Cyber-Informed Engineering (CIE) and Consequence Driven, Cyber-Informed Engineering (CCE) are concepts developed by the Idaho National Laboratory (INL). A side-by-side comparison of the two is presented in the table below. CIE is a guide to embedding cyber security considerations into cyber-physical systems throughout the engineering lifecycle model, and across business functions. The CIE guide is […]
Category: Commentary & Insights
Cyber incidents were publicly reported at two manufacturing companies over the past few weeks. This comes as cyber security company Dragos reported it had tracked a 50% increase in ransomware attacks against industrial companies in 2023, with manufacturing accounting for 71% of all ransomware attacks. Varta batteries was attacked on 12 February 2024, and steel […]
Proving that money and target size aren’t the primary concern for all hackers, a cyber attack by hacktivists on water equipment in the western Ireland area of Erris, County Mayo, left 160 households without a supply for two days [The Record. 12 December 2023]. Hacktivists value impact and headlines over money to promote a political […]
The past year or so has seen details on several cyber attacks on water and wastewater utilities publicly disclosed. The majority of organisations, of any type, prefer not to publicly report their incidents, so the reality is that more, far more sinister attacks are occurring that we don’t hear about. This page summarises the most […]
An asset-rich organisation, Gloucester City Council uses suppliers to help maintain service delivery. Just as many asset management organisations do. In 2021 they suffered a ransomware attack that presented via an email, mid-conversation, from a supplier that had themselves been compromised. In 2023, the Local Government Association, in collaboration with the council, published a case […]
Gloucester City Council’s ransomware attack case study provides insights and lessons for many
Vulnerabilities found with a smart tool highlight some of the risks of relying on technology for critical operations
In this post we summarise recent cyber-attacks on providers of telecommunications services. What are the business risks of cyber-attacks on telcos? Cyber-attacks on telcos can impact the trust of customers and put their personal safety at risk. These attacks can expose details about services customers use and might even stop their own connected services from […]
A UK-based manufacturer of security fencing recently found itself targeted by a Russia-linked ransomware group who managed to exfiltrate data from their systems. Given the company’s clientele, which includes British government entities*, the fact that the attackers failed to encrypt their systems is a matter of little consequence. This incident highlights several pertinent issues that […]
Tabletop exercises are an effective and practical way to work with management and other stakeholders to simulate responding to a cyber incident.