A revised government-industry council devoted to critical infrastructure protection could be set up to have broader and more specific discussions on things like cybersecurity and threats to hardware and software that monitor and control industrial processes, known as operational technology (OT). A top official at the Cybersecurity and Infrastructure Security Agency (CISA), Nick Andersen, said…
Category: critical infrastructure
critical infrastructure, Cybersecurity, Global Security News, Government, Policy, Threats
Sources: DHS finalizing replacement for disbanded critical infrastructure security council
The Department of Homeland Security is finalizing plans for a new body that would replace the functions of the Critical Infrastructure Partnership Advisory Council (CIPAC) and serve as a communications hub between industry and government to discuss ongoing threats to U.S. critical infrastructure, including from cyber attacks. Under previous administrations, CIPAC served as a nerve…
Asia Pacific, china, critical infrastructure, energy, Foundation for Defense of Democracies, Geopolitics, Global Security News
Taiwan blames Chinese ‘cyber army’ for rise in millions of daily intrusion attempts
Taiwan endured a year-long intensified cyber offensive from China in 2025, that targeted the government and critical infrastructure — with an increasing focus on the energy and hospital sectors, according to a Taiwan government analysis published this week. Cyberattacks from China rose 6% compared to 2024, the National Security Bureau analysis concluded. Every major sector…
critical infrastructure, Cybercrime, Global Security News, Government, North America, Threats
US charges hacker tied to Russian groups that targeted water systems and meat plants
The Justice Department has charged a Ukrainian national with conducting cyberattacks on critical infrastructure worldwide as part of two Russian state-sponsored hacking operations that targeted water systems, food processing facilities and government networks across the United States and allied nations. Victoria Eduardovna Dubranova, 33, was arraigned on a second indictment Tuesday after being extradited to…
Artificial Intelligence (AI), Asia Pacific, china, critical infrastructure, Global Security News, Government, Policy
Five-page draft Trump administration cyber strategy targeted for January release
The Trump administration is aiming to release its six-part national cybersecurity strategy in January, according to multiple sources familiar with the document. The document, which is a mere five pages long, will possibly be followed by an executive order to implement the new strategy. The administration has been soliciting feedback in recent days, which one…
Commentary, critical infrastructure, Exploits, Global Security News, op-ed, operational technology, Technology
‘Stranger Things’ emerge when OT security is stuck in the past
The final season of “Stranger Things” is upon us, and 1980s nostalgia is at an all-time high. The clunky control panels at Hawkins Lab help set the stage for the show. The unfortunate reality is that similar legacy systems still exist in operational technology (OT) environments today. Just as Hawkins Lab spawned a monstrous compendium…
Commentary, critical infrastructure, Cybersecurity, Global Security News, Workforce
The realities of CISO burnout and exhaustion
CISOs are facing unprecedented challenges to their mental health due to today’s rapidly evolving threat landscape. They are often held accountable if a breach or disruption occurs, and the average tenure for a CISO tends to decrease significantly after such incidents. This constant pressure makes it difficult for them to find peace, let alone get…
critical infrastructure, Global Security News, ICS, mental health, Podcast, Security threats
Smashing Security podcast #439: A breach, a burnout, and a bit of Fleetwood Mac
A critical infrastructure hack hits the headlines – involving default passwords, boasts on Telegram, and a finale that will make a few cyber-crooks wish the ground would swallow them whole. Meanwhile we dig into the bit we don’t talk about enough: the human cost of defending companies from hackers – stress, burnout, and how better…
critical infrastructure, Geopolitics, Global Security News, Government, North America, Policy
Critical infrastructure security tech needs to be as good as our smartphones, top NSC cyber official says
The top cyber official at the National Security Council said Tuesday that he’s dismayed by the lag in security technology embedded in critical infrastructure, saying it pales in comparison to the tech in modern smartphones. “I worry a lot about critical infrastructure cybersecurity,” Alexei Bulazel said at the Billington Cybersecurity Summit. “I also think about…
critical infrastructure, Global Security News, industrial control systems (ICS), industrial IoT (IIoT), Mergers and Acquisitions, Money
Mitsubishi Electric to acquire Nozomi Networks in $1 billion deal
Industrial conglomerate Mitsubishi Electric has agreed to acquire OT and IoT cybersecurity specialist Nozomi Networks in a transaction that values the San Francisco-based firm near the $1 billion mark. The deal, slated to close in the fourth quarter of 2025, will see Nozomi Networks become a wholly owned subsidiary while continuing to operate independently. The…
critical infrastructure, Data loss, Global Security News, Guest blog, Law & order, Security threats
Germany charges hacker with Rosneft cyberattack in latest wake-up call for critical infrastructure
A 30‑year‑old man has been charged with launching a cyberattack on the German subsidiary of Russia’s state-owned oil giant Rosneft. The cyberattack, which happened in March 2022 in the aftermath of Russia’s invasion of Ukraine, crippled the company’s operations and cost millions of euros in damages. Read more in my article on the Exponential-e blog.
