Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

5 Recent Great Reads in Automation Cybersecurity

A Google search for "cybersecurity" returns 129 million results. A sizable amount of that content addresses the sub-type that we call automation cybersecurity, an umbrella term that coversnon-exclusivelyindustrial cybersecurity, OT cybersecurity, ICS cybersecurity, IoT cybersecurity, and the cybersecurity of building automation systems.

Automation cybersecurity is still somewhat more niche than IT cybersecurity. Like most niche topics, however, there are thousands of sources that deal with it in depth, and the quality varies. Unless reading is your only job, you may not be inclined to keep up with new developments minute-by-minute. 

So we're going to help cut through the noise this month. We looked for relevant articles published in July 2020 that you might find newsworthy, useful, or interesting. Here's a sample of current news and thought leadership that affects the world of automation cybersecurity right now. Let us know what you think in the comments.

 

1. ZDNet: "This Is How EKANS Ransomware Is Targeting Industrial Control Systems."

Security researchers obtained two recent samples of the EKANS ransomware, uncovering new ways that cyberattackers are threatening industrial control systems (ICS). As the article states, "malware designed to attack industrial control systems continues to be lucrative for threat actors."

Both EKANS samples seem to have been designed to carefully select their target companies before encrypting files and showing the victim a ransom note. The most recent sample, obtained in June, is also capable of turning off host firewallspotentially causing massive disruption in an industrial setting.

 

2. Kaspersky: "Industrial Cyberattacks Are On the Rise. Technology and Your People Can Stop Them."

Cyberattacks on operational technology (OT) are increasing as more manufacturing plants begin to actualize their digital transformation. This article offers a few practical tips on maintaining OT cybersecurity for industrial businesses, emphasizing that training all employees to be "cyber-aware" is essential.

This article appeared in Secure Futures Magazine, an online offering from the cybersecurity firm Kaspersky Labs.

 

3. Security Boulevard: "Remote Work Pushes Brute-Force Attacks Higher."

As the world adjusts to more remote work, we've heard about the simultaneous rise in phishing emails, many which play on COVID-19 fears. This article states that brute-force attacks have increased, as well. Many of these attacks attempt to exploit Windows' remote desktop protocol (RDP).

Ransomware gangs have used attacks on RDP as a common tactic over the last few years. A study conducted more recently, however, found the highest concentrations of targeted IP addresses in Russia, Germany, and Japan.

 

4. Security Info Watch: "Emerging Market: Smart Cities."

This article examines the payoffs and hidden costs of IT/OT convergence in security for smart cities. It urges traditional security integrators to embrace the cybersecurity learning curve and to take it seriously.

"Integrators willing to make the investment to train and develop technicians to become proficient in the converged environment as well as IT/IoT/OT infrastructure awareness will have the potential to reap the rewards when it comes to the Smart Cities vertical," the article says.

 

5. SC Magazine: "Mounting IIoT Cyber Risks Must Be Addressed Now to Prevent Catastrophe."

A recent report from a U.K.-based cybersecurity foundation says that global critical infrastructure is not adopting new technology fast enough to match the pace of emerging cyber threats to IIoT. The article suggests that many current capabilities will not scale or have not been thoroughly tested. It also notes the different perspectives of those responsible for industry risk management, from executives to regulators to cybersecurity teams, and suggests that everyone needs to get more savvy about cyber risk.

 

Interested in reading more articles like this? Subscribe to the ISAGCA blog and receive weekly emails with links to the latest thought leadership, tips, research, and other insights from automation cybersecurity leaders.

Kara Phelps
Kara Phelps
Kara Phelps is the communications and public relations manager for ISA.

Related Posts

What Does the Future of Zero Trust in OT Look Like?

Zero trust principles have established themselves in the mindshare of cybersecurity practitioners worldwi...
Jacob Chapman Dec 20, 2024 7:00:00 AM

North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and ISA/IEC 62443 Comparative Analysis

The Utilities Technology Council and Cumulys recently prepared a report in partnership with the ISA Globa...
Kara Phelps Dec 13, 2024 7:00:00 AM

Securing PLCs Through the Backplane: Balancing Performance and Simplicity

With the increasing convergence of operational technology (OT) and information technology (IT), the need ...
Ashraf Sainudeen Dec 6, 2024 7:00:00 AM