Successful mitigation of today’s security threats requires an approach that is both on the offensive and on the defensive. Here, we give our take on how to approach and handle specific security challenges, as well as our reaction to some of the latest industry topics.
10.03.24Last Wednesday, CISA issued an advisory two days after Arkansas City, Kansas, revealed that a Sunday morning cyberattack forced it to switch its water treatment facility to manual operations. In the alert, CISA urged OT/ICS operators in critical infrastructure sectors to apply the recommendations listed in Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity to… Read more »
06.13.23How DirectDefense uncovered weaknesses in a municipality’s SCADA systems and a need for SCADA network segmentation A large municipality enlisted the services of DirectDefense to perform a Critical Infrastructure Assessment of the SCADA network controlling their water and electric services. During the SCADA assessments, our team identified several weaknesses that demonstrated the need for SCADA… Read more »
12.12.22What We Can Expect in 2023 Based on the Past Year’s Threat Landscape As we gear up for the holidays and new year, it is that time of the year again to review this year’s security-related events and examine the themes for future security challenges we can expect in the coming year that may affect… Read more »
07.13.22DirectDefense assessed the security of MQTT traffic – the transfer of data to a SCADA system, ultimately controlling critical infrastructure.
03.08.22Avoid these three pitfalls that are inherent to most SCADA systems that manage critical infrastructure. A multinational corporation enlisted the services of DirectDefense to perform a security assessment of the organization’s newly-developed battery energy storage control (BESS) that would enable the company’s vendors and integrators to manage the voltage and power output for massive batteries.… Read more »
01.26.22Security company Qualys has uncovered a dangerous PolicyKit vulnerability. Learn how to remediate and patch Linux.
12.09.21What to Know, How to Prepare, and How We Got Here When 2021 began, everything from the pandemic to the economy felt uncertain. Security threats increased both as a result of those uncertainties and the ever-growing sophistication of the threat landscape. In this post, we’ll review the events that created security threats in 2021 and… Read more »
07.26.21Newsflash: Most networks utilized for Supervisory Control and Data Acquisition (SCADA) were not designed to be secure. Yes, you read that correctly. Kind of a scary thought, especially when your municipal water utility is reliant on this SCADA network to ensure the availability and safety of the drinking water supply! This is why the management… Read more »
05.13.21The Colonial Pipeline shutdown should be seen as a serious incident pointing to the precariousness of critical infrastructure security.
02.09.21If you don’t want to issue the dreaded boil-water advisory then make sure your wireless network is hacker-proof. How our team was able to drive up to a municipal water utility, join the wireless SCADA network and gain the access needed to do some major damage to the water supply – all in 10 minutes… Read more »