Asia Pacific, china, critical infrastructure, Global Security News, hacking, hacking news, Uncategorized
Singapore warns China-linked group UNC3886 targets its critical infrastructure
Singapore says China-linked group UNC3886 targeted its critical infrastructure by hacking routers and security devices. Singapore accused China-linked APT group UNC3886 of targeting its critical infrastructure. UNC3886 is a sophisticated China-linked cyber espionage group that targets network devices and virtualization technologies using zero-day exploits. Its primary focus is on defense, technology, and telecommunications sectors in…
Andrew Garbarino, critical infrastructure, Cybersecurity, Geopolitics, Global Security News, Government, North America
House hearing will use Stuxnet to search for novel ways to confront OT cyberthreats
Congress is set to revisit Stuxnet — the malware that wreaked havoc on Iran’s nuclear program 15 years ago — next week in the hopes that the pioneering attack can guide today’s critical infrastructure policy debate, CyberScoop has learned. The House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection will hold a hearing July 22…
critical infrastructure, Cybercrime, Cybersecurity, Global Security News, North America, Ransomware, Threats
Scattered Spider weaves web of social-engineered destruction
In an underworld fueled by infamy and money that leaves a trail of human misery in its wake, the unbound collective colloquially known as Scattered Spider deviates from many norms in cybercrime. The cunning threat group composed of young, native English-speaking people lacks cohesion, is rife with infighting and doesn’t have a data leak site,…
Andrew Garbarino, Asia Pacific, china, Congress, critical infrastructure, Cybersecurity and Infrastructure Security Agency (CISA), deepseek, Department of Homeland Security (DHS), Global Security News, Government, House Homeland Security Committee, ICE, Mobile App Vetting, Mobile Security, Money, Policy, Russia, Salt Typhoon, sector risk management agencies, TikTok
Rep. Garbarino: Ending CISA mobile app security program for feds sends ‘wrong signal’
The chairman of the House Homeland Security subcommittee on cybersecurity is apprehensive about the Department of Homeland Security’s plans to end a program that vets mobile apps for federal agencies. Rep. Andrew Garbarino, R-N.Y., sent a letter to DHS Secretary Kristi Noem on Thursday saying that especially in light of the massive Salt Typhoon telecommunications…
budget, Congress, critical infrastructure, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Department of Government Efficency, Department of Homeland Security (DHS), Election Security, Energy Security and Emergency Response, FEMA, Financial, Global Security News, Government, National Cyber Director, Office of Cybersecurity Energy Security and Emergency Response, Policy, Workforce
Trump budget proposal would slash more than 1,000 CISA jobs
The fiscal 2026 budget proposal President Donald Trump unveiled last week would make deep cuts to the Cybersecurity and Infrastructure Security Agency workforce, with a goal of eliminating 1,083 positions and chopping its budget by $495 million, to $2.4 billion. That’s a slightly deeper total cut than an earlier budget outline forecast. And a new…
