The Conservative U.K. government said it will propose updates to the country's main cybersecurity regulation, including a requirement for the private sector to reimburse the public sector for enforcement activities. The government downplayed concerns that it could create perverse incentives.
The oil pipeline and rail sectors could be required to implement cyber risk management following the Transportation Security Administration's initiation of a rule-making process. The Biden administration is pressuring critical infrastructure operators through voluntary measures and new regulation.
U.S. federal authorities are warning critical infrastructure sectors including healthcare to be on the lookout for indicators of Hive ransomware. Healthcare is a particular favorite of Hive affiliates because hospitals and other medical providers often pay ransoms.
Operational technology will gain more malicious attention from state-backed hackers, warns the European Union Agency for Cybersecurity. Geopolitics is driving changes in the threat landscape and the agency predicts retaliatory attacks for Western support of Kyiv.
One of the world's largest copper smelters disclosed it underwent a cyberattack, stating that production "could largely be maintained." Germany-based Aurubis owns Europe's largest copper smelting facility, capable of refining 450,000 metric tonnes annually and located in Hamburg.
The Department of Homeland Security released a set of cybersecurity practices for critical infrastructure containing basic measures such as requiring multifactor authentication and disabling AutoRun. The word "voluntary" was in heavy rotation during the Thursday rollout.
The Biden administration will put more critical infrastructure sectors, such as water, under mandates to ensure minimal cybersecurity standards. The White House is also ramping up interest in consumer cybersecurity by initiating a labeling program for the internet of things.
Made up of 3,000 public utilities, the U.S. power grid has many weak links in its cyber defenses. Regulators can fine utilities for service outages, but a proposed federal program and recent Purdue University study say financial incentives will help firms make the right security investments.
The U.S. Department of Defense uncovered almost 350 vulnerabilities in the department's networks as part of its experimental bug bounty program launched on American Independence Day. The weeklong bug bounty challenge called "Hack U.S." ran from July Fourth to July 11.
The Department of Treasury and the Cybersecurity and Infrastructure Security Agency are soliciting comments on whether risks to critical infrastructure from a catastrophic cyberattack - and the concurrent potential for ruinous financial exposure by insurers - should lead to a new federal approach.
Public water systems in the United States will continue connecting control systems to the internet despite the risks, members of the House Homeland Security Committee heard today. Water systems need network connectivity for remote repairs, said an official with the National Rural Water Association.
CISA is months behind a deadline set by President Biden in 2021 to provide voluntary guidance on OT security controls for critical infrastructure firms, but the agency announced at a House subcommittee hearing its plans for public-private information sharing and grants to smaller organizations.
A Texas nonprofit, safety net medical center is still struggling to fully bring its communications and other systems back online two weeks after a ransomware attack in which cybercriminals have demanded a ransom in the "tens of millions of dollars.
The U.S. government accused Iran of turning a blind eye to ransomware hackers after indicting three men affiliated with the Islamic Revolutionary Guard Corps. Authorities say their attacks affected critical infrastructure including healthcare centers, transportation services and utility providers.
Albania cut diplomatic ties with Iran following a July cyberattack that disrupted the country's online governmental services portal. Prime Minister Edi Rama today said he gave Iranian diplomats 24 hours to depart the country after establishing Iranian responsibility for the cyberattack.