THE CYBER SECURITY EXPERT
FOR THE CRITICAL INFRASTRUCTURE

June 2023 – My compliments if you’ve decided to perform a Penetration Test (Pen-Test) on your infrastructure, web applications, mobile apps, or software code; it demonstrates your awareness for, and commitment to, cybersecurity, and the digital security of the important business and personal data you are holding.

MARCH 2023 – On 01 March 2023, President Joe Biden launched the US National Cybersecurity Strategy. This release describes the digital challenges facing the United States in recent years and how they are acting on them. Interesting to see that protecting critical infrastructure is at the top of the US government’s cybersecurity priority list

Novemver 2022, The latest OT/IoT Security Report from Nozomi Networks, which was published this month, showed some remarkable developments within the cybersecurity domain. The main take-away is the fact that the Ukraine/Russia conflict influenced the industry significantly.

New digital technologies are increasingly transforming the way organisations work. Data centres play an important role in this transformation and are therefore considered critical national infrastructure in a growing number of countries. Without data centres, online digital services as we know them are unavailable, digital devices cannot be operated without connectivity and big data cannot be exchanged.

With the collection ‘Multidisciplinary aspects of digital security’, the Netherlands Association of Information Professionals (KNVI) once again shows the value of its professionals’ focal area. Authors from a range of professions in information technology, information management and information governance have examined and described the topic from different angles of approach.

October 2022 – Siemens industrial devices in datacenters vulnerable to hackers
Recently, a research team of the cybersecurity company Claroty discovered a method to extract private encryption keys from Siemens industrial devices and compromise whole Siemens product lines.

September 2022 – Lloyd’s of London will no longer provide cover for catastrophic state cyber attacks through its standard cyber policies from March 31 next year. Lloyd’s is a marketplace where insurance brokers from around the world negotiate directly with the insurers covering their clients’ risks.

July 2022, Many security breaches involve leaks, but not perhaps in the same way as one revealed by noted security consultant Andrew Tierney, who managed to gain unauthorized access to a datacenter via what he delightfully terms the “piss corridor.”

June 2022, as part of the UK’s National Data Strategy and National Cyber ​​Strategy, the UK government is currently gathering insights from data center operators, cloud platform providers and cybersecurity experts to understand how to improve the security and resilience of the country’s data centers and online platforms.

May 2022, The European Parliament and EU Member States reached a political agreement on May 13 on the Directive on measures for a high common level of cybersecurity across the Union (NIS 2 Directive).

April 2022, Physical Infrastructure Cybersecurity: A Growing Problem for Datacenters. Datacenters are becoming faster, more scalable, and more efficient. But with this comes a greater risk of cyberattacks against physical infrastructure.

March 2022, Zero-Click Flaws in Widely Used UPS Devices Threaten Critical Infratructure. The ‘TLStorm’ vulnerabilities, found in APC Smart-UPS products, could allow attackers to cause both cyber and physical damage by taking down critical infrastructure.

January 2022, oil terminals in several European ports were hacked. There are a total of 17 terminals, 11 in Germany and the other six in Belgium and the Netherlands. The hacks caused the terminals to struggle to load and unload the oil.

December 2021 – The European Commission is tackling cyber resilience through NIS2 legislation. Digital infrastructure such as Internet Exchange Point (IXP) providers, Domain Name System (DNS) service providers, Top Level Domain (TLD) registries, and cloud and data center providers would be considered “essential” entities.

November 2021 – Insufficient security of industrial components pose a serious threat to the availability of critical facilities was again proven on October 26th by the cyberattack on the petrol distribution network in Iran.

October 2021 – Ransomware is one of the biggest cybersecurity problems facing businesses today. To cover financial risks, including the handling of cyber incidents, it is now easy to take out Cyber insurance.

September 2021 – A 21 year old hacker told the Wall Street Journal he was able to hack into T-Mobile’s datacenter. He was the main force behind exposing the sensitive information of more than 50 million people.

August 2021 – Entire botnets of IoT devices are targeting decades-old and legacy equipment that resides widely in the systems that power critical infrastructure.

July 2021 – Critical vulnerability discovered in PLC’s Schneider Electric. The ‘ModiPwn’ bug lays open production lines, sensors, HVACs and more that use Schneider Electric PLCs.

June 2021 – JBS Foods, a leading food company and the largest meat producer globally, had to shut down production at multiple sites worldwide following a cyberattack.

June 2021 – Cyber ​​criminals have announced that they will avoid critical infrastructure in the future. Several ransomware developers declare that their malicious software should no longer be used to attack

The cyber attack on oil pipeline company Colonial Pipeline is attributed by the FBI to the Russian cybercriminal gang ‘DarkSide’. The hackers used ransomware

Cyber criminals are now targeting the facility infrastructure with ransomware and the damage can be extensive and long-lasting.

The cyber war between Israel and Iran dates back to June 2010. Iran was the victim of a cyber attack when its nuclear facility in Natanz was infiltrated by the cyberworm ‘Stuxnet’.

On May 9, all systems controlling shipping and road traffic around the Iranian port of Sharid Rejaee crashed simultaneously.