budget, Congress, critical infrastructure, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Department of Government Efficency, Department of Homeland Security (DHS), Election Security, Energy Security and Emergency Response, FEMA, Financial, Global Security News, Government, National Cyber Director, Office of Cybersecurity Energy Security and Emergency Response, Policy, Workforce
Trump budget proposal would slash more than 1,000 CISA jobs
The fiscal 2026 budget proposal President Donald Trump unveiled last week would make deep cuts to the Cybersecurity and Infrastructure Security Agency workforce, with a goal of eliminating 1,083 positions and chopping its budget by $495 million, to $2.4 billion. That’s a slightly deeper total cut than an earlier budget outline forecast. And a new…
budget, Congress, critical infrastructure, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Department of Government Efficency, Department of Homeland Security (DHS), Election Security, Energy Security and Emergency Response, FEMA, Financial, Global Security News, Government, National Cyber Director, Office of Cybersecurity Energy Security and Emergency Response, Policy, Workforce
Trump budget proposal would slash more than 1,000 CISA jobs
The fiscal 2026 budget proposal President Donald Trump unveiled last week would make deep cuts to the Cybersecurity and Infrastructure Security Agency workforce, with a goal of eliminating 1,083 positions and chopping its budget by $495 million, to $2.4 billion. That’s a slightly deeper total cut than an earlier budget outline forecast. And a new…
critical infrastructure, data breach, Data loss, Global Security News, Instagram, Law & order, Podcast, Portugal, Smashing Security, spain
Smashing Security podcast #418: Grid failures, Instagram scams, and Legal Aid leaks
In this week’s episode, Graham investigates the mysterious Iberian Peninsula blackout (aliens? toaster? cyberattack?), Carole dives in the UK legal aid hack that exposed deeply personal data of society’s most vulnerable, and Dinah Davis recounts how Instagram scammers hijacked her daughter’s account – and how a parental control accidentally saved the day.
china, critical infrastructure, Cybercrime, Exploits, gas, Global Security News, Google, Google Threat Intelligence Group, Government, Mandiant, Medical Devices, NightDragon, oil, Onapsis, Ransomware, ReliaQuest, Salt Typhoon, SAP, Saudi Arabia, SolarWinds, Threats, United Kingdom (U.K.), Volt Typhoon
SAP cyberattack widens, drawing Salt Typhoon and Volt Typhoon comparisons
Hundreds of victims are surfacing across the world from zero-day cyberattacks on Europe’s biggest software manufacturer and company, in a campaign that one leading cyber expert is comparing to the vast Chinese government-linked Salt Typhoon and Volt Typhoon breaches of critical infrastructure. The zero-days — vulnerabilities previously unknown to researchers or companies, but that malicious…
critical infrastructure, fbi, Global Security News, Guest blog, malware, Ransomware
Ransomware attacks on critical infrastructure surge, reports FBI
The FBI is set to report that ransomware was the most pervasive cybersecurity threat to US critical infrastructure during the year of 2024, with complaints of ransomware attacks against critical sectors jumping 9% over the previous year. Read more in my article on the Tripwire State of Security blog.
