Social media has made it possible to manipulate the masses via disinformation and fake news at an unprecedented scale. This is particularly alarming from a security perspective, as humans have proven to be one of the weakest links when protecting critical infrastructure in general, and the power grid in particular. Here, we consider an attack in which an adversary attempts to manipulate the behavior of energy consumers by sending fake discount notifications encouraging them to shift their consumption into the peak-demand period.Cyberscoop - ‘Cyber Storm’ drill for critical infrastructure focuses on corruption of key IT services -
The simulation featured compromised certificate authorities, which deem software trustworthy, attacks on the Border Gateway Protocol, the internet’s basic routing mechanism, and the subversion of domain name system (DNS) records, which help send a user to a website that is not malicious.
“[I]t was clear that many organizations do not have a full understanding of their reliance on third-party services,” said Brian Harrell, assistant director of DHS’s Cybersecurity and Infrastructure Security Agency who was partly responsible for planning the exercise. “Just because you think you are compliant and secure doesn’t necessarily mean that the folks that you rely on in your time of need are equally as secure.”SC Magazine - A2V teams with utilities to secure supply chain -
Utilities are gearing up to meet the security requirements laid out in the Critical Infrastructure Protection (CIP) Security Compliance Standards: NERC Critical Infrastructure (NERC-CIP) standards and waiting to see how a presidential executive order, also designed at securing bulk power systems (BPS), shakes out.
That’s created an opportunity for the Asset to Vendor Network Power Utilities (A2V) to step in to protect the supply chain and help utilities nationwide share critical information on cybersecurity risk. A2V, aiming to be a membership-based forum that facilitates information sharing among utilities and the vendors that serve them, picked up its first new partner – Southern Company – earlier this summer.Foreign Policy - In the New Cold War, Deindustrialization Means Disarmament-
In this new cold war, a deindustrialized United States is a disarmed United States—a country that is precariously vulnerable to coercion, espionage, and foreign interference. Preserving American preeminence will require reconstituting a national manufacturing arrangement that is both safe and reliable—particularly in critical high-tech sectors. If the United States is to secure its supply chains and information networks against Chinese attacks, it needs to reindustrialize. The question today is not whether America’s manufacturing jobs can return, but whether America can afford not to bring them back.
Dark Reading - Research Casts Doubt on Value of Threat Intel Feeds -
Collect threat data from two of the largest threat intelligence providers, and the risk landscape they portray will be completely different — raising questions about the utility of threat intelligence feeds to organizations, a group of researchers said this week.
The researchers, from universities in the Netherlands and Germany, compared threat indicators from four open source threat intelligence feeds and two commercial feeds — which the researchers could not name — and found very little overlapping data between the services. On the commercial side, the larger Vendor 2 had 13% of the data covered by Vendor 1, while Vendor 1 only replicated 1.3% of the indicators from Vendor 2, said Xander Bouwman, a PhD candidate at Delft University of Technology and a primary author of the paper, in a presentation Wednesday.
"If two threat intelligence vendors are describing the same threats, you might expect that they are coming up with the same data," he said. "We find that this is not the case."
No comments:
Post a Comment