Control Loop: The OT Cybersecurity Podcast

Today's guest, Lesley Carhart, shares real-world incident response and threat intelligence stories. Topics discussed include manipulated radiation sensor reports, malware attack on a power generator, APT-31 attacks on industrial systems, maritime cyber risk regulations, CODESYS vulnerabilities, and the role of firewalls in OT and IT environments.

The Five Eyes outline the top exploited vulnerabilities. The Brunswick Corporation loses millions to cyberattack. Ransomware in the industrial space. The US Transportation Security Administration (TSA) updates security rules for oil and natural gas pipeline operators.Our guest is Mea Clift of Woodard & Curran sharing her perspective on mentorship, internships, and apprenticeships with an eye on OT security.The Learning Lab has the first part of a discussion about the convergence of OT and IT with Dragos’ Mark Urban and Kimberly Graham, Dragos’ VP of Product Management. Control Loop News Brief.Five Eyes outlines top exploited vulnerabilities.2022 Top Routinely Exploited Vulnerabilities (CISA)Brunswick Corporation loses millions to cyberattack.Marine industry giant Brunswick Corporation lost $85 million in cyberattack, CEO confirms (The Record by Recorded Future)Brunswick Corporation (NYSE:BC) Q2 2023 Earnings Call Transcript (Insider Monkey)Ransomware in the industrial space.Dragos Industrial Ransomware Attack Analysis: Q2 2023 (Dragos)TSA updates security rules for oil and natural gas pipeline operators.TSA updates, renews cybersecurity requirements for pipeline owners, operators (TSA)Control Loop Interview.The interview is with Mea Clift of Woodard & Curran sharing her perspective and efforts around mentorship and internship/apprenticeship with an eye on OT security and her experience in securing the water/utilities space.Control Loop Learning Lab.On the Learning Lab, Mark Urban is joined by Dragos Vice President of Product Management Kimberly Graham in part one of their discussion on the convergence of OT and IT. Control Loop OT Cybersecurity Briefing.A companion monthly newsletter is available through free subscription and on the CyberWire's website. Learn more about your ad choices. Visit megaphone.fm/adchoices

An unnamed APT has a remote code execution exploit for Rockwell Automation ControlLogix communications modules. Court temporarily blocks water system cybersecurity mandate. Industrial controller vulnerabilities pose a risk to critical infrastructure. US Federal government issues voluntary IoT security guidelines.Our guest is Mea Clift of Woodard & Curran discussing how compliance should not be a checkbox activity with an eye on OT security and shares her experience in securing the water/utilities space.On the Learning Lab, Mark Urban is joined by Dragos Vulnerability Analyst Logan Carpenter in final part of three segments focused on vulnerabilities in the OT world.Webinars.Webinar: Operationalizing OT Threat Intelligence – a Rockwell Automation ControlLogix Case StudyJoin us for this exclusive behind-the-scenes look at how Dragos approaches this on a regular basis, using the recently disclosed Rockwell Automation ControlLogix EtherNet/IP (ENIP) communication module vulnerabilities (CVE-2023-3595 and CVE-2023-3596).Webinar: Securing Digital Transformation: OT Cybersecurity Innovation and ResilienceAs business and innovation come together, digital transformation isn’t a future concept - it’s happening right now. Join Dave Bittner and our friends from AWS, Splunk and Dragos on August 3rd @ 2pm EST for a live panel on “Securing Digital Transformation: OT Cybersecurity Innovation and Resilience” where we’ll dive into secure digital transformation, managing OT/IT cyber risk and the value and vision of Cloud resources.Control Loop News Brief.ControlLogix RCE exploit.Rockwell warns of new APT RCE exploit targeting critical infrastructure (BleepingComputer)Dragos Enabled Defense Against APT Exploits for Rockwell Automation ControlLogix (Dragos)Court temporarily blocks water system cybersecurity mandate.EPA ’disappointed’ by hold on agency efforts to spur water systems cybersecurity (The Washington Post)Industrial controller vulnerabilities pose a risk to critical infrastructure.Security flaws in Honeywell devices could be used to disrupt critical industries (TechCrunch)Implementing the US National Cybersecurity