china, critical infrastructure, FireEye, Global Security News, North Korea, North Korean IT workers, Ransomware, Research, Russia, SentinelOne, SolarWinds, telecommunications, Threats, Workforce
Cybersecurity vendors are themselves under attack by hackers, SentinelOne says
Cybersecurity companies don’t just defend their customers against cyberattacks — they also have to defend themselves, and a SentinelOne report published Monday examines some of the biggest threats they’re facing. Those include ransomware, Chinese government-sponsored hackers and North Korean IT workers posing as job applicants, according to the report from SentinelOne’s SentinelLabs. “In recent months,…
critical infrastructure, Cybercrime, Cybersecurity, Federal Bureau of Investigation (FBI), Global Security News, Government, ic3, Ransomware, Sextortion, Threats
10 key numbers from the 2024 FBI IC3 report
It looks like 2024 was a record year in cybercrime for all the wrong reasons, according to the FBI’s annual Internet Crime Complaint Center (IC3) report released Wednesday. As cyber-enabled fraud and ransomware continue to harm individuals, businesses, and critical infrastructure, the report, now in its 25th year, provides crucial insight into evolving criminal tactics…
Asia Pacific, china, CISA, critical infrastructure, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Cybersecurity Information Sharing Act, Department of Homeland Security (DHS), disinformation, Exclusive, Gary Peters, Global Security News, Government, information sharing, information sharing and analysis centers (ISACs), Joint Cyber Defense Collaborative, Local Government, Mike Rounds, misinformation, North Carolina, Policy, privacy, Russia, Salt Typhoon, Senate Armed Services Committee, Senate Homeland Security and Governmental Affairs Committee, SolarWinds, State Government, Volt Typhoon
Exclusive: Peters, Rounds tee up bill to renew expiring cyber threat information sharing law
A bipartisan pair of senators are kicking off the race Wednesday to reauthorize a 2015 cyber threat information sharing law, a move that industry groups and cyber experts are eager to see happen before it’s set to expire in September. Advocates say the 10-year-old Cybersecurity Information Sharing Act has been vital to sharing threat information…
Asia Pacific, china, critical infrastructure, Geopolitics, Global Security News, Microsoft, National Security Agency
Chinese law enforcement places NSA operatives on wanted list over alleged cyberattacks
China stepped up its allegations of U.S. cyberattacks Tuesday, with local law enforcement saying they were investigating three National Security Agency operatives they had placed on a wanted list and a national official condemning the alleged attacks. State media outlet Xinhau advanced the claims in two stories, one detailing a hacking campaign during the Asian…
critical infrastructure, Cybersecurity, deepfake, Featured, Global Security News, Human Centric, News, Security Boulevard (Original), Social - Facebook, Social - LinkedIn, Social - X, Spotlight
The Illusion of Safety: BlackCloak’s DEP Security Framework Exposes the Devil’s Greatest Trick
On Tuesday, March 25, 2025, BlackCloak released a watershed asset in executive and public persona cybersecurity: The Digital Executive Protection (DEP) Framework & Assessment Methodology – a comprehensive standard designed to address the deeply human side of cybersecurity risk. The post The Illusion of Safety: BlackCloak’s DEP Security Framework Exposes the Devil’s Greatest Trick appeared…
critical infrastructure, Global Security News, Law & order, malware, Podcast, privacy, Security threats, Smashing Security, surveillance, Volt Typhoon
Smashing Security podcast #409: Peeping perverts and FBI phone calls
In episode 409 of the “Smashing Security” podcast, we uncover the curious case of the Chinese cyber-attack on Littleton’s Electric Light Company, and a California landlord’s hidden camera scandal. Find out about this, and more, in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Andrew Garbarino, critical infrastructure, Cybersecurity Information Sharing Act, Edison Electric Institute, Eric Swalwell, Global Security News, Government, House Homeland Security Committee, information sharing, Policy, privacy, USTelecom
Trade groups worry information sharing will worsen without critical infrastructure panel, CISA law renewal
Business groups told lawmakers Tuesday that they fear cyber threat information sharing could drop off in light of the Trump administration’s move to eliminate a critical infrastructure committee and given the pending expiration of a 2015 law. The Critical Infrastructure Partnership Advisory Council (CIPAC) fell among a swath of government advisory committees that Homeland Security…
critical infrastructure, Global Security News, Guest blog, Security threats, vulnerability
US Coast Guard told to improve its cybersecurity, after warning raised that hacked ports could cost $2 billion per day
The US Coast Guard has been urged to improve the cybersecurity infrastructure of the Maritime Transportation System (MTS), which includes ports, waterways, and vessels essential for transporting over $5.4 trillion worth of goods annually. Read more in my article on the Tripwire State of Security blog.
