The Vulkan Papers. The Cyberspace Solarium Commission recommends that CISA set up a test bed to improve maritime cybersecurity. Dragos CEO on critical infrastructure cybersecurity. The JCDC’s pre-ransomware notification efforts. Guest Mike Hoffman, Technical Leader Global Services at Dragos & a SANS instructor, discusses challenges carrying out vulnerability management. In the Learning Lab, Dragos’ VP Product & Industry Market Strategy Mark Urban concludes his two-part discussion about i...
Apr 05, 2023•36 min•Season 1Ep. 22
Cyberattacks against Canada’s agriculture industry. HItachi ransomware incident. African industrial sector targeted with malware. TSA issues new cybersecurity requirements for the aviation industry. CISA issues a guide for resilience in the maritime industry. Ransomware Vulnerability Warning Pilot supports critical infrastructure operators. Guest is JD Christopher, Dragos’ Director of Cyber Risk, talking about the CISO evolution. In the Learning Lab, Dragos’ VP Product & Industry Market Stra...
Mar 22, 2023•36 min•Season 1Ep. 21
The White House has released its National Cybersecurity Strategy. MKS Instruments discloses a ransomware incident that spread to some of its vendors. Ransomware hits the Dole Food Company. CISA runs a red team assessment against a critical infrastructure organization. And LockBit has claimed responsibility for an attack on a water utility in Portugal. The CyberWire's Tré Hester shares the news this week. Guest Tom Winston, Dragos’ Director of Intelligence Content, recently spoke with Dave Bittne...
Mar 08, 2023•39 min•Season 1Ep. 20
Dragos has released its ICS/OT Cybersecurity Year in Review for 2022, finding a rise in ransomware attacks targeting industrial organizations. Forescout discloses two vulnerabilities affecting the Unity line of Schneider Electric’s Modicon programmable logic controllers. Dozens of vulnerabilities in industrial internet-of-things (IIoT) devices. Tim Starks from the Washington Post's Cybersecurity 202. discusses the upcoming White House National Cyber Strategy and its possible effects on critical ...
Feb 22, 2023•42 min•Season 1Ep. 19
Multiple strains of Russian wiper malware are targeting entities in Ukraine. A high-severity command injection vulnerability affects Cisco devices. The IoT supply chain is threatened by exploitation of Realtek Jungle SDK vulnerability. And US Congressman Andrew Garbarino will serve as the new Chairman of the Subcommittee on Cybersecurity and Infrastructure Protection. In Part 2 of 2 in our interview segment from Dragos’ Ask the ISACs discussion led by Dawn Cappelli, Dragos’ Head of OT-CERT, pane...
Feb 08, 2023•37 min•Season 1Ep. 18
The NOTAM outage was reportedly caused by a corrupted file. The World Economic forum sees geopolitical instability as a source of cyber risk. The Copper Mountain Mining Corporation is working to recover its IT systems following a ransomware attack. DNV's fleet management software sustains a ransomware attack. Ukrainian hacktivists conducted DDoS attacks against Iranian sites. And a cyberattack against a Nunavut power utility.Our interview segment is part one of two from Dragos’ Ask the ISACs dis...
Jan 25, 2023•41 min•Season 1Ep. 17
A Canadian mining company shuts down its mill following a ransomware attack. The Port of Lisbon has sustained a cyberattack, with the LockBit ransomware gang claiming credit. Rail company Wabtec begins notifying victims of data breach following a ransomware attack. New York’s governor signs legislation seeking to secure power grids. And an upcoming NATO study will analyze hybrid warfare. Guest Kaleb Flem, Senior Cyber Threat Intel Analyst at Southern California Edison, returns for the second par...
Jan 11, 2023•19 min•Season 1Ep. 16
This interview from December 2nd, 2022 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Maria Varmazis sits down and interviews Brandon Bailey about Space Attack Research and Tactic Analysis, or SPARTA matrix. Learn more about your ad choices. Visit megaphone.fm/adchoices
Dec 28, 2022•20 min•Ep. 137
Microsoft offers predictions for Russia’s war in Ukraine. A wiper targets the diamond industry. New version of Babuk ransomware hits manufacturing company. Cyberattacks against the manufacturing industry. Cybersecurity for farming equipment. CISA issues ICS advisories. Guest Kaleb Flem, Senior Cyber Threat Intel Analyst at Southern California Edison, discusses maximizing threat intelligence at a utility. And, in Part 2 of 2 on the Learning Lab, Mark Urban and Dragos’ CISO Steve Applegate talk ab...
