infrastructure – SSL and internet security news

EPA Won’t Force Water Utilities to Audit Their Cybersecurity

October 24, 2023 infossl

cybersecurity, infrastructure, national security policy, Security technology, Uncategorized, utilities

The industry pushed back: Despite the EPA’s willingness to provide training and technical support to help states and public water system organizations implement cybersecurity surveys, the move garnered opposition from both GOP state attorneys and trade groups. Republican state attorneys that were against the new proposed policies said that the call for new inspections could … Read More “EPA Won’t Force Water Utilities to Audit Their Cybersecurity” »

Hacking Gas Pumps via Bluetooth

October 3, 2023 infossl

bluetooth, cars, hacking, infrastructure, Security technology, Uncategorized

Turns out pumps at gas stations are controlled via Bluetooth, and that the connections are insecure. No details in the article, but it seems that it’s easy to take control of the pump and have it dispense gas without requiring payment. It’s a complicated crime to monetize, though. You need to sell access to the … Read More “Hacking Gas Pumps via Bluetooth” »

December’s Reimagining Democracy Workshop

August 23, 2023 infossl

artificial intelligence, essays, infrastructure, Security technology, Uncategorized, voting

Imagine that we’ve all—all of us, all of society—landed on some alien planet, and we have to form a government: clean slate. We don’t have any legacy systems from the US or any other country. We don’t have any special or unique interests to perturb our thinking. How would we govern ourselves? It’s unlikely that … Read More “December’s Reimagining Democracy Workshop” »

White House Announces AI Cybersecurity Challenge

August 21, 2023 infossl

artificial intelligence, cybersecurity, darpa, infrastructure, Security technology, Uncategorized

At Black Hat last week, the White House announced an AI Cyber Challenge. Gizmodo reports: The new AI cyber challenge (which is being abbreviated “AIxCC”) will have a number of different phases. Interested would-be competitors can now submit their proposals to the Small Business Innovation Research program for evaluation and, eventually, selected teams will participate … Read More “White House Announces AI Cybersecurity Challenge” »

Backdoor in TETRA Police Radios

July 26, 2023 infossl

backdoors, cryptography, eavesdropping, encryption, infrastructure, law enforcement, police, radio, Security technology, Uncategorized

Seems that there is a deliberate backdoor in the twenty-year-old TErrestrial Trunked RAdio (TETRA) standard used by police forces around the world. The European Telecommunications Standards Institute (ETSI), an organization that standardizes technologies across the industry, first created TETRA in 1995. Since then, TETRA has been used in products, including radios, sold by Motorola, Airbus, … Read More “Backdoor in TETRA Police Radios” »

Chinese Hacking of US Critical Infrastructure

May 31, 2023 infossl

china, cyberattack, cyberespionage, espionage, hacking, infrastructure, reports, Security technology, Uncategorized

Everyone is writing about an interagency and international report on Chinese hacking of US critical infrastructure. Lots of interesting details about how the group, called Volt Typhoon, accesses target networks and evades detection. Powered by WPeMatico

PIPEDREAM Malware against Industrial Control Systems

May 9, 2023 infossl

advanced persistent threats, cybersecurity, infrastructure, malware, russia, Security technology, Uncategorized

Another nation-state malware, Russian in origin: In the early stages of the war in Ukraine in 2022, PIPEDREAM, a known malware was quietly on the brink of wiping out a handful of critical U.S. electric and liquid natural gas sites. PIPEDREAM is an attack toolkit with unmatched and unprecedented capabilities developed for use against industrial … Read More “PIPEDREAM Malware against Industrial Control Systems” »

Cyberwar Lessons from the War in Ukraine

February 23, 2023 infossl

cyberattack, cyberwar, defense, infrastructure, reports, russia, Security technology, ukraine, Uncategorized

The Aspen Institute has published a good analysis of the successes, failures, and absences of cyberattacks as part of the current war in Ukraine: “The Cyber Defense Assistance Imperative Lessons from Ukraine.” Its conclusion: Cyber defense assistance in Ukraine is working. The Ukrainian government and Ukrainian critical infrastructure organizations have better defended themselves and … Read More “Cyberwar Lessons from the War in Ukraine” »

Reimagining Democracy

December 15, 2022 infossl

conferences, infrastructure, Security technology, Uncategorized

Last week, I hosted a two-day workshop on reimagining democracy. The idea was to bring together people from a variety of disciplines who are all thinking about different aspects of democracy, less from a “what we need to do today” perspective and more from a blue-sky future perspective. My remit to the participants was this: … Read More “Reimagining Democracy” »

NSA on Supply Chain Security

November 4, 2022 infossl

infrastructure, nsa, operational security, reports, Security technology, supply chain, Uncategorized

The NSA (together with CISA) has published a long report on supply-chain security: “Securing the Software Supply Chain: Recommended Practices Guide for Suppliers.“: Prevention is often seen as the responsibility of the software developer, as they are required to securely develop and deliver code, verify third party components, and harden the build environment. But the … Read More “NSA on Supply Chain Security” »