What are you looking for?

The 2014 Industrial Control System (ICS) Cyber Security Conference will be held October 20 – 23, 2014 at the Georgia Tech Hotel and Conference Center in Atlanta, Georgia, USA. As the longest-running cyber security-focused conference for the industrial control systems sector, the event

Longest Running ICS Cyber Security Conference Opens Call for Presentations for 2014 Event in Atlanta, Georgia SecurityWeek today announced the official Call for Presentations for the 2014 Industrial Control Systems (ICS) Cyber Security Conference, to be held October 20 – 23, 2014

Atlanta Oct. 20-23, 2014 - Georgia Tech Hotel and Conference Center  Following a sold out event in 2013, the 2014 ICS Cyber Security Conference is expected to attract more than 250 professionals from around the world and again sell out. Since 2002, the ICS Cyber

(SecurityWeek) - An attack launched by an advanced persistent threat (APT) group against an unnamed steel plant in Germany resulted in significant damage, according a new report. Cyberattacks on critical infrastructure are a reality and they're becoming more frequent. An IT

The official Call for Papers for the 2015 Industrial Control Systems (ICS) Cyber Security Conference, to be held October 26 – 29, 2015 at the Georgia Tech Hotel and Conference Center in Atlanta, Georgia, USA, is now open. The conference is

The market for security solutions to protect the "Internet of Things (IoT) is expected to top $28 Billion by 2020, according to new market research report. According to the report, published by MarketsandMarkets, the IoT Security Market is expected to grow

(SecurityWeek) - Charlie Miller and Chris Valasek, famous hardware hackers who recently demonstrated that some Fiat Chrysler cars can be remotely hijacked, have been hired by ride-hailing giant Uber. Miller revealed last week that he was leaving Twitter, the social media firm

(SecurityWeek) - Schneider Electric has released firmware patches to address a couple of vulnerabilities affecting some of the company’s Modicon programmable logic controller (PLC) products. The security holes affect the following Modicon M340 Central Processing Units (CPUs) and ethernet communication modules:

(SecurityWeek) - The number of publicly disclosed vulnerabilities affecting industrial control systems (ICS) has increased considerably since the Stuxnet attack, shows a report published on Wednesday by threat intelligence firm Recorded Future. Researchers have uncovered numerous vulnerabilities in ICS products over the

The Obama Administration on Sept. 14 announced a new “Smart Cities” Initiative that will invest over $160 million in federal research and leverage more than 25 new technology collaborations to help local communities tackle key challenges such as reducing traffic

Joe Weiss, founder of the Industrial Control Systems (ICS) Cyber Security Conference, and several leading experts were featured this week in PBS' NOVA. The full episode, CyberWar Threat, is embedded here. SecurityWeek's 2015 ICS Cyber Security Conference Takes Place October 26 - 29th at the

On September 10, 2015, during testimony to the House Select Committee on Intelligence, U.S. Director of National Intelligence James R. Clapper stated that "Politically motivated cyber-attacks are now a growing reality, and foreign actors are reconnoitering and developing access to

The Financial Services Roundtable (FSR), an advocacy organization supporting financial, insurance, and asset management firms across the U.S., has launched a new ad campaign urging the Senate to pass the Cybersecurity Information Sharing Act (CISA), a bill designed to enable

Last week, the Federal Energy Regulatory Commission (FERC) granted a motion to postpone implementation of the North American Electric Reliability Corporation(NERC) Critical Infrastructure Protection (CIP) V5 Standards from April until July 1, 2016. Ted Gutierrez, the industrial control systems (ICS) &

We are happy to announce what will be a fascinating talk at the 2016 ICS Cyber Security Conference, presented by Jeff Melrose, Principal Technology Strategist for Cybersecurity at Yokogawa US. Abstract With new Drone technologies appearing in the consumer space daily, Industrial Site

(SecurityWeek) - Researchers have discovered two vulnerabilities in Siemens’ SICAM Power Automation System (PAS). The vendor has patched one of the flaws and is currently working on addressing the other one. SICAM PAS is an automation system used by energy companies worldwide

A researcher has discovered several vulnerabilities in Sierra Wireless industrial gateways, but the vendor will not address the issues because the products are approaching end of life. Security researcher Karn Ganeshen reported recently that Sierra Wireless AirLink Raven XE and XT

Over the past few years, industrial control systems (ICS) components have proven to be increasingly vulnerable and more frequently accessible from the Internet, which significantly amplifies the risk they are exposed to, Kaspersky Lab researchers warn. According to numbers from Kaspersky, 189 vulnerabilities

