FBI: White supremacists plotted attack on US power grid

FBI-Power Grid-Attack-Plot

WKRN.com (FBI) – MINNEAPOLIS (AP) — White supremacists plotted to attack power stations in the southeastern U.S., and an Ohio teenager who allegedly shared the plan said he wanted the group to be “operational” on a fast-tracked timeline if President Donald Trump were to lose his re-election bid, the FBI alleges in an affidavit that was mistakenly unsealed.

The teen was in a text group with more than a dozen people in the fall of 2019 when he introduced the idea of saving money to buy a ranch where they could participate in militant training, according to the affidavit, which was filed under seal along with a search warrant application in Wisconsin’s Eastern U.S. District Court in March. The documents were inadvertently unsealed last week before the mistake was discovered and they were quickly sealed again.

The teenager wanted the group to be “operational” by the 2024 election because he believed it was likely a Democrat would win, but “the timeline for being operational would accelerate if President Trump lost the 2020 election,” according to the affidavit. An informant told investigators that the teen “definitely wanted to be operational for violence, but also activism.”

READ MORE ….

Protecting the Industrial Cloud from Cyberattacks

Cybersecurity-Protection

EE Times – The cloud and edge computing have come to the industrial world and they’re here to stay. Whether one thinks that’s a good or bad thing, it’s now inevitable.

These shifts have been accelerated by the enormous expansion in remote workers due to Covid-19 and their many unmanaged or insecurely managed devices, along with the connection of millions more imperfectly managed devices via the Industrial Internet of Things (IIoT).

While the expansion of cloud services can help solve some cybersecurity problems for industrial companies, including the vastly expanded attack surface caused by remote workers, it also spawns new security problems.

The steady corporate shift to the cloud, data traversing “hostile territory” and the proliferation of networked devices are creating a growing list of data security challenges. We take an in-depth look at the risks and possible solutions in our upcoming Cyber Security Special Project.

In multiple reports from different parts of the cybersecurity industry, data breaches continue to be the top concern in many industries, and flaws in identity and access management (IAM) practices continue to rate among the top avenues for those data breaches.

READ MORE….

Why The Healthcare Sector Must Demand Real Cybersecurity Change

Cyber-threats-to-healthcare

Forbes – Managing Director of Technology at Health2047 with a comprehensive understanding of the digital transformation of health care IT. We should be outraged and deserve better. 

In late October of this year, a joint cybersecurity advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) warned of an uptick in ransomware activity targeting the healthcare and public health (HPH) sector, specifically hospitals and healthcare providers.

The advisory came just over a month after reports out of Germany documented the first patient death directly tied to a hospital ransomware attack. That’s right: The healthcare cybersecurity situation has now become a matter of life and death.

Healthcare cybercrime such as ransomware is especially egregious during a pandemic, as illustrated by Bitdefender data (via Security Boulevard). But it is now sadly all too commonplace. Also far too commonplace is the seeming inattention and inaction in the face of rising threats.

READ MORE….

Hundreds of Millions of Facebook Records Exposed to Public Via Amazon Cloud Servers

cybersecurity-hacked

(WTVA) – A vast collection of data on Facebook users was exposed to the public until recently on Amazon’s cloud computing servers, researchers have found.

Two third-party Facebook app developers were found to have stored user data on Amazon’s servers in a way that allowed it to be downloaded by the public, according to a report from UpGuard, a cybersecurity firm.

One of the companies stored 146 gigabytes of data containing more than 540 million records, including comments, likes, reactions and account names, on the Amazon servers, according to UpGuard. The number of users whose data was included is not yet clear.

Another app is said to have stored unprotected Facebook passwords for 22,000 users.

READ MORE….

Cybersecurity Considerations for Power Substation SCADA Systems Using IEC-61850 Communications

Electrical-Substation
When including security controls into a SCADA system design, it is sometimes difficult to separate design
goals from security requirements. The foremost goal for a SCADA system is to provide protection,
automation, and data acquisition. This paper discusses major
vulnerabilities and cybersecurity considerations that require proper analysis when designing and
implementing a secure IEC-61850 standard-based SCADA system within a power substation. 
Click here to continue reading….

Securing Legacy SCADA Systems Against Cyber Threats

SCADA-image

There are numerous cyber threats and vulnerabilities announced almost daily with warnings across this country directed at our energy and critical infrastructure sectors from various organizations, such as: FBI, DHS, NSA, DOD, DOE, FERC, NERC, CISA, USCYBERCOM, and many more… These warnings have been directed specifically towards the power utility sector as being very vulnerable towards future cyber threats.

For the electric power industry and other service sectors, Supervisory Control & Data Acquisition (SCADA) has performed a crucial role by allowing better decision making through operating, controlling, monitoring and maintaining critical control systems.
With Smart Grid (SG) and Distributed Generation (DG) gaining more popularity results in more 3rd party stakeholders demanding access to utilities’ SCADA system. Some utility SCADA systems are older legacy systems that are in dire need of replacing in order to have:  a more secure system, access to the latest vendor security patch updates, and to allow for better functionality, etc.
Click here to continue reading….