Control Loop: The OT Cybersecurity Podcast

The Vulkan Papers. The Cyberspace Solarium Commission recommends that CISA set up a test bed to improve maritime cybersecurity. Dragos CEO on critical infrastructure cybersecurity. The JCDC’s pre-ransomware notification efforts. Guest Mike Hoffman, Technical Leader Global Services at Dragos & a SANS instructor, discusses challenges carrying out vulnerability management. In the Learning Lab, Dragos’ VP Product & Industry Market Strategy Mark Urban concludes his two-part discussion about industrial cyber threat intel & collective intelligence with Seth Lacy, Principal Threat Hunter at Dragos.Control Loop News Brief.The Vulkan Papers. A Look Inside Putin's Secret Plans for Cyber-Warfare (Der Spiegel)Secret trove offers rare look into Russian cyberwar ambitions (The Washington Post)Maritime cybersecurity.Full Steam Ahead: Enhancing Maritime Cybersecurity (Cyberspace Solarium Commission 2.0)Cyber experts call for CISA to establish maritime equipment test bed (FedScoop)Dragos CEO on critical infrastructure cybersecurity.Full Committee Hearing to Examine Cybersecurity Vulnerabilities to the United States' Energy Infrastructure (Senate Committee on Energy and Natural Resources)JCDC and pre-ransomware notification.JCDC Cultivates Pre-Ransomware Notification Capability (CISA)Getting Ahead of the Ransomware Epidemic: CISA’s Pre-Ransomware Notifications Help Organizations Stop Attacks Before Damage Occurs (CISA)Control Loop Interview.The interview is with Mike Hoffman, Technical Leader Global Services at Dragos & SANS instructor, discussing challenges carrying vulnerability management.Control Loop Learning Lab.In Part 2 of 2, Dragos’ VP Product & Industry Market Strategy Mark Urban speaks with Seth Lacy, Principal Threat Hunter at Dragos, about industrial cyber threat intel & collective intelligence. Industrial Cyber Threat Intel & Collective Intelligence links: Neighborhood Keeper in the Broader Context of Cyber Threat Intelligence Using Trend Analysis to Operationalize OT Threat Intelligence with Neighborhood Keeper Control Loop OT Cybersecurity Briefing.A companion monthly newsletter is available through free subscription and on the CyberWire's website. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyberattacks against Canada’s agriculture industry. HItachi ransomware incident. African industrial sector targeted with malware. TSA issues new cybersecurity requirements for the aviation industry. CISA issues a guide for resilience in the maritime industry. Ransomware Vulnerability Warning Pilot supports critical infrastructure operators. Guest is JD Christopher, Dragos’ Director of Cyber Risk, talking about the CISO evolution. In the Learning Lab, Dragos’ VP Product & Industry Market Strategy Mark Urban kicks off his two-part discussion about industrial cyber threat intel & collective intelligence with Seth Lacy, who is a Principal Threat Hunter at Dragos.Control Loop News Brief.Cyberattacks against Canada’s agriculture industry.Safety Net: A flock of chickens, held for ransom — Growing cyberattacks on Canada's food system threaten disaster (Financial Post)HItachi ransomware incident.Hitachi Energy confirms data breach after Clop GoAnywhere attacks (BleepingComputer)African industrial sector targeted with malware.Threat landscape for industrial automation systems. Statistics for H2 2022 (Kaspersky)A border-hopping PlugX USB worm takes its act on the road (Sophos)TSA issues new cybersecurity requirements for the aviation industry.TSA issues new cybersecurity requirements for airport and aircraft operators (TSA)CISA issues a guide for resilience in the maritime industry.Marine Transportation System Resilience Assessment Guide (CISA)Ransomware Vulnerability Warning Pilot supports critical infrastructure operators.CISA Establishes Ransomware Vulnerability Warning Pilot Program (CISA)CISA now warns critical infrastructure of ransomware-vulnerable devices (BleepingComputer)Control Loop Interview.The interview is with JD Christopher, Director of Cyber Risk at Dragos, discussing the CISO evolution.Control Loop Learning Lab.In Part 1 of 2, Dragos’ VP Product & Industry Market Strategy Mark Urban speaks with Seth Lacy, Principal Threat Hunter at Dragos, about industrial cyber threat intel & collective intelligence. Industrial Cyber Threat Intel & Collective Intelligence links: Neighborhood Keeper in the Broader Context of Cyber Threat Intelligence Using Trend Analysis to Operationalize OT Threat Intelligence with Neighborhood Keeper Control Loop OT Cybersecurity Briefing.A companion monthly newsletter is available through free subscription and on the CyberWire's website. Learn more about your ad choices. Visit megaphone.fm/adchoices