(SecurityWeek) - Dragos, a startup focused on protecting industrial control systems (ICS) from cyber threats, has raised $1.2 million from startup studio DataTribe. Founded by a small group of former NSA intelligence officers with experience in ICS security,Dragos offers a network asset

We are pleased to add the following talk to the agenda of SecurityWeek's 2016 ICS Cyber Security Conference.  (Conference registration is still available - with registrations up more than 100% for 2016, we encourage you to register now to reserve a

Control Systems are Used in Applications Beyond Just Industrial Control and Automation By: Joe Weiss Control systems are used to monitor and control physical processes. Measured variables include pressure, temperature, level, flow, voltage, current, resistance, power, weight (mass), speed, distance, direction, chemical

By: Joe Weiss Protective relays are critical to the operation of the electric grid and the protection of large electric equipment in many industries including electric, nuclear, manufacturing, etc. Protective relays were originally electro-mechanical switches but have progressed to complex networked

By: Joe Weiss All too often, people claim their systems are air-gapped, and therefore have no cyber vulnerability. But Alternating Current (AC) power cords cross the ostensible “air gap”, and power supplies for laptops, servers, ICSs, etc. have rarely been addressed

(SecurityWeek) - Siemens has released software updates to address several vulnerabilities in its SIMATIC and Automation License Manager (ALM) products. According to advisories published last week by both ICS-CERT and Siemens, the ALM, which allows customers to centrally manage licenses for

Kaspersky Lab has launched a new global computer emergency response team (CERT) focusing on industrial control systems (ICS). Through the Kaspersky Lab ICS-CERT, the security firm wants to share its knowledge and experience in securing industrial systems and coordinate the exchange of

(SecurityWeek / Eduard Kovacs) - There have been several incidents recently where a critical infrastructure organization’s IT systems were breached or became infected with malware. SecurityWeek has reached out to several ICS security experts to find out if these types of

(SecurityWeek / Ed Kovacs) - Overblown media reports describing critical infrastructure incidents can have a negative impact on cybersecurity in the industrial control systems (ICS) sector, experts have warned. The number of attacks aimed at ICS has reportedly increased in the

Rockwell Automation is teaming up with industrial cybersecurity startup Claroty to combine their security products and services into future, combined security offerings. Rockwell, an industrial automation giant with more than 22,000 employees, said that after a competitive review process it selected

Global engineering and construction giant Bechtel has opened a new cyber security lab aimed at protecting industrial equipment and software that control facilities such as power plants, chemical plants, and other large-scale critical infrastructure operations.   With the goal of protecting

Multiple cyberattacks on critical infrastructure facilities in 2016 resulted in mere inconvenience or embarrassment. How long can dumb luck keep us from harm? By Michael Shalyt, VP Product, APERIO Systems When the U.S. Energy Department released a nearly 500 page report this month warning of

By Cameron Camp, Security Researcher, ESET Industroyer, the recent complex malware targeting industrial control systems, offers attackers a modular complex way to attack systems like the power grid. What are the implications of this? For years, adversaries have been quietly testing the

By: Eduard Kovacs (SecurityWeek) - The assessments conducted by the U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) in 2016 showed that inadequate boundary protection has remained the most prevalent weakness in critical infrastructure organizations. ICS-CERT conducted 130 assessments in the

By Kevin Townsend (SecurityWeek) The U.K. Government Communications Headquarters (GCHQ), Britain's secret eavesdropping agency, warns that 'a number of [UK] Industrial Control System engineering and services organisations are likely to have been compromised' following the discovery of 'connections from multiple UK IP addresses

The official Call for Papers (speakers) for SecurityWeek’s 2017 Industrial Control Systems (ICS) Cyber Security Conference, being held October 23 – 26, 2017 at the InterContinental Buckhead Atlanta, Georgia, USA is open through August 15, 2017. As the original ICS/SCADA cyber security conference,

(Eduard Kovacs, SecurityWeek) - A group of cyberspies believed to be operating out of Russia has been observed targeting energy facilities in the United States and other countries, and the attackers appear to be increasingly interested in gaining access to the

Mocana Integrates Embedded Security Software with AWS IoT, Microsoft Azure IoT, and VMware Liota to Protect Devices (SecurityWeek / Kevin Townsend) - Two constants in current cybersecurity are the growing threat from insecure IoT botnets (Mirai, WireX, etcetera), and the continuing security

By: Rick Grinnell, co-founder and managing partner of Glasswing Ventures. In this modern connected age, there’s no shortage of risks to fret about. I hate to add one more, but cyberattacks against utilities and power plants have recently rocketed to the