Strategy.National Cybersecurity Strategy Implementation Plan (The White House)US Federal government issues voluntary IoT security guidelines.Biden-⁠Harris Administration Announces Cybersecurity Labeling Program for Smart Devices to Protect American Consumers (The White House)White House, FCC advance efforts to add security labels to connected devices (CyberScoop)Control Loop Interview.The interview is with Mea Clift of Woodard & Curran discussing how compliance should not be a checkbox activity with an eye on OT security and her experience in securing the water/utilities space.Control Loop Learning Lab.On the Learning Lab, Mark Urban is joined by Dragos Vulnerability Analyst Logan Carpenter in final part of three segments focused on vulnerabilities in the OT world.Control Loop OT Cybersecurity Briefing.A companion monthly newsletter is available through free subscription and on the CyberWire's website. Learn more about your ad choices. Visit megaphone.fm/adchoices

Japan’s largest port disrupted by ransomware. Cl0p breaches Schneider Electric and Siemens Energy. Solar panel vulnerabilities. Threats and risks to electric vehicle charging stations. RedEnergy ransomware and information stealer targets industrial sectors. CISA advisories.Our guest is Christopher Ebley from Blackwood returns to discuss the IT/OT cultural divide in the federal space and IT threats that are impacting OT systems.The Learning Lab continues with part 2 of the 3-part discussion between Dragos’ Mark Urban and Vulnerability Analyst Logan Carpenter talking about vulnerabilities in the OT world.Control Loop News Brief.Japan’s largest port disrupted by ransomware.Japan’s largest port stops operations after ransomware attack (BleepingComputer)Japan's biggest port, Nagoya, hit by suspected cyberattack (Nikkei Asia)Pro-Russian hackers target Port of Nagoya, disrupting loading of Toyota parts (The Japan Times)Nagoya Port Resumes Some Operations After Ransomware Attack (Bloomberg)Cl0p breaches Schneider Electric and Siemens Energy.Schneider Electric and Siemens Energy are two more victims of a MOVEit attack (SecurityAffairs)Siemens Energy confirms data breach after MOVEit data-theft attack (BleepingComputer)Solar panel vulnerabilities.Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks (SecurityWeek)IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits (Unit 42)Actively Exploited Industrial Control Systems Hardware - SolarView Series (VulnCheck)Threats and risks to electric vehicle charging stations.EV Charger Hacking Poses a ‘Catastrophic’ Risk (WIRED)RedEnergy ransomware and information stealer targets industrial sectors.Ransomware Redefined: RedEnergy Stealer-as-a-Ransomware attacks (Zscaler)CISA advisories.CISA Releases Three Industrial Control Systems Advisories (CISA)Control Loop Interview.The interview is with Christopher Ebley of Blackwood talking about the IT/OT cultural divide in the federal space and IT threats impacting OT systems.Control Loop Learning Lab.On the Learning Lab, Mark Urban is joined by Dragos Vulnerability Analyst Logan Carpenter in part two of three segments on vulnerabilities in the OT world.Control Loop OT Cybersecurity Briefing.A companion monthly newsletter is available through free subscription and on the CyberWire's website. Learn more about your ad choices. Visit megaphone.fm/adchoices

The US Department of Energy was affected by Cl0p exploitation of MOVEit Transfer. Canada’s oil-and-gas sector is a likely target for Russian cyberattacks. Nuclear weapons cybersecurity is lacking. Access to a US satellite is being hawked in a Russophone cybercrime forum. ICS patches.Today’s guest is Christopher Ebley from Blackwood talking with us about OT cybersecurity concerns for Federal IT leaders.The Learning Lab has part one of a 3-part discussion between Dragos’ Mark Urban and Vulnerability Analyst Logan Carpenter talking about vulnerabilities in the OT world.Control Loop News Brief.US Department of Energy affected by Cl0p exploitation of MOVEit Transfer.US government hit by Russia's Clop in MOVEit mass attack (The Register)Energy Department among ‘several’ federal agencies hit by MOVEit breach (Federal News Network)Canada’s oil-and-gas sector a likely target for Russian cyberattacks.The cyber threat to Canada’s oil and gas sector (Canadian Centre for Cyber Security)Nuclear weapons cybersecurity is lacking.Nuclear Weapons