Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

Read More

5 Recent Great Reads in Automation Cybersecurity: September 2020

Read More

Categories Arrow

All Posts

5 Recent Great Reads in Automation Cybersecurity: September 2020

In this occasional series, we're bringing you a curated selection of recent articles from the automation cybersecurity community. 

For today's post, we looked for relevant articles published in September 2020 that you might find newsworthy, useful, or interesting. It's a small sample of current news and thought leadership that affect the world of automation cybersecurity right now. Let us know what you think in the comments.

 

1. Kaspersky: "Survey on Industrial Cybersecurity in 2020"

Even before COVID-19, large-scale industrial enterprises were a high-value target for threat actors. This year, cybercriminals seem to loom even larger. "For infosec experts at industrial enterprises, and especially at critical infrastructure facilities, the threat feels very real," this article states.

The cybersecurity firm Kaspersky Labs released the results of a survey addressing the state of industrial cybersecurity during a pandemic. 53% of respondents reported that more staff at their organizations are working from home due to the pandemic, and 95% of respondents said that their companies are now performing periodic assessments of the security level of OT networks.

2. DarkReading: "Ripple20 Malware Highlights Industrial Security Challenges"

The discovery of Ripple20, a collection of 19 vulnerabilities in a lightweight TCP/IP library in use since the 1990s, was a wakeup call for many organizations. Experts estimated the number of affected systems to be in the hundreds of millions, spanning everything from smart home devices to satellite communication equipment, transportation systems, and the power grid.

"Poor security practices implemented in industrial control systems (ICS) and the Internet of Things (IoT) have contributed to how vulnerabilities like those outlined in the Ripple20 research propagate throughout so many products," the author of this article writes. He outlines the risks inherent in increasing ICS cybersecurity, and argues that solutions are needed at an industry-wide level.

3. Threatpost: "Critical Industrial Flaws Pose Patching Headache for Manufacturers"

This transcript of a podcast episode dives into the details about newly discovered vulnerabilities in CodeMeter, a software management component used by many critical infrastructure systems. The podcast interviewed Claroty* security researcher Sharon Brizinov, who found the vulnerabilities.

"Because many ICS vendors integrated with CodeMeter, then if attackers will be able to exploit CodeMeter and attack CodeMeter, basically, it means that they will be able to get access to thousands of machines in OT networks," Brizinov told the interviewer. "...My message to anyone is always patch. This is the most efficient way to overcome vulnerabilities and be alert."

4. Stormshield: "OT and Cybersecurity: A Journey to the Heart of Operational Information Systems"

You might say that operational technology (OT) pervades our lives even more than IT—operational systems are not limited to the manufacturing and energy industries. OT security hinges on safety concerns: "where IT processes data, OT steers it to operate a physical action with an impact in the real world," as this article explains. In today's connected world, though, establishing good OT cybersecurity practices will also help ensure operational safety.

"IT/OT convergence and the digitization of operational information systems is leading to a breach in these historically hermetic critical systems. Therefore, it is essential to set up network segmentation as provided for in the [ISA/IEC] 62443 standard dedicated to the cybersecurity of operational installations. It provides system isolation and limits the spread of a cyberattack," the article says.

5. Space in Africa: "Policy Tools to Address Cybersecurity in the African Space Industry Part 1"

Satellites, a crucial part of global communications, are especially vulnerable to cyberattacks. Telemetry links may not be encrypted, leaving automatic data measurement and transmission open to disruption, and cyber threats to ground infrastructure are also an issue. As the region moves forward with the newly created African Space Agency, the African Union is drafting new policies to help ensure that cybersecurity best practices are maintained in the space industry.

"How we manage policy concerns around the Internet of Things (IoT) will be the determining factor of our fight against cyberterrorism in the space sector," the author of this article writes.

 

*Claroty is a founding member of the ISA Global Cybersecurity Alliance.

Interested in reading more articles like this? Subscribe to the ISAGCA blog and receive weekly emails with links to the latest thought leadership, tips, research, and other insights from automation cybersecurity leaders.
Kara Phelps
Kara Phelps
Kara Phelps was the content manager for ISA from 2019-2021.

    Recent Posts

    Astronaut on a rocket

    Related Posts

    Should ISA/IEC 62443 Security Level 2 Be the Minimum for COTS Components?

    A recent white paper published by the ISA Security Compliance Institute (ISCI) and its ISASecure certific...
    Liz Neiman Apr 23, 2024 5:18:27 PM

    How to Secure Machine Learning Data

    Data security is paramount in machine learning, where knowledge drives innovation and decision-making. Th...
    Zac Amos Mar 12, 2024 11:10:47 AM

    Fortifying Your Security Arsenal: A Strategic Approach to Safeguarding OT Security Assets from Adversarial Threats

    Introduction Despite investing significant budgets and resources in security products and services. The c...
    Mohannad AlRasan Mar 5, 2024 9:17:57 AM

    The International Society of Automation (ISA) is a non-profit professional association founded in 1945 to create a better world through automation. ISA advances technical competence by connecting the automation community to achieve operational excellence and is the trusted provider of standards-based foundational technical resources, driving the advancement of individual careers and the overall profession. ISA develops widely used global standards; certifies professionals; provides education and training; publishes books and technical articles; hosts conferences and exhibits; and provides networking and career development programs for its members and customers around the world.


    The material and information contained on this website is for general information purposes only. ISA blog posts may be authored by ISA staff and guest authors from the automation community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

    We're on social media. Keep in touch!

    © 2024 International Society of Automation. All rights reserved.