(Eduard Kovacs / SecurityWeek) - Engineering giant Siemens and PAS, a company that specializes in cyber security solutions for industrial control systems (ICS), announced on Tuesday a new strategic partnership. The goal of the partnership is to provide organizations the capabilities

(Eduard Kovacs - SecurityWeek) - A cyber espionage group linked by security researchers to the Iranian government has been observed targeting aerospace and energy organizations in the United States, Saudi Arabia and South Korea. The threat actor, tracked by FireEye as

(Eduard Kovacs - SecurityWeek) - Kaspersky said it had detected roughly 18,000 malware samples belonging to more than 2,500 families on industrial control systems (ICS) in the first half of 2017. According to the company’s “Threat Landscape for Industrial Automation Systems”

By Edgard Capdevielle, CEO of Nozomi Networks Power generation, substation and electric grid operators and many other critical infrastructure sectors typically use equipment from a heterogenous assortment of vendors. This equipment runs thousands of real-time processes generating a huge volume of

[Presentation from SecurityWeek's 2017 Singapore ICS Cyber Security Conference] Operations managers need to be 100% certain that their PLCs’ software is shielded from unauthorized modifications, to assure that operational processes go uninterrupted. This session demonstrates how PLC software can be modified without

Cylus Raises $4.7M to Help Protect Rail Industry Against Cyberattacks (SecurityWeek) - Cylus, an Israel-based startup that specializes in cybersecurity solutions for the rail industry, emerged from stealth mode on Thursday with $4.7 million in seed funding. Researchers have warned on several

[Presented at SecurityWeek's 2017 Singapore ICS Cyber Security Conference] Register for the 2018 Event Session Description: Presented by Joss Menting, Chief Technologist, Lab Manager Cybersecurity, ENGIE Lab LABORELEC Cybersecurity for Industrial Control Systems (ICS) is gaining importance fast and cannot be covered

(SecurityWeek - Eduard Kovacs) - Palo Alto Networks on Tuesday announced that it has updated its PAN-OS operating system and released a new next-generation firewall designed for use in industrial and other harsh environments. The new PA-220R is a ruggedized NGFW that can

Industrial cyber protection firm Bayshore Networks has named Kevin Senator as the company's new Chief Executive Officer and President. Senator served as VP of Worldwide Sales & Channels at Bayshore since joining the company in April 2017, and takes over for Mike

(Eduard Kovacs / SecurityWeek) - Industrial giant Siemens this week warned that critical vulnerabilities have been found in some of its telecontrol and building automation products, and revealed that some SIMATIC systems are affected by a high severity flaw. One advisory

(Eduard Kovacs - SecurityWeek) Several natural gas pipeline operators in the United States have been affected by a cyberattack that hit a third-party communications system, but the incident does not appear to have impacted operational technology. Energy Transfer Partners was the

(Kevin Townsend / SecurityWeek) - The Industrial Internet Consortium (IIC) has developed a new IoT Security Maturity Model (SMM), building on its own security framework and reference architecture. This week it has published the first of two papers: IoT Security Maturity Model:

(SecurityWeek - Eduard Kovacs) - A threat actor with ties to hacker groups believed to be operating out of Iran has been targeting the industrial networks of organizations in the Middle East and the United Kingdom. Tracked by industrial cybersecurity firm

(Eduard Kovacs - SecurityWeek) - The developers of Triton, a recently discovered piece of malware designed to target industrial control systems (ICS), reverse engineered a legitimate file in an effort to understand how the targeted devices work. Triton, also known as

(Eduard Kovacs - SecurityWeek) - In April, at SecurityWeek’s ICS Cyber Security Conference in Singapore, industrial cybersecurity firm Applied Risk disclosed the details of a serious denial-of-service (DoS) vulnerability affecting safety controllers from several major vendors. Rockwell Automation is one of those

(SecurityWeek - Eduard Kovacs) - The U.S. House of Representatives on Monday passed a bill aimed at protecting industrial control systems (ICS), particularly ones used in critical infrastructure, against cyberattacks. The legislation, H.R. 5733, formally known as the “DHS Industrial Control

(SecurityWeek - Eduard Kovacs) Siemens informed customers on Tuesday that some of its SICLOCK central plant clocks are affected by several vulnerabilities, including ones that have been rated “critical.” Siemens SICLOCK devices are used to synchronize time in industrial plants. The

(Eduard Kovacs - SecurityWeek) - Siemens recently updated its security bulletin for the Meltdown and Spectre vulnerabilities to inform customers of the latest variants, specifically the ones known as LazyFP and Spectre 1.1. Several industrial control systems (ICS) vendors published security

