Building a Resilient World

Practical Automation Cybersecurity

Welcome to the official blog of the International Society of Automation (ISA) Global Cybersecurity Alliance.
All Posts

5 Recent Great Reads in Automation Cybersecurity

A Google search for "cybersecurity" returns 129 million results. A sizable amount of that content addresses the sub-type that we call automation cybersecurity, an umbrella term that coversnon-exclusivelyindustrial cybersecurity, OT cybersecurity, ICS cybersecurity, IoT cybersecurity, and the cybersecurity of building automation systems.

Automation cybersecurity is still somewhat more niche than IT cybersecurity. Like most niche topics, however, there are thousands of sources that deal with it in depth, and the quality varies. Unless reading is your only job, you may not be inclined to keep up with new developments minute-by-minute. 

So we're going to help cut through the noise this month. We looked for relevant articles published in July 2020 that you might find newsworthy, useful, or interesting. Here's a sample of current news and thought leadership that affects the world of automation cybersecurity right now. Let us know what you think in the comments.

 

1. ZDNet: "This Is How EKANS Ransomware Is Targeting Industrial Control Systems."

Security researchers obtained two recent samples of the EKANS ransomware, uncovering new ways that cyberattackers are threatening industrial control systems (ICS). As the article states, "malware designed to attack industrial control systems continues to be lucrative for threat actors."

Both EKANS samples seem to have been designed to carefully select their target companies before encrypting files and showing the victim a ransom note. The most recent sample, obtained in June, is also capable of turning off host firewallspotentially causing massive disruption in an industrial setting.

 

2. Kaspersky: "Industrial Cyberattacks Are On the Rise. Technology and Your People Can Stop Them."

Cyberattacks on operational technology (OT) are increasing as more manufacturing plants begin to actualize their digital transformation. This article offers a few practical tips on maintaining OT cybersecurity for industrial businesses, emphasizing that training all employees to be "cyber-aware" is essential.

This article appeared in Secure Futures Magazine, an online offering from the cybersecurity firm Kaspersky Labs.

 

3. Security Boulevard: "Remote Work Pushes Brute-Force Attacks Higher."

As the world adjusts to more remote work, we've heard about the simultaneous rise in phishing emails, many which play on COVID-19 fears. This article states that brute-force attacks have increased, as well. Many of these attacks attempt to exploit Windows' remote desktop protocol (RDP).

Ransomware gangs have used attacks on RDP as a common tactic over the last few years. A study conducted more recently, however, found the highest concentrations of targeted IP addresses in Russia, Germany, and Japan.

 

4. Security Info Watch: "Emerging Market: Smart Cities."

This article examines the payoffs and hidden costs of IT/OT convergence in security for smart cities. It urges traditional security integrators to embrace the cybersecurity learning curve and to take it seriously.

"Integrators willing to make the investment to train and develop technicians to become proficient in the converged environment as well as IT/IoT/OT infrastructure awareness will have the potential to reap the rewards when it comes to the Smart Cities vertical," the article says.

 

5. SC Magazine: "Mounting IIoT Cyber Risks Must Be Addressed Now to Prevent Catastrophe."

A recent report from a U.K.-based cybersecurity foundation says that global critical infrastructure is not adopting new technology fast enough to match the pace of emerging cyber threats to IIoT. The article suggests that many current capabilities will not scale or have not been thoroughly tested. It also notes the different perspectives of those responsible for industry risk management, from executives to regulators to cybersecurity teams, and suggests that everyone needs to get more savvy about cyber risk.

 

Interested in reading more articles like this? Subscribe to the ISAGCA blog and receive weekly emails with links to the latest thought leadership, tips, research, and other insights from automation cybersecurity leaders.

Kara Phelps
Kara Phelps
Kara Phelps is the content specialist for ISA.

Related Posts

The Top 20 Secure PLC Coding Practices Project

So Far, Secure Coding Practices Have Been for IT Software Only. That Needs to Change. Can we start using ...
Sarah Fluchs Aug 4, 2020 5:15:00 AM

What IT Pros Should Know About OT Cybersecurity

As industrial organizations strive to reduce cyber risks in their operational technology (OT) environment...
Joshua Carlson, Dragos Jul 28, 2020 5:30:00 AM

Industrial Control System (ICS) Security and Segmentation

Why Should We Segment ICS Environments? Network and device segmentation should be part of the defense in ...
Paul Arceneaux, Mission Secure Jul 21, 2020 5:15:00 AM