07-02-18 – News This Past Week

Rockwell Patches Flaw Affecting Safety Controllers From Several Vendors
In April, at SecurityWeek’s ICS Cyber Security Conference in Singapore, industrial cybersecurity firm Applied Risk disclosed the details of a serious denial-of-service (DoS) vulnerability affecting safety controllers from several major vendors. Rockwell Automation is one of those vendors and the company has now released patches for its products
https://www.securityweek.com/rockwell-patches-flaw-affecting-safety-controllers-several-vendors

Industrial IoT: Protecting the Physical World from Cyber Attacks
The convergence of industrial IoT and intelligent automation has been a boon for many enterprises, allowing machines to take on tasks that previous generations of automation could not handle. This shift mirrors the way that connected devices have transformed home life for many consumers
https://www.securityweek.com/industrial-iot-protecting-physical-world-cyber-attacks

Fairhair Alliance Building IoT Security Architecture
A group of companies in the building automation and IoT space is working for a coherent security architecture that incorporates multiple standards
https://www.darkreading.com/iot/fairhair-alliance-building-iot-security-architecture/d/d-id/1332147

House Passes Bill to Enhance Industrial Cybersecurity
The U.S. House of Representatives on Monday passed a bill aimed at protecting industrial control systems (ICS), particularly ones used in critical infrastructure, against cyberattacks
https://www.securityweek.com/house-passes-bill-enhance-industrial-cybersecurity

SIMPLE SECURITY FLAWS COULD STEER SHIPS OFF COURSE
A proof-of-concept attack could cause ships to dangerously veer off course, and it all stems from simple security issues, including the failure to change default passwords or segment networks.

Simple Security Flaws Could Steer Ships Off Course

New WPA3 security protocol simplifies logins, secures IoT
Latest WPA3 security protocol update adds new features to the Wi-Fi access specification for simple and secure wireless access for individuals, as well as enterprises
https://searchsecurity.techtarget.com/news/252443752/New-WPA3-security-protocol-simplifies-logins-secures-IoT

US legislators put industrial control system security on the map
After a spate of attacks on industrial control systems (ICS), the US this week officially recognized the need to secure them with a new bill. On Monday, House representatives passed legislation to bring these systems under the protection of the Department of Homeland Security
US legislators put industrial control system security on the map

CIS Adapts Critical Security Controls to Industrial Control Systems
The Center for Internet Security (CIS) recently updated their popular CIS Controls – formerly known as the SANS Top 20 – and just published a companion CIS Controls Implementation Guide for Industrial Control Systems. Cody Dumont and I contributed to this Industrial Control System (ICS) guide, in the hope of making it easier for organizations to employ the CIS Controls for protecting OT environments
https://www.tenable.com/blog/cis-adapts-critical-security-controls-to-industrial-control-systems

GlobalSign, Comodo launch competing IoT security platforms
GlobalSign Tuesday unveiled its IoT Identity Platform, which includes several products and services aimed at using public key infrastructure (PKI) to assign identities to IoT devices and authenticate them. The cloud-based platform includes IoT Edge Enroll, an enrollment client that provisions and manages PKI-based identities for an assortment of connected devices.
https://searchsecurity.techtarget.com/news/252443994/GlobalSign-Comodo-launch-competing-IoT-security-platforms

Posted in Uncategorized.