The ICS Security Market is set to grow from its current market value of more than $1.5 billion to over $7 billion by 2024; according to a new research report by Global Market Insights, Inc. The ICS security market growth is

(SecurityWeek - Joshua Goldfarb) - If you’re like me, you’ve likely sat through some pretty painful conference talks, meetings, industry sessions, or other gatherings over the course of your career. In my experience, these events can generally be broken up into

(SecurityWeek - Kevin Townsend) - Security firm Cybereason established a sophisticated honeypot masquerading as a power transmission substation for a major electricity provider. The purpose was to attract attackers and analyze how they operate against the energy sector of the

(SecurityWeek - Eduard Kovacs) - An unusually high volume of malicious internal reconnaissance and lateral movement have been observed in the manufacturing industry, which experts believe is a result of the rapid convergence between IT and OT networks. The data comes

SecurityWeek is happy to be partnering with LEO Cyber Security to offer a half-day Red Team/Blue Team ICS Cyber Security Training workshop at SecurityWeek’s 2018 ICS Cyber Security Conference. The workshop will take place on Monday, October 22 and is

(SecurityWeek - Eduard Kovacs) - Members of Google’s Android team discovered that some of Honeywell’s Android-based handheld computers are affected by a high severity privilege escalation vulnerability. The vendor has released software updates that should address the flaw. Honeywell’s handheld computers

(SecurityWeek - Eduard Kovacs) - Remote administration tools (RATs) installed for legitimate purposes in operational technology (OT) networks can pose a serious security risk, allowing malicious actors to abuse them in attacks aimed at industrial organizations, Kaspersky Lab warns. A report

Research Triangle Park, NC (25 September 2018) – The ISA/IEC 62443 series of standards, developed by the ISA99 committee as American National Standards and adopted globally by the International Electrotechnical Commission (IEC), is designed to provide a flexible framework to

Presented at SecurityWeek's 2018 ICS Cyber Security Conference Speakers: Robert Lee - CEO, Dragos Marc Seitz - Threat Analyst, Dragos The activity group responsible for the TRISIS/TRITON malware is identified as XENOTIME. After the attack on the safety instrumented system in 2017

ICS Devices Vulnerable to Side-Channel Attacks: Researcher Shows (Eduard Kovacs - SecurityWeek)  Side-channel attacks can pose a serious threat to industrial control systems (ICS), a researcher warned last month at SecurityWeek’s ICS Cyber Security Conference in Atlanta, GA. Demos Andreou, a lead

Presented at SecurityWeek's 2018 ICS Cyber Security Conference How would you handle leadership in this the most stressful Chief Information Officer (CIO) job in the World – being the CIO at The White House? Colonel Gelhardt answers this question, and talks

SecurityWeek is pleased to offer the following optional workshop for attendees of our 2019 Singapore ICS Cyber Security Conference, taking place April 16-18, 2019. When: Thursday, April 18, 2019 - 8AM-5PM ($400 Fee - Limited to 40 Students - Register Now) Industrial Control

(Eduard Kovacs - SecurityWeek) - Russia and China are capable of disrupting critical infrastructure in the United States, and Iran is not far behind, according to the Worldwide Threat Assessment made public by the U.S. intelligence community on Tuesday. The assessment

SecurityWeek is pleased to offer the following optional workshop for attendees of our 2019 Singapore ICS Cyber Security Conference, taking place April 16-18, 2019. When: Thursday, April 18, 2019 – 8AM-5PM ($400 Fee – Limited to 40 Students – Register Now) What is

(SecurityWeek - Eduard Kovacs) - Several serious vulnerabilities have been identified in a gateway made by Kunbus, including flaws that can be exploited to take complete control of a device. Germany-based Kunbus offers connectivity solutions for industrial networks. The company’s gateway

(SecurityWeek- Eduard Kovacs) - A survey conducted by the Ponemon Institute on behalf of security solutions provider TUV Rheinland OpenSky analyzes the security, safety and privacy challenges and concerns related to the convergence between information technology (IT), operational technology (OT),

(Eduard Kovacs - SecurityWeek) Belden-owned Tripwire on Monday announced the availability of two new assessment services designed to help enterprises and industrial organizations find potentially dangerous vulnerabilities in their systems. One of the new services, Industrial Cybersecurity Assessment, provides experts who can

The Opportunity for OT Security Teams to Fill the Gaps in Their Visibility Has Never Been Better (SecurityWeek - Galina Antova) - Most experienced security professionals have heard the axiom, “You can’t protect what you can’t see.” It’s admittedly a truism

