Critical Infrastructure Security
DON’T WAIT: Engineering Outcomes Between Red Lines and Rules of Engagement
Danielle (DJ) Jablanski argues that critical-infrastructure owners must stop waiting for perfect regulation or deterrence and instead start today to map interdependencies, engineer fault-tolerant redundancy, and reduce the severity of inevitable cyber-physical impacts.
Keeping your Milk Cool and your Tech Safe
Security engineer and architect Brad Voris recounts designing zero-trust controls for legacy dairy-plant systems to protect millions of gallons of milk from tampering or contamination.
Critical Infrastructure Wars: A New Hope - Accenture's Dragos Deal Is The Shot Heard 'Round The Internet
Also this week: Introducing the CYBR.Minded podcast, why Zero Trust Framework's creator wants cybersecurity to stop talking about risk, a GPS correction tool gives Iran-linked hackers access to a major water utility, a guide to conference swag people actually want, and more!
Accenture's Dragos Deal Signals a New Phase in the Race to Secure Critical Infrastructure
Accenture's acquisition of a majority stake in Dragos and full ownership of runZero and NetRise reflects growing urgency across the cybersecurity industry to defend critical infrastructure against nation-state threats, particularly those attributed to China.
A GPS Correction Tool Gave Iran-Linked Hackers Access to a Major Water Utility
Iranian-linked hackers reportedly breached California Water Service by pivoting through an open-source GPS correction tool to then access billing systems. The alleged intrusion laid bare security failures that federal inspectors had already flagged across hundreds of U.S. water systems.
Iranian Hackers Didn't Need a Zero-Day to Hit U.S. Critical Infrastructure. They Just RTFM
IRGC-affiliated actors used legitimate engineering software to compromise American water, energy, and government systems. A new report ties the hacktivist ecosystem to Iranian intelligence, enabling them to communicate directly with Iranian intelligence.