Commentary, critical infrastructure, Global Security News, Transportation Security Administration (TSA)
From qualitative to quantifiable: Transforming cyber risk management for critical infrastructure
Around the world, attacks against critical infrastructure have become increasingly common. More and more, these aggressions are carried out via mice and keyboards rather than bombs and missiles, such as with the 2021 ransomware attack on Colonial Pipeline. From a military strategy perspective, it’s easy to understand why, as cyberattacks against infrastructure can be executed…
AI, Artificial Intelligence, Bennie Thompson, Biden administration, CISA, cloud computing, critical infrastructure, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Donald Trump, Emerging Tech, encryption, fraud, Global Security News, Government, House Homeland Security Committee, Joe Biden, Mark Green, National Cyber Director, National Risk Management Center, National Security Council, National Security Council (NSC), Office of the National Cyber Director, operational technology, phishing, quantum computing, supply chain, supply chain security, Trump, Trump Administration
Biden cyber executive order gets mostly plaudits, but its fate is uncertain
A sweeping executive order on cybersecurity released Thursday won largely positive reviews, with the main question being its timing — and what will come of it with the executive branch set to be handed over from president to president. Chris Inglis, the former national cyber director for Joe Biden who has served under both Democrats…
Asia Pacific, china, CISA, Congress, critical infrastructure, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Foundation for Defense of Democracies, Global Security News, Google, Government, Jack Cable, Microsoft, Policy, regulation, Salt Typhoon, secure by design, telecommunications, Treasury Department, Volt Typhoon
A CISA secure-by-design guru makes the case for the future of the initiative
One of the chief architects of the Cybersecurity and Infrastructure Security Agency campaign to get software developers to design their products with security in mind said he believes it could be one of the best tools the Trump administration has to counter China. Jack Cable, who is departing his role as senior technical adviser Thursday,…
Artificial Intelligence, Artificial Intelligence (AI), china, CISA, critical infrastructure, Cybercrime, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Executive order, Global Security News, Government, North America, Policy, privacy, quantum computing, regulation
Second Biden cyber executive order directs agency action on fed security, AI, space
A draft cybersecurity executive order would tackle cyber defenses in locations ranging from outer space to the U.S. federal bureaucracy to its contractors, and address security risks embedded in subjects like cybercrime, artificial intelligence and quantum computers. The draft, a copy of which CyberScoop obtained, constitutes one big last stab at cybersecurity in the Biden…
critical infrastructure, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, vulnerabilities
CISA report touts cyber hygiene enrollment surge for critical infrastructure orgs
The Cybersecurity and Infrastructure Security Agency has seen a surge in its Cyber Hygiene (CyHy) service enrollment from critical infrastructure organizations over a two-year period, with the communications sector representing the biggest jump. In a report released Friday, CISA said an analysis of the 7,791 critical infrastructure organizations enrolled in the agency’s vulnerability scanning service…
critical infrastructure, cyber resilience, Cybersecurity, Global Security News, Security Awareness, Security Boulevard (Original), Social - Facebook, Social - LinkedIn, Social - X, Threats & Breaches, vulnerabilities
Building Resilience Into Cyber-Physical Systems Has Never Been This Mission-Critical
Our nation’s critical infrastructure is increasingly brittle and under attack. Take the recent report that the drinking water of millions of Americans is at risk due to technical vulnerabilities. The post Building Resilience Into Cyber-Physical Systems Has Never Been This Mission-Critical appeared first on Security Boulevard.
Asia Pacific, china, Commentary, critical infrastructure, Cybersecurity, Federal Communications Commission, Geopolitics, Global Security News, Government, Salt Typhoon, Threats, White House
Feds lay blame while Chinese telecom attack continues
The United States’ telecommunications infrastructure has been infiltrated by actors affiliated with China. Some of our nation’s most powerful leaders have been targeted — including President-elect Donald Trump and Vice President-elect JD Vance. This is one of the most severe cybersecurity incidents against telecom the United States has ever been subject to, and — worse…
CISA, critical infrastructure, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Government, grants, Harry Coker, Jen Easterly, National Cyber Director, National Cybersecurity Strategy, North America, NSM-22, Office of the National Cyber Director, Policy, secure by design, semiconductors
Playbook advises federal grant managers how to build cybersecurity into their programs
Two U.S. cyber agencies released guidance Tuesday on how federal grant managers should incorporate cybersecurity in their programs for critical infrastructure projects, as well as how potential recipients can take it into account. The Office of the National Cyber Director and the Cybersecurity and Infrastructure Security Agency publication — the “Playbook for Strengthening Cybersecurity in…