Sunday, January 29, 2023

What I am Reading 1/29/2023

 NERC-CIP Stuff - Alexa, can you tell me when my grid is hacked?

https://www.amperesec.com/blog/alexa-can-you-tell-me-when-my-gird-is-hacked

Within the next 2-3 years, if you are a NERC Registered Entity with high impact or medium impact with ERC BES cyber systems, you will need to baseline your network traffic for all applicable cyber assets inside the ESP and look for anomalies beyond the traditional anti-malware and port-restriction controls already in place as part of the existing CIP standards. Examples of anomalies could be, among other things, accounts used in ways they shouldn’t be or new unexpected devices on the network or sending legitimate commands to control systems in ways that could stop or degrade the system. Further, you will need to record/log the traffic information and protect that information from misuse.

RIP Perimeter Security: Critical Infrastructure Breaches Demand New Approach

https://securityboulevard.com/2023/01/rip-perimeter-security-critical-infrastructure-breaches-demand-new-approach/

Race to zero: Can California’s power grid handle a 15-fold increase in electric cars?

https://calmatters.org/environment/2023/01/california-electric-cars-grid/

EVs Are Essential Grid-Scale Storage

https://spectrum.ieee.org/electric-vehicle-grid-storage

Russia’s Sandworm hackers blamed in fresh Ukraine malware attack


https://cyberscoop.com/sandworm-wiper-ukraine-russia-military-intel/

National Security Agency | Cybersecurity Information Sheet | IPv6 Security Guidance

https://media.defense.gov/2023/Jan/18/2003145994/-1/-1/0/CSI_IPV6_SECURITY_GUIDANCE.PDF

Trained developers get rid of more vulnerabilities than code scanning tools


https://www.helpnetsecurity.com/2023/01/23/trained-developers-code-scanning-tools/

Microsoft will stop selling Windows 10 on January 31, but workarounds remain


https://arstechnica.com/gadgets/2023/01/microsoft-will-stop-selling-windows-10-on-january-31st-but-workarounds-remain/

NIST working on ‘potential significant updates’ to cybersecurity framework

https://fedscoop.com/nist-working-on-potential-significant-updates-to-cybersecurity-framework/

The Concept Paper - NIST Cybersecurity Framework 2.0 Concept Paper: Potential Significant Updates to the Cybersecurity Framework

https://www.nist.gov/system/files/documents/2023/01/19/CSF_2.0_Concept_Paper_01-18-23.pdf

New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch


https://www.securityweek.com/new-open-source-ot-security-tool-helps-address-impact-of-upcoming-microsoft-patch/

Why are so many tech companies laying people off right now?

https://www.theverge.com/2023/1/26/23571659/tech-layoffs-facebook-google-amazon

Kevin Mitnick Hacked California Law in 1983

https://www.schneier.com/blog/archives/2023/01/kevin-mitnick-hacked-california-law-in-1983.html

Google Is Screwed, Even If It Wins Its Antitrust Case


https://gizmodo.com/google-bing-microsoft-chatgpt-ai-antitrust-doj-screwed-1850029781

Two Supreme Court Cases That Could Break the Internet

https://www.newyorker.com/news/q-and-a/two-supreme-court-cases-that-could-break-the-internet

Hackers abuse legitimate remote monitoring and management tools in attacks


https://www.csoonline.com/article/3686610/hackers-abuse-legitimate-remote-monitoring-and-management-tools-in-attacks.html#tk.rss_all


No comments: