A cyberattack hits a Ukrainian energy provider. A Chinese-speaking threat actor targets building automation systems. An Iranian steel mill suspends production due to a cyberattack. The US US TSA issues relaxed pipeline cybersecurity directives. A US cybersecurity bill focuses on training. 

Ian Frist from BlueVoyant joins us to discuss on what CMMC will mean for ICS environments. 

And in the Learning Lab, Robert M Lee joins us to explain the five critical controls for ICS.

Control Loop News Brief.

Russian hackers allegedly target Ukraine’s biggest private energy firm (CNN) Russian hackers carried out a “cyberattack” on Ukraine’s biggest private energy conglomerate in retaliation for its owner’s opposition to Russia’s war in Ukraine, the firm said Friday.

Attacks on industrial control systems using ShadowPad (Kaspersky) In mid-October 2021 Kaspersky ICS CERT researchers uncovered an active ShadowPad backdoor infection on industrial control systems (ICS) in Pakistan.

Cyberattack Forces Iran Steel Company to Halt Production (SecurityWeek) One of Iran’s major steel companies said Monday it was forced to halt production after being hit by a cyberattack that also targeted two other plants, apparently marking one of the biggest such assaults on the country’s strategic industrial sector in recent memory.

Iran’s steel industry halted by cyberattack (The Jerusalem Post) Predatory Sparrow, a hacktivist group that is little known, took credit for the hacking that halted Iran’s steel industry.

Iranian steel facilities suffer apparent cyberattacks (CyberScoop) Three Iranian steel companies suffered apparent cyberattacks Monday, claimed a hacktivist group that previously took responsibility for a digital assault on the Iranian train system with wiper malware.

Smart Factories Need to Prioritize Cybersecurity (Capgemini) Smart factories are increasingly being utilized by industry as part of the transition toward digitization. Being connected to cloud or the internet, they bring a plethora of communicative advantages. However, this network connection also creates a larger surface area vulnerable to attack via digital means.

TSA Eases Pipeline Cybersecurity Rules Issued After Colonial Hack (Wall Street Journal) The Transportation Security Administration is loosening pipeline cybersecurity rules imposed after …

House Passes ICS Cybersecurity Training Bill (SecurityWeek) The House of Representatives has passed the Industrial Control Systems Cybersecurity Training Act.

Cyber Yankee exercise hones New England Guard skills to fight digital threats (C4ISRNet) “Whether it’s a state or a federal effort, the importance of being prepared to respond to a cyber …

Control Loop Interview.

Ian Frist from BlueVoyant joins us to discuss the Cybersecurity Maturity Model Certification from the US Department of Defense and what it means for industrial environments.

Ian Frist on LinkedIn

Control Loop Learning Lab.

Robert M. Lee teaches us about the five critical controls for OT cybersecurity.

5 Critical Controls for OT Cybersecurity

Subscribe to the Control Loop Newsletter here with new editions published every month.