Categories
Commentary & Insights

Cyber-Informed Engineering (CIE) vs Consequence Driven, Cyber-Informed Engineering (CCE)

Cyber-Informed Engineering (CIE) and Consequence Driven, Cyber-Informed Engineering (CCE) are concepts developed by the Idaho National Laboratory (INL). A side-by-side comparison of the two is presented in the table below. CIE is a guide to embedding cyber security considerations into cyber-physical systems throughout the engineering lifecycle model, and across business functions. The CIE guide is […]

Categories
Commentary & Insights

Manufacturing under cyber-attack

Cyber incidents were publicly reported at two manufacturing companies over the past few weeks. This comes as cyber security company Dragos reported it had tracked a 50% increase in ransomware attacks against industrial companies in 2023, with manufacturing accounting for 71% of all ransomware attacks. Varta batteries was attacked on 12 February 2024, and steel […]

Categories
Commentary & Insights

Hacktivists tap into vulnerable operational technology

Proving that money and target size aren’t the primary concern for all hackers, a cyber attack by hacktivists on water equipment in the western Ireland area of Erris, County Mayo, left 160 households without a supply for two days [The Record. 12 December 2023]. Hacktivists value impact and headlines over money to promote a political […]

Categories
Commentary & Insights

Insights from a rare case study

An asset-rich organisation, Gloucester City Council uses suppliers to help maintain service delivery. Just as many asset management organisations do. In 2021 they suffered a ransomware attack that presented via an email, mid-conversation, from a supplier that had themselves been compromised. In 2023, the Local Government Association, in collaboration with the council, published a case […]

Categories
Commentary & Insights

Rare look into city council cyber attack and consequences

Gloucester City Council’s ransomware attack case study provides insights and lessons for many

Categories
Resources

CISC’s Overview of Cyber Security Obligations for Corporate Leaders

Guide to obligations and requirements for critical infrastructure asset cyber security frameworks

Categories
Commentary & Insights

Let’s torque about smart tool cyber security

Vulnerabilities found with a smart tool highlight some of the risks of relying on technology for critical operations

Categories
Resources

Unlocking Cyber Resilience in Industrial Environments: 5 Principles

Five guiding principles with actionable implementation approaches for cyber resilient operational technology environments

Categories
Commentary & Insights

One PC from disaster: Zaun’s cyber security lesson

A UK-based manufacturer of security fencing recently found itself targeted by a Russia-linked ransomware group who managed to exfiltrate data from their systems. Given the company’s clientele, which includes British government entities*, the fact that the attackers failed to encrypt their systems is a matter of little consequence. This incident highlights several pertinent issues that […]

Categories
Updates

New course: Cyber security for infrastructure asset managers

Essential Cyber Security Awareness for Infrastructure Asset Managers, due late 2023, is an indispensable eLearning course specifically designed for professionals involved in asset-intensive industries. A comprehensive course, it will equip builders, managers, maintainers, and service providers with essential cyber security knowledge and skills to mitigate cyber threats and safeguard infrastructure organisations. Tailored for asset-intensive industries: […]