems (BitSight)
FBI anticipates an increase in Chinese and Russian targeting of the energy sector.
FBI warns energy sector of likely increase in targeting by Chinese, Russian hackers (The Record)
Joint advisory warns of Beijing’s “BlackTech” threat activity.
CISA, NSA, FBI and Japan Release Advisory Warning of BlackTech, PRC-Linked Cyber Activity (CISA)
CISA's push for hardware bills of materials. 
Hardware Bill of Materials (HBOM) Framework for Supply Chain Risk Management (CISA)
CISA task force aims to improve supply chain security with new hardware standards (Nextgov)
Cybersecurity in the US industrial base.
Aprio Releases U.S. National Manufacturing Survey, Highlighting the Need for Improved Operational Excellence, Digitization and Cybersecurity Practices (Aprio)

Control Loop Interview.
Guest is Michael Toecker, Cyber Security Advisor at the United States Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response, continues his discussion of community defense and Neighborhood Keeper.

Control Loop Learning Lab.
On the Learning Lab, Mark Urban concludes his conversation about secure remote access with Alex Baretta, senior solution architect at Dragos. 

Control Loop OT Cybersecurity Briefing.
A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Redfly cyberespionage targets a national grid. DHS Threat Assessment looks at critical infrastructure threats. A look at the ICS threat landscape. DoE grants for research into distributed energy cybersecurity. CISA offers free vulnerability scanning for water infrastructure. CISA issues ICS advisories. Guest Michael Toecker, Cyber Security Advisor at the United States Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response, discusses community defense. On the Learning Lab, Mark Urban is joined by Alex Baretta, a senior solution architect at Dragos, for part one of their discussion about secure remote access.

Control Loop News Brief.
Redfly cyberespionage targets a national grid.
Redfly: Espionage Actors Continue to Target Critical Infrastructure (Symantec)
China caught – again – with its malware in another nation's power grid (The Register)
China-Linked Hackers Breached a Power Grid—Again (WIRED)
DHS Threat Assessment looks at critical infrastructure threats.
DHS warns of malicious AI use against critical infrastructure (CyberScoop)
A look at the ICS threat landscape.
Threat landscape for industrial automation systems. Statistics for H1 2023 (Kaspersky)
DoE grants for research into distributed energy cybersecurity.
Distributed Energy Resources Get Cybersecurity Boost With $39M DOE Funding (SecurityWeek)
DOE Announces $39 Million in Research Funding to Enhance Cybersecurity of Clean Distributed Energy Resources (Department of Energy)
Ransomware remains a threat to industrial operations.
Massive MGM and Caesars Hacks Epitomize a Vicious Ransomware Cycle (WIRED)
US-Canada water org confirms 'cybersecurity incident' after ransomware crew threatens leak (Register)
CISA offers free vulnerability scanning for water infrastructure.
Free Cyber Vulnerability Scanning for Water Utilities (CISA)

Control Loop Interview.
Guest is Michael Toecker, Cyber Security Advisor at the United States Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response, discussing community defense.

Control Loop Learning Lab.
On the Learning Lab, Mark Urban discusses secure remote access with Alex Baretta, senior solution architect at Dragos. 

Control Loop OT Cybersecurity Briefing.
A companion monthly newsletter is available through free subscription and on the CyberWire's website.