Cybersecurity: Status of NNSA's Inventory and Risk Assessment Efforts for Certain Systems (GAO)Access to a US satellite is being hawked in a Russophone cybercrime forum.Military Satellite Access Sold on Russian Hacker Forum for $15,000 (HackRead)ICS patches.ICS Patch Tuesday: Siemens Addresses Over 180 Third-Party Component Vulnerabilities (SecurityWeek)CISA Releases Four Industrial Control Systems Advisories (CISA)Lessons learned from the electrical power sector.Electric Industry Cybersecurity: Lessons Learned from the Frontlines (Dragos)Control Loop Interview.The interview is with Christopher Ebley of Blackwood talking about OT cybersecurity concerns for Federal IT leaders.Control Loop Learning Lab.On the Learning Lab, Mark Urban is joined by Dragos Vulnerability Analyst Logan Carpenter in the first of three segments to discuss vulnerabilities in the OT world.Control Loop OT Cybersecurity Briefing.A companion monthly newsletter is available through free subscription and on the CyberWire's website. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Cyberspace Solarium Commission looks at obstacles to public-private collaboration in the industrial sector. Malware in the industrial sector increases. Organizations plan to increase their OT cybersecurity budgets. CISA and its partners have released a Joint Guide to Securing Remote Access Software. And the US DoD holds its Cyber Yankee exercise.Today’s guest is Will Edwards of Schweitzer Engineering Labs discussing cyber awareness syndrome.The Learning Lab has the conclusion off the discussion between Dragos’ Mark Urban, Principal Adversary Hunter Kyle O’Meara, and Principal Intelligence Technical Account Manager Michael Gardner on threat hunting. Control Loop News Brief.Obstacles to public-private collaboration in the industrial sector.Revising Public-Private Collaboration to Protect U.S. Critical Infrastructure (CSC 2.0)NERC’s role in public-private security collaboration can deter utilities from sharing information: report (Utility Dive)Malware in the industrial sector increases.2023 Unit 42 Network Threat Trends Research Report (Unit 42)CISA and partners release Joint Guide to Securing Remote Access Software.Guide to Securing Remote Access Software (CISA)US DoD holds Cyber Yankee exercise.Cyber Yankee Prepares Military, Business for Cyber Threats (Air National Guard)Control Loop Interview.The interview is with Will Edwards of Schweitzer Engineering Labs discussing cyber awareness syndrome.Control Loop Learning Lab.On the Learning Lab, Mark Urban is joined by Dragos Principal Adversary Hunter Kyle O’Meara and Dragos Principal Intelligence Technical Account Manager Michael Gardener to conclude their discussion on threat hunting. Control Loop OT Cybersecurity Briefing.A companion monthly newsletter is available through free subscription and on the CyberWire's website. Learn more about your ad choices. Visit megaphone.fm/adchoices

China's Volt Typhoon snoops into US infrastructure, with special attention to Guam. Is CosmicEnergy just red-teaming, or is it a threat straight out of Red Square? Siemens patches a vulnerability endemic to the energy sector. An update on the Vulkan Papers. A cyberattack leads Suzuki to shut down its Indian production line. BlackBasta conducts ransomware attack against Swiss technology company ABB, and claims responsibility for Rheinmetall attack. Food and Agriculture Information Sharing and Analysis Center stands up.Control Loop News Brief.China's Volt Typhoon snoops into US infrastructure, with special attention to Guam.People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection (Joint Cybersecurity Advisory)Volt Typhoon targets US critical infrastructure with living-off-the-land techniques (Microsoft)Chinese hackers spying on US critical infrastructure, Western intelligence says (Reuters)CosmicEnergy, from Russia.COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises (Mandiant)This newly-discovered malware could disrupt power generation — and do physical damage (Washington Post)Siemens patches a vulnerability endemic to the energy sector.Command Injection Vulnerability in CPCI85 Firmware of SICAM A8000 Devices (Siemens)An update on Russia’s NTC Vulkan: SIGINT, EW, and cyber ops.7 takeaways from the Vulkan Files investigation (Washington Post)Russian Software Programs Threatening Critical Civilian Infrastructure (Dragos)A