CNI News, Articles and Updates

Critical infrastructure: Downtime is simply not an option.

Vulnerabilities in our critical infrastructure aren't only caused by failure to comply with security standards.A big part of the problem is that many of the key computer systems that run critical infrastructure are legacy not fit for purpose.

Implementing the Network & Information Security directive - be prepared

There is enough information now available from the NCSC to allow organisations to start identifying the gaps in their NIS directive approach and understand the risks these pose.

Nuclear weapons vulnerable to cyber-attack due to outdated legacy systems

UK and US nuclear weapons systems - along with the rest of our critical infrastructure - suffer from dependency on legacy systems, leaving them at risk of cyber-attack according to a new report.

Mobile SCADA application landscape less secure than in 2015

The latest research suggests, within just two years, the security situation for SCADA has got worse to the tune of an average increase of 1.6 vulnerabilities per application tested.

The Kosciuszko Institute cyber-security forecasts for 2018

Expert members of the European Cyber-security Forum - CYBERSEC community representing the public and private sectors plus academia share their opinions on the top challenges we are going to face this year.

Industrial tech security association set up, NCSC calls for cooperation

Last Thursday saw the official launch of the International Operation Technology Security Association (Iotsa) where John Noble, director of network management at the UK's NCSC called for industry cooperation and incident reporting.

£17 million fines for CNI companies under proposed EU SNIS plans

Under an (NIS) directive being adopted by the UK, CNI providers will face fines of £17 million or up to four percent of annual turnover if they fail to protect critical infrastructure from loss of services due to cyber-attacks.

Friend or foe?: Which of your networked devices might turn on you?

Kinetic attacks have come off the movie screen and into reality, and you are likely to be vulnerable - if not directly, then via collateral damage if CNI is hit - so include the possibility on your risk register and prepare says Graeme Park.

Queen's Speech: Promise of a new digital charter to tackle extremism

With the incoming Brexit negotiations, the Queen said her ministers will seek to "provide certainty for individuals and businesses".

San Francisco public transport ticket system shut down by ransomware

San Francisco's Municipal Transportation Agency was caught with a HDDCryptor Ransomware infection over the weekend, leaving the agency unable to sell tickets or charge customers for transport, unless they pay the hackers demands of 100 Bitcoin.

Slovak Finance Ministry drafts country's first cyber-security law

Slovakia is in the process of drafting its first cyber-security law which will address not only the security of finance and health but also critical utilities infrastructure.

ICYMI: Morrisons breach; Worldpay card data; power attack losses; Russian EU targets; criminal capability

The latest In Case You Missed It (ICYMI) looks at Morrisons lawsuit; Wordpay vulnerabilities; Critical scenario costs; EU Banks targeted; Cyber-crime capabilities.

Iranian hackers preparing for attack

Operation Cleaver is a global data gathering exercise still underway by Iranian hackers in key infrastructure sectors, a possible precursor to a major attack.

Russian cyber attack exploits Scottish independence vote

UK oil firms warned to guard against new campaign as Russian malware exploits Scottish independende vote.

Defending Critical Infrastructure: only 6% of incidents malicious

The weather, or even simple mis-configuration, are threats to critical infrastructure, but in an emergency, could government now run privatised utilities?

Critical National Infrastructure: how to reduce industrial-scale risk

Nation-state attacks on CNI will be faciliated by the internet of things, and government regulation is needed to set standards, but the actual likelihood of CNI attacks remains very low says Raimund Genes.

US debuts cyber security framework to protect critical infrastructure

The Obama administration has launched the Cybersecurity Framework, which aims to educate organisations on the risks facing critical infrastructure systems.

Security of Scada systems scrutinised

A survey of connected Scada computers identified that 500,000 machines could potentially be targeted.