More than 80 percent of the most severe tech-related vulnerabilities to critical infrastructure originate from the same 20 software components, a new report out this week from Fortress Information Security finds. […]
A report out this month by the Environmental Protection Agency’s (EPA) Inspector General (IG) finds that drinking water systems serving approximately 26.6 million people have critical or high-risk cybersecurity vulnerabilities. […]
The Cybersecurity and Infrastructure Security Agency (CISA) said on Thursday that it recently conducted a red team assessment (RTA) at the request of an unnamed critical infrastructure organization, with mixed results. […]
Former Acting National Cyber Director (NCD) Kemba Walden said on Thursday that the current sector-by-sector assignment of critical infrastructure areas by U.S. regulators is handicapping the Federal government and hindering nationwide cyber resilience. […]
The Transportation Security Administration (TSA) has unveiled a long-awaited proposal for cybersecurity mandates that would direct pipeline and railroad owners and operators to set up risk management programs and establish incident reporting protocols. […]
Top Cybersecurity and Infrastructure Security Agency (CISA) officials highlighted today that the agency has been working with critical infrastructure operators across all sectors to ensure that election day runs smoothly on Nov. 5. […]
During its quarterly meeting on Friday, the Cybersecurity and Infrastructure Security Agency’s (CISA) Cybersecurity Advisory Committee (CSAC) approved recommendations in four reports delivered to Director Jen Easterly aimed at bolstering resilience for critical infrastructure and open source security, as well as ensuring adoption of the agency’s secure by design initiative and increasing the agency’s public outreach. […]
Aging critical infrastructure is impacting how Federal officials are preparing to respond to cyberattacks and damage to that infrastructure from environmental disasters, with collaborate approaches and response plans key to that preparedness effort. […]
Federal officials said this week that international collaboration and better sharing of actionable security guidance are needed to help meet the challenge of increasingly sophisticated cyberattacks from China and other adversaries who are making the ability to attack critical infrastructure industries part of their military strategies. […]
Reps. Dan Crenshaw, R-Texas, and Seth Magaziner, D-R.I., introduced new bipartisan legislation last week that would require an assessment of the manual operations of critical infrastructure in the event of a cyberattack. […]
The Department of Homeland Security (DHS) released guidance on Thursday aimed at helping Federal agencies, critical infrastructure owners and operators, and other government and private sector stakeholders with their critical infrastructure security and resilience efforts. […]
President Biden issued an executive order today aimed at fortifying America’s supply chains, with a particular emphasis on critical infrastructure (CI). […]
The White House Office of the National Cyber Director (ONCD) announced today that it is building a pilot reciprocity framework to be used in a critical infrastructure subsector which will give ONCD “valuable insights” into how to best design a harmonized cybersecurity regulatory approach. […]
One House member today pointed to the need for more cybersecurity regulations in the agriculture sector, highlighting that the 2024 farm bill paves the path for legislation that does just that. […]
The Environmental Protection Agency (EPA) said Monday that recent inspections have revealed that more than 70 percent of water systems looked at since September 2023 are in violation of basic Safe Drinking Water Act requirements – thus causing “critical” cybersecurity vulnerabilities. […]
Pro-Russia hacktivists are targeting and compromising small-scale operational technology (OT) systems in North American and European critical infrastructure sectors – including water and wastewater systems (WWS), dams, energy, and food and agriculture – according to a joint fact sheet released today by leading Federal cyber agencies. […]
As part of the Biden-Harris administration’s approach towards harnessing the benefits of AI and ensuring its responsible and safe deployment, the Department of Energy (DoE) today released a summary report on the potential benefits and risks of AI use for critical energy infrastructure. […]
Former chief of the U.S. Fleet Cyber Command said today that the Federal government and industry must be prepared to work together in the face of adversarial attacks against U.S. critical infrastructure like the electric grid. […]
The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) published its long-awaited cyber incident reporting rule today for the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), requesting public input on the forthcoming regulations. […]
Sen. Mark Warner, D-Va. – co-chair of the Senate Cybersecurity Caucus – introduced legislation that would provide financial incentives for healthcare providers to boost their cyber defense by requiring them to meet minimum cybersecurity standards in order to receive accelerated payment in the event of a cyberattack. […]
Following the discovery of a Chinese-based hacking group compromising U.S. critical infrastructure, the White House – in collaboration with the Environmental Protection Agency (EPA) – announced plans this week to form a Water Sector Cybersecurity Task Force. […]
Two of the Federal government’s top cybersecurity officials praised a new White House report this week that offers four recommendations to fortify the resilience of the nation’s critical infrastructure – including establishing performance goals and ramping up funding for agencies that oversee the sectors. […]
Tech policy experts on Capitol Hill said Thursday that the recent AT&T outage across the nation showed the importance of the resiliency of America’s critical infrastructure. […]
Federal agencies called on all organizations today to urgently implement a series of cybersecurity actions after discovering that a Chinese-based hacking group has compromised the IT environments of multiple U.S. critical infrastructure organizations – with the end goal of a future cyberattack. […]
Top cybersecurity and critical infrastructure experts voiced concerns to lawmakers today at a House Homeland Security Subcommittee hearing that neither the government nor the private sector are doing enough to secure operational technology (OT) networks of critical infrastructure organizations. […]
In joint guidance released on Jan. 17, the Cybersecurity and Infrastructure Security Agency (CISA) – alongside the FBI – is warning critical infrastructure and state, local, tribal, and territorial partners of cybersecurity threats posed by Chinese-manufactured unmanned aircraft systems (UAS), more commonly known as drones. […]
The Department of Energy’s (DoE) Office of Cybersecurity, Energy Security, and Emergency Response (CESER) has announced up to $70 million in funding to support research into technologies designed to increase resilience and reduce risks to energy delivery infrastructure from a variety of hazards, including cyber threats. […]
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI cautioned today that the LockBit ransomware gang is exploiting the Citrix Bleed security flaw in exploits against critical infrastructure sectors, according to a joint cybersecurity advisory (CSA) issued with the Multi-State Information Sharing and Analysis Center and the Australian Cyber Security Center. […]
The Environmental Protection Agency (EPA) withdrew its memo this week that required states to include cybersecurity audits of U.S. water utilities through sanitary surveys. […]
The Executive Director of the Cybersecurity and Infrastructure Security Agency (CISA) said today that the threat posed by China within the cyber realm is evolving and much more serious today than it was a decade ago – particularly when it comes to potentially targeting the United States’ critical infrastructure. […]