Triton Hackers Focus on Maintaining Access to Compromised Systems, Report Says (SecurityWeek - Eduard Kovacs) - The tools and techniques used by the threat group behind the notorious Triton malware show that the hackers are focused on maintaining access to compromised

(Eduard Kovacs - SecurityWeek) - The U.S. National Institute of Standards and Technology (NIST), through its National Cybersecurity Center of Excellence (NCCoE), this week announced that it’s working on a project whose goal is to help the energy sector secure

(Eduard Kovacs - SecurityWeek) - Norwegian aluminum giant Norsk Hydro lost $35-41 million in the first quarter of 2019 as a result of the ransomware attack and expects additional losses of $23-29 million in the second quarter. A piece of file-encrypting

Cisco on Thursday announced that it has agreed to acquire privately-held operational technology (OT) cybersecurity firm Sentryo for an undisclosed sum.  Founded in 2014 and headquartered in Lyon, France, Sentryo, provides device visibility and security solutions for industrial control system (ICS) networks and

Drones are an increasing threat to industrial sites, enabling various attacks (cyber and physical) that historically were only possible in close proximity to a facility or device.

Presented first at SecurityWeek's 2017 ICS Cyber Security Conference, this presentation explains how to inject specially-crafted ladder logic code into a Siemens S7-1200 PLC. The code uses memory copy operations to generate frequency-modulated RF signals slightly below the AM band

Presented at SecurityWeek's 2018 ICS Cyber Security Conference How would you handle leadership in this the most stressful Chief Information Officer (CIO) job in the World – being the CIO at The White House? Colonel Gelhardt answers this question, and

How Open Source Intelligence can be applied to reconnaissance on critical infrastructure. In many cases it’s possible to narrow a search to specific buildings like power plants, wastewater plants, or chemical and manufactured facilities. The research consists of 26,000 exposed

Industrial cybersecurity firm Claroty announced that Jennifer Leggio has taken the role of Chief Marketing Officer (CMO) at the company.

(Eduard Kovacs - SecurityWeek) MITRE on Tuesday announced the initial release of a version of its ATT&CK knowledge base that covers the tactics and techniques used by malicious actors when targeting industrial control systems (ICS). MITRE’s ATT&CK framework has been widely

Integrity-based attacks can produce significant impacts through undermining a physical process and calling into doubt the viability of a specific facility.

TXOne StellarProtect protects OT endpoints against malware and other threats without requiring an internet connection

The Colonial Pipeline is working on a restart plan after a ransomware attack triggered the company to halt all pipeline operations on May 7, 2021.

OT cybersecurity firm Waterfall Security Solutions has opened an office in Singapore to support industrial customers in the APAC region

Sachin Shah named CTO at device security firm Armis

A modular ICS attack framework and a collection of custom-made tools, can be used by threat actors to target ICS and SCADA devices, including programmable logic controllers (PLCs) from Schneider Electric and Omron, and OPC UA servers.

Critical industries must prepare themselves for a new wave of ransomware attacks specifically targeting OT

Industrial Control Systems Cybersecurity Training Act.

Conference attendees can register for optional full-day ICS cybersecurity training sessions that take place on Monday, October 24th, 2022.

All ICS vendors impacted by the recently-disclosed OT:Icefall vulnerabilities have released advisories to inform customers about the impact of the flaws and to provide mitigations.

A joint advisory describes five typical steps involved in planning and executing an attack on Industrial control systems (ICS) and other operational technology (OT) systems

In this session, Mark Plemmons, Sr. Director for Threat Intelligence at Dragos, dives deep into the technical details and real-world impact on the modular ICS attack framework known as PIPEDREAM/Incontroller

Schneider Electric partnered with BitSight to develop a OT risk identification and threat intelligence capability

Yokogawa will offer Unidirectional Gateway cybersecurity products from Waterfall Security Solutions under a new collaboration

CISA announced a new vulnerability scanning service designed to help water utilities identify and address security holes that could expose their systems to remote attacks.

Radiflow and Cyolo partnership will allow organizations implement a seamless, single sign-on experience for remote and third-party vendors, while significantly enhancing network security.

Industrial giant Rockwell Automation announced on Monday that it has signed a definitive agreement to acquire Verve Industrial Protection, a cybersecurity company specializing in industrial control systems (ICS) and operational technology (OT). Verve’s managed OT/ICS security platform provides asset inventory, vulnerability

Russia’s Sandworm hackers disrupted power in Ukraine using a novel attack against operational technology (OT) coordinated with missile strikes.

Iran-Linked "Cyber Av3ngers" hackers compromised an industrial control system at the Municipal Water Authority of Aliquippa (MWAA) in Pennsylvania.