cyberattack leads Suzuki to shut down its Indian production line.Suzuki Motorcycle India plant shut down after cyber attack, production affected (Hindustan Times)Suzuki motorcycle plant shut down by cyber attack (Bitdefender)BlackBasta conducts ransomware attack against Swiss technology company ABB.Multinational tech firm ABB hit by Black Basta ransomware attack (BleepingComputer)BlackBasta claims responsibility for Rheinmetall attack.Arms maker Rheinmetall confirms BlackBasta ransomware attack (BleepingComputer)Food and Agriculture Information Sharing and Analysis Center stands up.The food and agriculture industry gets a new center to share cybersecurity information (Washington Post)Control Loop Interview.The interview is with Gerry Glombicki of Fitch Ratings talking about cyber insurance and his opinions on industrial space.Control Loop Learning Lab.On the Learning Lab, Mark Urban is joined by Dragos Principal Adversary Hunter Kyle O’Meara and Dragos Principal Intelligence Technical Account Manager Michael Gardner to continue their discussion on threat hunting. Control Loop OT Cybersecurity Briefing.A companion monthly newsletter is available through free subscription and on the CyberWire's website. Learn more about your ad choices. Visit megaphone.fm/adchoices

Ukraine argues that cyberattacks against civilian infrastructure should be classified as war crimes. The Five Eyes take down Turla and its Snake malware. An Iranian threat actor turns its attention to infrastructure. The Bitter APT may be targeting Asia-Pacific energy companies. A Colonial Pipeline retrospective. ETHOS: a new private-sector OT risk information-sharing platform. CISA requests comment on software self-attestation form. Guest is Patrick Miller, CEO of Ampere Industrial Security, discussing INSM (Internal Network Security Monitoring) as a concept for the electric sector. In the Learning Lab, Dragos’ Mark Urban is joined by Dragos Principal Adversary Hunter Kyle O’Meara and Dragos Principal Intelligence Technical Account Manager Michael Gardner to discuss threat hunting. Control Loop News Brief.Ukraine argues that cyberattacks against civilian infrastructure should be classified as war crimes.Russia attacks civilian infrastructure in cyberspace just as it does on ground - watchdog (UKRINFORM)Russians launch mass cyber attack on online service for queueing to cross border by trucks (Ukrainska Pravda)Europe’s Air-Traffic Agency Under Attack From Pro-Russian Hackers (Wall Street Journal)#RSAC: Cyber-Attacks on Civilian Infrastructure Should Be War Crimes, says Ukraine Official (Infosecurity Magazine)Five Eyes take down Turla and its Snake malware.Hunting Russian Intelligence “Snake” Malware (Joint Cybersecurity Advisory)Iranian threat actor exploits N-day vulnerabilities, turns its attention to infrastructure.Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets (Microsoft)Bitter APT may be targeting Asia-Pacific energy companies.Phishing Campaign Targets Chinese Nuclear Energy Industry (Intezer)The Colonial Pipeline ransomware attack, two years later.The Attack on Colonial Pipeline: What We’ve Learned & What We’ve Done Over the Past Two Years (CISA)ETHOS: a new private-sector OT risk information-sharing platform.OT Cybersecurity Leaders to Deliver First Open-Source Information Sharing for Collective Early Warning in Critical Infrastructure (Globe Newswire)CISA requests comment on software self-attestation form.Request for Comment on Secure Software Self-Attestation Common Form (CISA)OMB, CISA set to release common form for software self-attestation (Infosecurity Magazine)Control Loop Interview.The interview is with Patrick Miller, CEO of Ampere Industrial Security, discussing INSM (Internal Network Security Monitoring) as a concept for the electric sector.Control Loop Learning Lab.On the Learning Lab, Mark Urban is joined by Dragos Principal Adversary Hunter Kyle O’Meara and Dragos Principal Intelligence Technical Account Manager Michael Gardner to discuss threat hunting. Control Loop OT Cybersecurity Briefing.A companion monthly newsletter is available through free subscription and on the CyberWire's website. Learn more about your ad choices. Visit megaphone.fm/adchoices