The White House has released its National Cybersecurity Strategy. MKS Instruments discloses a ransomware incident that spread to some of its vendors. Ransomware hits the Dole Food Company. CISA runs a red team assessment against a critical infrastructure organization. And LockBit has claimed responsibility for an attack on a water utility in Portugal. The CyberWire's Tré Hester shares the news this week. Guest Tom Winston, Dragos’ Director of Intelligence Content, recently spoke with Dave Bittner about Dragos’ recently released 2022 Year in Review report. In the Learning Lab, Dragos’ VP Product & Industry Market Strategy Mark Urban completes his two-part discussion about the importance of incident response planning with Vern McCandlish, who is a Principal Industrial Incident Responder at Dragos.Control Loop News Brief.White House releases the National Cybersecurity Strategy.National Cybersecurity Strategy (The White House)Cranes as a security threat.Pentagon Sees Giant Cargo Cranes as Possible Chinese Spying Tools (Wall Street Journal)EPA Memo requires water systems to include cybersecurity in their safety audits.EPA Takes Action to Improve Cybersecurity Resilience for Public Water Systems (EPA)MKS Instruments discloses ransomware incident.Applied Materials will take a $250M hit to sales this quarter, thanks to a cyberattack at one of its suppliers (Silicon Valley Business Journal)Semiconductor industry giant says ransomware attack on supplier will cost it $250 million (The Record)Ransomware hits a major food producer.Cyberattack on food giant Dole temporarily shuts down North America production, company memo says (CNN)Dole Experiences Cybersecurity Incident (Dole)Red-teaming critical infrastructure.CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks (CISA)LockBit claims attack on water utility in Portugal.LockBit gang takes credit for attack on water utility in Portugal (The Record)Control Loop Interview.The interview is with Tom Winston, Director of Intelligence Content at Dragos, sharing their recently released 2022 Year in Review report.Control Loop Learning Lab.In Part 2 of 2, Dragos’ VP Product & Industry Market Strategy Mark Urban speaks with Vern McCandlish, Principal Industrial Incident Responder at Dragos, about the importance of incident response planning. Industrial Cyber Threat Intel & Collective Intelligence links: Neighborhood Keeper in the Broader Context of Cyber Threat Intelligence Using Trend Analysis to Operationalize OT Threat Intelligence with Neighborhood Keeper Control Loop OT Cybersecurity Briefing.A companion monthly newsletter is available through free subscription and on the CyberWire's website. Learn more about your ad choices. Visit megaphone.fm/adchoices

Dragos has released its ICS/OT Cybersecurity Year in Review for 2022, finding a rise in ransomware attacks targeting industrial organizations. Forescout discloses two vulnerabilities affecting the Unity line of Schneider Electric’s Modicon programmable logic controllers. Dozens of vulnerabilities in industrial internet-of-things (IIoT) devices. Tim Starks from the Washington Post's Cybersecurity 202. discusses the upcoming White House National Cyber Strategy and its possible effects on critical infrastructure. In the Learning Lab, Dragos’ VP Product & Industry Market Strategy Mark Urban begins his two-part discussion about the importance of incident response planning with Vern McCandlish, who is a Principal Industrial Incident Responder at Dragos.Control Loop News Brief.Dragos