Dec 14, 2022•35 min•Season 1Ep. 15
The US Government Accountability Office issues a report on offshore oil and gas cybersecurity. The Oak Ridge National Laboratory seeks to secure power grids. Boa web server vulnerabilities used to target energy organizations. CISA updates its Infrastructure Resilience Planning Framework. And CISA issues advisories for ICS vulnerabilities. Guests Mara Winn and Guohui Yuan join us from the Department of Energy to discuss their report, "Cybersecurity Considerations for Distributed Energy Resources ...
Nov 30, 2022•39 min•Season 1Ep. 14
The US Department of Energy seeks to improve visibility into ICS environments. NIST has issued a proposal for upgrading cybersecurity at water plants in the US. A patch has been issued for a critical vulnerability that affects flow computers from ABB. Guest Ashif Samnani of Cenovus Energy shares insights from his nearly two decade career in the OT world. In the Learning Lab, hear the third in a series with Mike Hoffman, a Principal Industrial Consultant at Dragos, teaching infosec professionals ...
Nov 16, 2022•36 min•Season 1Ep. 13
CISA releases cross-sector cybersecurity performance goals. A look at the ransomware threat to industrial organizations. The TSA says it will issue new aviation cybersecurity requirements, and announces a railway cybersecurity directive. The White House focuses on cybersecurity in the chemical sector. Guest Jim Richberg of Fortinet addresses the evolving threat landscape and coming supply chain risks. In the Learning Lab, hear the second in a series with Mike Hoffman, a Principal Industrial Cons...
Nov 02, 2022•42 min•Season 1Ep. 12
An assessment of port and terminal cybersecurity in the US. Tata Power discloses a cyberattack. The White House issues statements on cybersecurity. India’s power company collaborates on energy sector cybersecurity. Guests Special Agent in Charge, Tom Sobocinski, and Supervisory Special Agent for Cyber, Tom Breeden, of the FBI Baltimore Field Office, discuss the FBI's collaborative approach to working with industry. In the Learning Lab, Mike Hoffman of Dragos kicks off the first of 3 segments on ...
Oct 19, 2022•37 min•Season 1Ep. 11
Nord Stream pipelines sabotaged in a kinetic attack. NSA and CISA issue guidance on ICS threats. Ukraine anticipates Russian cyberattacks against the energy sector. Dragos receives CVE numbering authority. CISA's ICS Advisories. Guest Dawn Cappelli of Dragos shares an update on OT-CERT. In the Learning Lab, Mark Urban and Phil Tonkin of Dragos talk about where does all that electricity that is generated go? Control Loop News Brief. Nord Stream pipelines sabotaged in a kinetic attack. Sweden Dete...
Oct 05, 2022•41 min•Season 1Ep. 10
The Palestinian hacktivist group GhostSec compromises Israeli PLCs. North Korea’s Lazarus Group targets the energy sector. The White House issues a memorandum on supply chain security. CISA issues advisories on ICS vulnerabilities. Guest Rachael Conrad of Rockwell Automation talks about how industrial automation organizations can achieve their connected enterprise by providing a safe and secure OT infrastructure. In the Learning Lab, Dragos' Mark Urban discusses the scale of the generation of el...
Sep 21, 2022•37 min•Season 1Ep. 9
Cybersecurity for the food industry. Montenegro works to recover from Russian cyber offensive. NSTAC recommends cataloging Federal OT assets. Chemical sector cybersecurity. Kinetic attacks affect Ukrainian nuclear power plant. CISA ICS alerts. Guest Dean Parsons from SANS joins us to discuss attacks against critical infrastructure. The Learning Lab finds Dragos' Mark Urban joined by Miriam Lorbert breaking down the fundamentals of the control loop. Control Loop News Brief. Food industry cybersec...
