NTT Application Security released its six-month trend findings in its AppSec Stats Flash Vol. 7, reporting on the current state of application security and the wider threat landscape, including Window of Exposure (WoE), Vulnerability by Class, and Time to Fix.
In response to recent events where unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment facility, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation, the Environmental Protection Agency (EPA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released joint Cybersecurity Advisory AA21-042A: Compromise of U.S. Water Treatment Facility. This advisory outlines how cybercriminals exploit desktop sharing software and end-of-life operating systems to gain unauthorized access to systems.
In 2017, the financial impact of cyberattacks reached $5 billion and the monthly attack rate was 10-times the rate of attacks in 2016. The industrial and personal reliance on the U.S. power grid makes the impact of a successful attack troubling.
Joshua Dean, Director of Security for San Antonio Water System (SAWS), is in charge of keeping assets safe and secure, so that the 1.8 million people in the region don’t have an interruption to their water and sewer services.
“Water is the most precious resource in the world. You can live without food for a while, you can live without electricity, you can live without transportation, you can live without internet (despite what my kids say), but you cannot live without clean water. And that’s what makes my position so challenging,” says Scott Starkey, Security Manager for Birmingham Water Works.
In order to achieve more while reducing costs, many enterprises’ security leaders have turned to automation. By adding thermal cameras as part of a larger intrusion detection system, security departments can reduce false alarm rates and even bring operational value back to the enterprise. Off the coast of Venezuela, there is a cluster of oil platforms.
In the latest development since the targeted attack on a southern California Pacific Gas & Electric Co. substation last April, PG&E is offering a $250,000 reward for information leading to an arrest and conviction in the attack.
Sen. Charles Schumer (D-NY) warns that the April 16, 2014, attack on a California power plant proves that terrorists could take down whole stretches of the U.S. power grid. Schumer said Sunday that power companies currently have the right to veto proposed security requirements, but he is calling for the federal energy regulator and the Department of Homeland Security to draft tougher security standards overseen by Congress that would end the industry’s veto rights.