releases its ICS/OT Cybersecurity Year in Review for 2022.2022 ICS/OT Cybersecurity Year in Review (Dragos)Russian-linked malware was close to putting U.S. electric, gas facilities ‘offline’ last year (Politico)Schneider PLC vulnerabilities.Deep Lateral Movement in OT Networks: When Is a Perimeter Not a Perimeter? (Forescout)The return of ICEFALL: Two critical bugs revealed in Schneider Electric tech (The Record)Wireless IIoT devices at risk from vulnerabilities.Industrial Wireless IoT - The direct path to your Level 0 (Otorio)Control Loop Interview.The interview is with Tim Starks from the Washington Post's Cybersecurity 202 discussing the upcoming White House National Cyber Strategy and its possible effects on critical infrastructure.Control Loop Learning Lab.In Part 1 of 2, Dragos’ VP Product & Industry Market Strategy Mark Urban speaks with Vern McCandlish, Principal Industrial Incident Responder at Dragos, about the importance of incident response planning. Industrial Cyber Threat Intel & Collective Intelligence links: Neighborhood Keeper in the Broader Context of Cyber Threat Intelligence Using Trend Analysis to Operationalize OT Threat Intelligence with Neighborhood Keeper Control Loop OT Cybersecurity Briefing.A companion monthly newsletter is available through free subscription and on the CyberWire's website. Learn more about your ad choices. Visit megaphone.fm/adchoices

Multiple strains of Russian wiper malware are targeting entities in Ukraine. A high-severity command injection vulnerability affects Cisco devices. The IoT supply chain is threatened by exploitation of Realtek Jungle SDK vulnerability. And US Congressman Andrew Garbarino will serve as the new Chairman of the Subcommittee on Cybersecurity and Infrastructure Protection. In Part 2 of 2 in our interview segment from Dragos’ Ask the ISACs discussion led by Dawn Cappelli, Dragos’ Head of OT-CERT, panelists Tim Chase from the MFG-ISAC, Eugene Kipniss from MS-ISAC, Jennifer Lyn Walker from Water ISAC, and Matt Duncan from E-ISAC return. In the Learning Lab, Dragos’ VP Product & Industry Market Strategy Mark Urban concludes his discussion with Lesley Carhart, Dragos’ Director of Incident Response for North America, about creating an ICS/OT specific incident response plan. Control Loop News Brief.Russian wiper malware targets Ukraine.Russia’s Sandworm hackers blamed in fresh Ukraine malware attack (CyberScoop)APT Activity Report for T3 2022 (ESET)Cyber ​​attack on the Ukrinform information and communication system (CERT-UA)Command injection vulnerability affects Cisco devices.When Pwning Cisco, Persistence is Key - When Pwning Supply Chain, Cisco is Key (Trellix)Cisco IOx Application Hosting Environment Command Injection Vulnerability (Cisco)Congressman Andrew Garbarino to serve as Chairman of the Subcommittee on Cybersecurity and Infrastructure Protection.Garbarino Selected To Chair Cybersecurity Subcommittee (Office of Andrew Garbarino)IoT supply chain threatened by exploitation of Realtek Jungle SDK vulnerability.Network Security Trends: August-October 2022 (Unit 42)Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats (Unit 42)Control Loop Interview.The interview is the second part from Dragos’ Ask the ISACs discussion led by Dawn Cappelli, Dragos’ Head of OT-CERT, with panelists Tim Chase from the MFG-ISAC, Eugene Kipniss from MS-ISAC, Jennifer Lyn Walker from Water ISAC, and Matt Duncan from E-ISAC. Control Loop Learning Lab.In Part 2 of 2, Dragos’ VP Product & Industry Market Strategy Mark Urban speaks with Lesley Carhart, Dragos’ Director of Incident Response for North America, about creating an ICS/OT specific incident response plan. Control Loop OT Cybersecurity Briefing.A companion monthly newsletter is available through free subscription and on the CyberWire's website. Learn more about your ad choices. Visit megaphone.fm/adchoices