Sep 07, 2022•39 min•Season 1Ep. 8
DOE invests in securing the US power grid. CISA’s recent ICS security advisories. Industroyer2 makes an appearance in Ukraine. DDoS attack against Energoatom’s website. Ransomware trends and the threat to OT systems. Ransomware gang attempts to extort the wrong water company. Control Loop News Brief. DOE invests in securing the US power grid. DOE invests $45 million in cyber technology that protects power sector (The Hill) CISA’s recent ICS security advisories. Cisco Releases Security Update for...
Aug 24, 2022•46 min•Season 1Ep. 7
BlackCat ransomware gang hits Luxembourg energy company. Predatory Sparrow's assault on Iran's steel industry. MOXA issues patches for two vulnerabilities. ICS security advisories. Two security bills pass the US House. Insider threat: Spain arrests nuclear plant employees. The human risk to OT systems. Control Loop News Brief. BlackCat ransomware gang hits Luxembourg energy company. BlackCat ransomware gang hits Luxembourg energy supplier Creos (Computing) Luxembourg energy provider Encevo Group...
Aug 10, 2022•43 min•Season 1Ep. 6
More deniable DDoS attacks strike countries friendly to Ukraine. Russian intentions and capabilities in its hybrid war. Log4j is now “endemic.” CISA’s ICS security advisories. Operational technology and the C2C market. TSA issues revised pipeline cybersecurity guidelines. Zero-trust comes to OT. Our guest is Puesh Kumar from the Department of Energy, discussing the DOE’s efforts to secure critical infrastructure, and to secure clean energy infrastructure. In the Learning Lab, Kimberly Graham, se...
Jul 27, 2022•46 min•Season 1Ep. 5
A cyberattack hits a Ukrainian energy provider. A Chinese-speaking threat actor targets building automation systems. An Iranian steel mill suspends production due to a cyberattack. The US US TSA issues relaxed pipeline cybersecurity directives. A US cybersecurity bill focuses on training. Ian Frist from BlueVoyant joins us to discuss on what CMMC will mean for ICS environments. And in the Learning Lab, Robert M Lee joins us to explain the five critical controls for ICS. Control Loop News Brief. ...
Jul 13, 2022•40 min•Season 1Ep. 4
ICEFALL affects OT devices. Thermal cameras and industrial processes. Sandworm spies on infrastructure. Ransomware hits auto parts manufacturer. Most electricity, oil & gas, manufacturing firms have seen cyberattacks. Nuclear facility cyber exercises. Connecticut Guard trains to defend utilities. Dawn Cappelli joins us to discuss how the OT Cyber Emergency Readiness Team is planning to address cybersecurity resource gaps for industrial infrastructure. And in the learning lab, Nick Shaw joins...
Jun 29, 2022•47 min•Season 1Ep. 3
Subscribe to the Control Loop Newsletter here with new editions published every month. UK Attorney General discusses hacking back in defense of critical infrastructure. Ethiopia says it stopped cyberattacks on its Nile dam. Recommended cybersecurity improvements for dams in the Southeastern US. Water system security. MITRE releases supply chain security framework. CISA and its partners issue guidelines for evaluating 5G implementation. Deloitte opens a Smart Factory at Wichita State University. ...
Jun 15, 2022•37 min•Season 1Ep. 2
Every two weeks, get the latest in OT news in Control Loop News Brief, an interview featuring a thought leader in the OT space sharing current industry trends, and the Control Loop Learning Lab’s educational segment. A companion monthly newsletter is available through free subscription and on the CyberWire's website. Headlines include: Russia’s hybrid war against Ukraine. Russian threat actors against industrial control systems. Exploits for Bluetooth Low Energy. Hacktivists claim attacks agains...
Jun 01, 2022•42 min•Season 1Ep. 1
Cybersecurity for Operational Technology and Industrial Control Systems. The Control Loop podcast, hosted by the CyberWire’s Dave Bittner, investigates the latest threat intelligence, security strategies, and technologies that industry professionals rely on to safeguard civilization. Every two weeks, Dave analyzes the biggest stories in OT security with commentary from key industry leaders and operators. Each episode includes new guests who provide the insider’s perspective on major threats and ...
May 26, 2022•4 min•Season 1Ep. 1
