SCADA – ICS

Gas Explosions Lawrence MA

Sensor-y Overload: Cyber Risk and the Merrimack Valley Gas Explosions

Let’s be clear: the natural gas explosions that rocked the Merrimack Valley north of Boston in September weren’t the result of a cyber attack. Unfortunately: well known vulnerabilities affecting the security of remote sensors and industrial control system software mean they easily could have been. 

Theo from Die Hard

Die Hard is a Movie About Building Automation Insecurity. Discuss.

In this episode of the Security Ledger Podcast (#126): Die Hard has finally been embraced as the bloody, violent, feel-good Christmas movie its always been. But the film, which turns 30 this year, is about more than the power of ordinary guys to stand up to evil. Did you know it’s also a (very) early warning about the dire insecurity of building automation systems? We speak with Ang Cui of the firm Red Balloon Security about the dire risk of cyber attacks on building automation software and company’s work to secure this often-overlooked critical infrastructure. 

Robots welding in a production line

Spotlight: as Attacks Mount, how to secure the Industrial Internet

In this spotlight edition* of The Security Ledger Podcast, Steve Hanna of Infineon joins us to talk about the growing risk of cyber attacks on industrial systems and critical infrastructure. “Industry 4.0” is poised to transform the global economy, Hanna said, but not if the issue of cyber risk can’t be managed. We talk about how that might be done and the need for strong identity and hardware based roots of trust!

TP-Link WR-841n

Everybody reboot! VPNFilter Malware infects 500k Routers

Newly discovered malicious software dubbed VPNFilter has infected hundreds of thousands of routers and network attached storage (NAS) devices globally and could be used to steal sensitive data or wipe out (“brick”) the devices, the company said. 

Fist Full 'o Money

Podcast Episode 88: Inside Russia’s DragonFly Group and How Cyber Crooks Launder Money

Podcast: Play in new window | Download (Duration: 34:30 — 39.5MB)Subscribe: Android | Email | Google Podcasts | RSSIn this week’s Security Ledger Podcast (#88) we do a deep dive with researcher Vikram Thakur of the firm Symantec on “Dragonfly,” the Russian hacking group whose actions prompted the U.S. Department of Homeland Security and the FBI to issue a joint statement last week warning of intrusions into critical infrastructure in the US. Also: how do cyber criminals cash out all the loot they make from online scams? In our second segment we’ll talk to researcher Mike McGuire of the University of Surrey, who has been studying that question.