The NOTAM outage was reportedly caused by a corrupted file. The World Economic forum sees geopolitical instability as a source of cyber risk. The Copper Mountain Mining Corporation is working to recover its IT systems following a ransomware attack. DNV's fleet management software sustains a ransomware attack. Ukrainian hacktivists conducted DDoS attacks against Iranian sites. And a cyberattack against a Nunavut power utility.Our interview segment is part one of two from Dragos’ Ask the ISACs discussion led by Dawn Cappelli, Dragos’ Head of OT-CERT, with panelists Tim Chase from the MFG-ISAC, Eugene Kipniss from MS-ISAC, Jennifer Lyn Walker from Water ISAC, and Matt Duncan from E-ISAC. On part 1 of 2 in the Learning Lab, Dragos’ VP Product & Industry Market Strategy Mark Urban speaks with Lesley Carhart, Dragos’ Director of Incident Response for North America, about creating an ICS/OT specific incident response plan. Control Loop News Brief.NOTAM outage appears to have been caused by a system error.US Aviation System Meltdown Tied to Corrupted Digital File (Bloomberg)Here's the latest on the NOTAM outage that caused flight delays and cancellations (NPR)The WEF’s Cybersecurity Outlook for 2023.Global Cybersecurity Outlook 2023 (World Economic Forum)Mining company resumes operations after ransomware attack.Copper Mountain Mining Provides Operational Update on Ransomware Attack (Copper Mountain Mining Corporation)DNV's fleet management software sustains ransomware attack.Cyber-attack on ShipManager servers – update (DNV)Ukrainian hacktivists conduct DDoS against Iranian sites.Iranian websites impacted by pro-Ukraine DDoS attacks (SC Media)Iran’s support of Russia draws attention of pro-Ukraine hackers (The Record)Cyberattack hits Nunavut energy company’s IT systems.Quilliq Energy Corporation Impacted by a Cyberseurity Incident (QEC)Premier comments on QEC cyber-security incident (Nunavut Department of Executive and Intergovernmental Affairs)Control Loop Interview.The interview is part one of two from Dragos’ Ask the ISACs discussion led by Dawn Cappelli, Dragos’ Head of OT-CERT, with panelists Tim Chase from the MFG-ISAC, Eugene Kipniss from MS-ISAC, Jennifer Lyn Walker from Water ISAC, and Matt Duncan from E-ISAC. Control Loop Learning Lab.In Part 1 of 2, Dragos’ VP Product & Industry Market Strategy Mark Urban speaks with Lesley Carhart, Dragos’ Director of Incident Response for North America, about creating an ICS/OT specific incident response plan.  Learn more about your ad choices. Visit megaphone.fm/adchoices

A Canadian mining company shuts down its mill following a ransomware attack. The Port of Lisbon has sustained a cyberattack, with the LockBit ransomware gang claiming credit. Rail company Wabtec begins notifying victims of data breach following a ransomware attack. New York’s governor signs legislation seeking to secure power grids. And an upcoming NATO study will analyze hybrid warfare. Guest Kaleb Flem, Senior Cyber Threat Intel Analyst at Southern California Edison, returns for the second part of his interview to discuss the transition from the military and Intelligence Community to the OT space. The Learning Lab segment will return in our next episode.Control Loop News Brief.Canadian mining company hit by ransomware.Copper Mountain Mining Subject to Ransomware Attack and Implements Risk Management Systems and Protocols (Canada NewsWire)Canadian copper mine suffers ransomware attack, shuts down mills (The Record)Port of Lisbon sustains cyberattack.LockBit claims an attack on the Port of Lisbon (CyberNews)Rail company begins notifying victims of data breach.Data Security Incident Update – Personal Data Breach Public Communication (Wabtec Corporation)Billion-dollar rail firm confirms data breach after suspected ransomware attack (The Record)New York legislation seeks to secure power grids.tGovernor Hochul Signs Nation-leading Legislation to Protect Energy Grid from Cyber Threats (Governor Kathy Hochul)NATO study will analyze hybrid warfare.How NATO can keep pace with hybrid threats in the Black Sea region and beyond (Atlantic Council)Control Loop Interview.Kaleb Flem, Senior Cyber Threat Intel Analyst at Southern California Edison, returns for the second part of his interview to discuss the transition from the military and Intelligence Community to the OT space.Control Loop Learning Lab.The Learning Lab will return in our next episode. Learn more about your ad choices. Visit megaphone.fm/adchoices

