A new analysis from the Foundation for Defense of Democracies (FDD) warns that Chinese-produced cellular modules, embedded across… The post
Industrial Control Systems
ICS news
Tenable embeds native OT visibility into Tenable One to streamline cyber-physical security, remove deployment friction
Exposure management company Tenable announced a new OT asset discovery engine that enables security teams to quickly bring… The post
Axonius brings AI-driven exposure management to OT, IoT environments, as persistent asset visibility gaps hinder security operations
Asset intelligence platform for unified security operations and exposure management vendor Axonius announced on Wednesday a major expansion… The post
Ransomware reaches elevated ‘new normal’ as attack volumes hold steady into 2026, reshape baseline risk expectations
New data from GuidePoint Security highlights a ransomware landscape that is no longer spiking but settling into a… The post
Latest
Mobilhálózatok kritikus kínai moduljai
A Demokráciák Védelméért Alapítvány (FDD) új elemzése arra figyelmeztet, hogy a kínai gyártású mobilhálózati modulok tömeges jelenléte az amerikai kritikus
ITI warns US must move from quantum strategy to execution as deployment reshapes critical infrastructure cyber risk
The Information Technology Industry Council (ITIC) warns that the U.S. is entering a decisive phase in its pursuit… The post
Inverter setting mismatch triggers 1GW HVDC outage between Estonia and Finland
In January 2026, a technical incident occurred in Estonia during testing of the new 100MW Hertz 1 (Kiisa) battery energy
Should they (we) have known better?
In thinking about 29 December 2025 cyber-attack on part of the power grid in Poland one issue at once comes
Why do cybersecurity organizations refuse to identify control system cyber incidents
Cybersecurity policies require that cyber incidents be identified as such. Cyber incident response plans are then initiated after incidents are
Control system cyber incidents and network breaches are “apples and oranges”
Network cybersecurity (IT and OT) and control system organizations have fundamentally different objectives and criteria when it comes to identifying
The OT cybersecurity community continues to ignore control system cyber incidents – a governance failure masquerading as a vocabulary issue
Network cybersecurity (IT and OT) and control system organizations have fundamentally different objectives and criteria when it comes to identifying
How bad was it this time?
New proposal appears for better incident evaluation and reporting – without the inflation. In following the various ICS cyber incidents
The best national cybersecurity strategy ever?
In 1998 I was the director of the Defence Policy and Planning Department of the Ministry of National Defence, Republic
Weiss to give presentation on process sensor cybersecurity on 7-May
May 7, 2026, I will be speaking on process sensor cybersecurity at Sensors Converge in Santa Clara, CA (https://www.sensorsconverge.com/). Process
Impressions of the 70-page Cyber Resilience Act Draft Guidance
I have shared my impressions of the CRA before in writing[1] and was surprised to hear that a Draft Guide
Claroty launches Visibility Orchestration in xDome to boost CPS asset visibility and security, eliminate blind spots
Cyber-physical systems (CPS) protection company Claroty announced on Tuesday new Visibility Orchestration capabilities in its Saas offering Claroty… The post
Ababil of Minab claims cyberattack on LACMTA, exposing risks to rail control systems and critical transit infrastructure
New research from Dataminr detailed that a pro-Iranian threat actor known as Ababil of Minab has claimed responsibility… The post
Manufacturing absorbs 56% ransomware surge of global attacks in 2025, as RaaS, legacy OT, supply chains fuel spike
Ransomware surged across the manufacturing sector in 2025, rising 56% year over year to 1,466 incidents and accounting… The post
Black Shrantac exposes industrial environments to stealth ransomware risk through LOTL, double extortion tactics
New analysis from Marlink marks the emergence of Black Shrantac as a rapidly evolving ransomware group that has… The post
EPA proposes $19 million information security boost to guard water systems from cyber threats, moves resilience to forefront
The U.S. Environmental Protection Agency is seeking FY 2027 budget authority to expand its Drinking Water Infrastructure Resilience… The post
Black & Veatch-Takepoint Research finds fragmented ownership slows secure-by-design adoption, pushing cyber risk
New data from Black & Veatch-Takepoint Research finds a persistent execution gap in the manner cybersecurity is integrated… The post
NIST develops Trustworthy AI in Critical Infrastructure Profile to align risk, resilience, and infrastructure security
The U.S. National Institute of Standards and Technology (NIST), through its NIST Information Technology Laboratory (ITL), is supporting… The post
Bridging the Gap between Engineering and Network Security (OT-IT) – a Cultural Chasm
On April 1, 2026, Dr. Darrell Eilts, CIO of the Sewage and Water Board of New Orleans, and I will
DOE allocates $160 million to secure energy systems as cyber threats converge with grid modernization
The U.S. Department of Energy’s FY 2027 budget frames cybersecurity as a core pillar of national energy security,… The post
Ongoing cyberattacks targeting internet-connected PLCs disrupt US critical infrastructure, agencies warn
U.S. cybersecurity agencies on Tuesday warned of ongoing cyber exploitation of internet-connected OT (operational technology) devices, including programmable… The post