Hacktivists versus irrigation. Maritime cybersecurity. JCDC and pre-ransomware notification. Ransomware at Fincantieri Marinette Marine. NSA warns of Russian ransomware disrupting supply chains. Guest Mike Hoffman is Technical Leader Global Services at Dragos & a SANS instructor. Mike will be discussing IT/OT misalignment.. In the Learning Lab, Dragos’ Mark Urban is joined by Dragos’s Senior Product Manager Jordan Wilkerson to dig into ICS network visibility and monitoring, which is the third of the SANS Institute’s 5 ICS Cybersecurity Critical Controls. Control Loop News Brief.Hacktivists versus irrigation. Irrigation Systems in Israel Hit with Cyber Attack that Temporarily Disabled Farm Equipment (CPO Magazine)Maritime cybersecurity. Full Steam Ahead: Enhancing Maritime Cybersecurity (CSC 2.0)Cyber experts call for CISA to establish maritime equipment test bed (FedScoop)JCDC and pre-ransomware notification. JCDC Cultivates Pre-Ransomware Notification Capability. (CISA)Ransomware at Fincantieri Marinette Marine.Ransomware Attack Hits Marinette Marine Shipyard, Results in Short-Term Delay of Frigate, Freedom LCS Construction (USNI News)Russian ransomware operations aim at disrupting supply chains into Ukraine.NSA sees ‘significant’ Russian intel gathering on European, U.S. supply chain entities (CyberScoop)ETHOS: a new private-sector OT risk information-sharing platform.OT Cybersecurity Leaders to Deliver First Open-Source Information Sharing for Collective Early Warning in Critical Infrastructure (Globe Newswire)Control Loop Interview.The interview is with Mike Hoffman, Technical Leader Global Services at Dragos & SANS instructor, discussing the IT/OT misalignment that often occurs when IT counterparts take on the responsibility of carrying out vulnerability management in the OT space.Control Loop Learning Lab.On the Learning Lab, Mark Urban is joined by Dragos Senior Product Manager Jordan Wilkerson to discuss the third of the SANS Institute’s 5 ICS Cybersecurity Critical Controls: ICS network visibility and monitoring.Background link: The Five ICS Cybersecurity Critical ControlsControl Loop OT Cybersecurity Briefing.A companion monthly newsletter is available through free subscription and on the CyberWire's website. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyberattacks against Canada’s agriculture sector. Hitachi ransomware incident. Africa’s industrial sector under cyberattack. TSA issues new aviation cybersecurity requirements. Ransomware Vulnerability Warning Pilot supports critical infrastructure operators. Patch Tuesday and OT. Guest JD Christopher, Dragos’ Director of Cyber Risk, discusses ICS security standards and regulations and how efforts finalized in 2022 will shape the OT programs of the next decade. In the Learning Lab, Dragos’ Mark Urban is joined by their CEO Robert M. Lee to talk about the unique characteristics of OT and points of IT convergence.Control Loop News Brief.Cyberattacks against Canada’s agriculture sector.Safety Net: A flock of chickens, held for ransom — Growing cyberattacks on Canada's food system threaten disaster (Financial Post)Hitachi ransomware incident.Hitachi Energy confirms data breach after Clop GoAnywhere attacks (BleepingComputer)Africa’s industrial sector targeted with malware.Threat landscape for industrial automation systems. Statistics for H2 2022 (Kaspersky ICS CERT)A border-hopping PlugX USB worm takes its act on the road (Sophos)TSA issues new cybersecurity requirements for the aviation industry.TSA issues new cybersecurity requirements for airport and aircraft operators (PRNewswire)Ransomware Vulnerability Warning Pilot supports critical infrastructure operators.CISA Establishes Ransomware Vulnerability Warning Pilot Program (CISA)CISA now warns critical infrastructure of ransomware-vulnerable devices (BleepingComputer)Patch Tuesday and ICS.ICS Patch Tuesday: Siemens, Schneider Electric Address Dozens of Vulnerabilities (SecurityWeek)Control Loop Interview.The interview is with JD Christopher, Director of Cyber Risk at Dragos, sharing ICS security standards and regulations and how the efforts finalized in 2022 will shape OT programs of the next decade.Control Loop Learning Lab.On the Learning Lab, Mark Urban is joined by Dragos CEO Robert M. Lee to discuss unique OT characteristics and points of IT convergence.Control Loop OT Cybersecurity Briefing.A companion monthly newsletter is available through free subscription and on the CyberWire's website. Learn more about your ad choices. Visit megaphone.fm/adchoices