This interview from December 2nd, 2022 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Maria Varmazis sits down and interviews Brandon Bailey about Space Attack Research and Tactic Analysis, or SPARTA matrix. Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft offers predictions for Russia’s war in Ukraine. A wiper targets the diamond industry. New version of Babuk ransomware hits manufacturing company. Cyberattacks against the manufacturing industry. Cybersecurity for farming equipment. CISA issues ICS advisories. Guest Kaleb Flem, Senior Cyber Threat Intel Analyst at Southern California Edison, discusses maximizing threat intelligence at a utility. And, in Part 2 of 2 on the Learning Lab, Mark Urban and Dragos’ CISO Steve Applegate talk about starting an OT cybersecurity program.Control Loop News Brief.Predictions for Russia’s war in Ukraine.Preparing for a Russian cyber offensive against Ukraine this winter (Microsoft)A wiper targets the diamond industry.Fantasy – a new Agrius wiper deployed through a supply‑chain attack (ESET)New version of Babuk ransomware hits manufacturing company.Morphisec Discovers Brand New Babuk Ransomware Variant in Major Attack (Morphisec)Cyberattacks against the manufacturing industry.BlackBerry/Make UK Research Reveals UK Manufacturing Sector Under Threat as Almost Half Suffer Cyberattack in the Last 12 Months (BlackBerry)Cybersecurity for farms.Tractors vs. threat actors: How to hack a farm (ESET)CISA’s ICS advisories.CISA Releases Three Industrial Control Systems Advisories (CISA)Iguana triggers blackout.Rogue iguana causes widespread power outage in Lake Worth Beach (The Sun Sentinel)Control Loop Interview.Guest Kaleb Flem, Senior Cyber Threat Intel Analyst at Southern California Edison, discusses maximizing threat intel at a utility.Control Loop Learning Lab.Part 2 of 2 has Dragos CISO Steve Applegate talking with Dragos' Mark Urban about starting an OT cybersecurity program.  Learn more about your ad choices. Visit megaphone.fm/adchoices

The US Government Accountability Office issues a report on offshore oil and gas cybersecurity. The Oak Ridge National Laboratory seeks to secure power grids. Boa web server vulnerabilities used to target energy organizations. CISA updates its Infrastructure Resilience Planning Framework. And CISA issues advisories for ICS vulnerabilities. Guests Mara Winn and Guohui Yuan join us from the Department of Energy to discuss their report, "Cybersecurity Considerations for Distributed Energy Resources on the U.S. Electric Grid.” In Part 1 of 2 on the Learning Lab, Mark Urban and Dragos’ CISO Steve Applegate talk about starting an OT cybersecurity program.Control Loop News Brief.GAO issues report on offshore oil and gas cybersecurity.Offshore Oil and Gas: Strategy Urgently Needed to Address Cybersecurity Risks to Infrastructure (US Government Accountability Office)ORNL seeks to secure power grids.DarkNet: Lighting up a secure grid communication network (ORNL)Boa web server vulnerabilities.Vulnerable SDK components lead to supply chain risks in IoT and OT environments (Microsoft)Continued Targeting of Indian Power Grid Assets by Chinese State-Sponsored Activity Group (Recorded Future)Sandworm renews ransomware activity against Ukrainian targets.New ransomware attacks in Ukraine linked to Russian Sandworm hackers (BleepingComputer)CISA updates its Infrastructure Resilience Planning Framework.Infrastructure Resilience Planning Framework (CISA)CISA issues ICS advisories.CISA Releases Eight Industrial Control Systems Advisories (CISA)CISA Releases Seven Industrial Control Systems Advisories (CISA)Control Loop Interview.Guests Mara Winn and Guohui Yuan from the Department of Energy discuss their report, "Cybersecurity Considerations for Distributed Energy Resources on the U.S. Electric Grid.”Control Loop Learning Lab.In Part 1 of 2 on the Learning Lab, Mark Urban and Dragos’ CISO Steve Applegate talk about starting an OT cybersecurity program. Learn more about your ad choices. Visit megaphone.fm/adchoices