Articles about critical infrastructure

bouncer

Brit water firms, power plants with crap cyber security will pay up to £17m, peers told

Plans to fine Britain's national utilities and infrastructure providers £17m for shoddy cyber security will be at the forefront of industry's mind once everyone "gets over" GDPR, peers heard at a House of Lords committee. Speaking on a panel on cyber security for critical national infrastructure (CNI) yesterday, Elliot Rose, …
Kat Hall, 22 May 2018
Candle

Vlad that's over: Remote code flaws in Schneider Electric apps whacked

Infosec researchers at Tenable Security have unearthed a remote code execution flaw in critical infrastructure software made by energy management multinational Schneider Electric. The vulnerability could have allowed miscreants to control underlying critical infrastructure systems, researchers said. The apps affected – used …
Kat Hall, 2 May 2018
Sulphur-crested cockatoo

Australia commences critical infrastructure protection consultation

Last month, Australia's federal government established a Critical Infrastructure Centre. Now it's decided to ask what the centre should protect. Attorney-General George Brandis has announced a month-long consultation into the security of the country's critical infrastructure. The statement says the consultation includes …
Patrick McGoohan as The Prisoner

UK Parliament suddenly remembers it wants to bone up cyber security *cough* Russia *cough*

The UK parliament launched an inquiry into cyber-security on Tuesday. The investigation by MPs and peers follows weeks after the UK government committed to spending £1.9bn between 2016 and 2021 as part of an update to the UK’s National Cyber Security Strategy. Protecting critical national infrastructure organisations ( …
John Leyden, 10 Jan 2017
China cybersecurity

China passes new Cybersecurity Law – you have seven months to comply if you wanna do biz in Middle Kingdom

On Monday, the Chinese government officially passed its 2016 Cybersecurity Law. From June 2017, all companies doing business in the Middle Kingdom will have to obey the new rules. The legislation, approved by the National People's Congress, takes away the last vestiges of anonymity for China's 710 million internet users, and …
Iain Thomson, 7 Nov 2016

Swedish air controllers debunk cyber attack disruption theory

Sweden's civil aviation administration (LFV) has concluded that radar disruptions that affected services in Stockholm and Malmö last November were down to the effects of a solar flare, scotching rumors reported by El Reg and others earlier this week that a hacker group linked to Russian intelligence might be to blame. Radar …
John Leyden, 15 Apr 2016

Homeland Security report hoses down energy-sector 'cybergeddon' talk

+Comment Everybody knows how easily the world could be plunged into a New Dark Ages with nothing more than a handful of hacker keystrokes – everybody except the United States Department of Homeland Security (DHS). In a report obtained and published by Public Intelligence researchers, the DHS contradicts most of the received wisdom …
Switch

Crumbs! Stricken Kiev blames Russian hackers for Xmas eve outages

The Ukrainian government is blaming power outages in the Western Ukraine on “hacker attacks by Russia[n] special services”. Malware has been found in the networks of some utilities, according to the Security Service of Ukraine (SBU). Moreover, these malware intrusions coincided with a “non-stop telephone flood at utility …
John Leyden, 29 Dec 2015
Air traffic control at NATS

US air traffic control 'vulnerable to hackers' says watchdog

US air traffic control systems are potentially vulnerable to hackers, according to an audit by the American government. A report [46 pages, PDF] by the Government Accounting Office (GAO) faults the Federal Aviation Administration (FAA) for failing to meet compliance with the relevant government standards, specifically the …
John Leyden, 9 Mar 2015

Iranian CLEAVER hackers may DRAIN energy and defence firms, warn Feds

Iranian hackers may be sniffing out education, defence and energy targets as part of a well-planned operation, the US Federal Bureau of Investigation has reportedly warned. A secret FBI document dubbed "Flash, seen by Reuters, offered advice to businesses on how to foil any such attacks. It comes after Cylance researchers …
Kelly Fiveash, 14 Dec 2014
Photo of the White House at dusk

OK, Mr. President, those cybersecurity guidelines you ordered are HERE

The Obama administration has taken wraps off the Cybersecurity Framework, a new set of voluntary guidelines outlining ways that organizations involved in energy, water, transportation, and other critical infrastructure can shore up their digital security. The guide is the result of a yearlong collaboration between the National …
Neil McAllister, 13 Feb 2014
The Register breaking news

Energy sector under increasing attack: DHS

The Department of Homeland Security, via its ICS-CERT group, is reporting growing attacks against critical infrastructure with the energy sector leading the way. Its most recent ICS-CERT Monitor report states that of more than 200 incidents it investigated between October 2012 and May 2013, 53 percent were in the energy sector …
The Register breaking news

Obama signs Executive Order on critical cybersecurity

President Obama made space in his State of the Union address to mention online security and revealed that he has signed an executive order named "Improving Critical Infrastructure Cybersecurity." "We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy," the …
Iain Thomson, 13 Feb 2013
The Register breaking news

White House 'wants Feds to draw up cyber-defences' for power plants

The White House is reportedly getting all federal agencies together to develop voluntary cybersecurity guidelines for power, water and other critical infrastructure companies. The Feds will get 90 days to propose the regulations and put together a new cybersecurity council at the Department of Homeland Security with agents …
Death

Insecure SCADA kit has hidden factory account, password

Cylink’s Justin Clarke has tagged another SCADA maker for default insecurity, discovering a hidden factory account – complete with hard-coded password – in switch management software made by Belden-owned GarrettCom. As the Department of Homeland Security's ICS-CERT advisory (PDF) notes, the company’s Magnum MNS-6K management …

Smart meter hack framework goes open-source

Security outfit SecureState’s smart meter hacking framework, Termineter, has gone live over at Google Code. The software is described as having a structure like Metasploit, with a similar interface and ability to be extended with external modules. Termineter isn’t up to the full doomsday-scenario “remote attack” that troubles …

SCADA vuln imperils critical infrastructure, feds warn

An electronic device used to control machinery in water plants and other industrial facilities contains serious weaknesses that allow attackers to take it over remotely, the US agency that safeguards the nation's critical infrastructure has warned. Some models of the Modicon Quantum PLC used in industrial control systems …
Dan Goodin, 14 Dec 2011
The Register breaking news

US, Europe throw their very first joint cyber-war party

The European Union and the US on Thursday conducted their first ever cyber security exercises designed to coordinate responses to attacks on critical infrastructure. Security experts from the US and 27 EU member states were involved in the drill, which simulated crises affecting national security. In the first scenario, a …
Dan Goodin, 4 Nov 2011

Create a news alert about critical infrastructure, or find more stories about critical infrastructure.

Biting the hand that feeds IT © 1998–2018