In a comprehensive National Security Memorandum (NSM), the current administration has outlined its strategy for strengthening the security and resilience of United States critical infrastructure against threats like cyberattacks, natural disasters, and climate change. The memorandum designates 16 critical infrastructure sectors, such as energy, transportation, and health care, and outlines roles and responsibilities for relevant federal agencies to identify and mitigate risks within each sector
critical infrastructure (9)
The attached US DHS CISA fact sheet provides an overview for executive leaders on the urgent risk posed by People’s Republic of China (PRC) state-sponsored cyber actors known as “Volt Typhoon.” CISA—along with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and other US government and international partners1—released a major advisory on 7 February 2024, in which the U.S. authoring agencies warned cybersecurity defenders that Volt Typhoon has been pre-positioning t
Hackers from the People's Republic of China spent up to five years in US networks as part of a cyber operation that targeted US critical infrastructure, law enforcement and international agencies said earlier this week. "The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People's Republic of China (PRC) state sponsored cyber actors are seeking to preposition themselves on IT networks for disruptive o
The US FBI and US Department of Justice (DOJ) have used a court order to address vulnerabilities in thousands of internet-connected devices that are at the center of a Chinese hacking campaign. The campaign is targeting sensitive US critical infrastructure, two US officials and a third source familiar with the matter reported to media.
The move is part of a broader, government-wide effort to blunt the impact of a persistent Chinese hacking effort that US officials fear could hinder any US milit
he US government released its National Cyber Security Strategy on 28 February 2023, detailing mandatory regulation on critical infrastructure vendors and endorsing a more aggressive ‘hack-back’ approach to dealing with foreign adversaries and ransomware actors. As previously reported, the White House plans to use regulation to “level the playing field” and shift liability to organizations that fail to make reasonable precautions to secure their software. “[While] voluntary approaches to critic
Cyber threats are an all too common danger for companies in all critical infrastructure sectors. Historically, the threat of cyber-attack was thought to be largest against financial institutions, retail chains, and the medical sector. However, as manufacturing has become more reliant on data and technology, the threat of cyber-attacks on the industry has grown. This especially true for critical manfacturing, like aviation and the defense industrial base (DIB), but true for any manfacturing.
There is serious legal reasoning that cyber-attacks against a nation’s critical infrastructure could be reasoned as a war crime.[1] The University of California (UC), Berkeley Human Rights Center’s recent recommendations for war crime charges against the Sandworm hacking group, which was sent to the International Crimes Commission (ICC) before some of the most recent cyberattacks fully came to light, single out Sandworm’s two blackout attacks in 2015 and 2016 for legal and practical reasons: Sa
Electricity, oil and gas and other critical infrastructure vital to any country’s day to day lives is increasingly at risk from cyber-attackers who know that successfully compromising industrial control systems (ICS) and operational technology (OT) can enable them to disrupt or tamper with vital services. A report from cybersecurity company Dragos[1] details ten different hacking operations which are known to have actively targeted industrial systems in North America and Europe and its warned t
Cybersecurity professionals, including the US expert team at the Cybersecurity and Infrastructure Security Agency (CISA), often focus on promoting best practices: the necessary steps that organizations must take to secure their enterprises. It is equally important for organizations to focus on stopping bad practices.
High-risk and dangerous technology practices are often accepted because of competing priorities, lack of incentives, or resource limitations that preclude sound risk management deci
