“This PlugX variant is wormable and infects USB devices in such a way that it conceals itself from the Windows operating file system,” Palo Alto Networks Unit 42 researchers Mike Harbison and Jen Miller-Osborn said. “A user would not know their USB device is infected or possibly used to exfiltrate data out of their networks.”
In this era of digital transformation, technologies cannot become a pain for organizations, it must be the answer that adds value. That is why it is so important to identify and know the ecosystem in which the transformation strategy is going to be developed, which makes a difference with respect to digitalization.
Eric Cosman, chairman of ISA99 Committee, explains that standards, guidance, and direction are available from several sources, but surveys and anecdotal reports have shown that many still struggle with how to turn this information into effective programs. Suppliers have a clear imperative to improve their products, but asset owners often struggle with how to get started. Practical approach into cybersecurity is very hard to find in the market, still today.
When the owner of the industrial plant has the possibility of having the best of both worlds, the best control systems and the best security. When the consequences occur the damage is done, and there is no turning back. That is why we say that it is never too late to deal with security (redesign), but the sooner much better (design).
The International Society of Automation (ISA) and the ISA Global Cybersecurity Alliance (ISAGCA) are proud to announce that the International Electrotechnical Commission (IEC) has officially designated the IEC/ISA-62443 series of standards as "horizontal," meaning they are proven to be applicable to a wide range of different industries.
We continue to watch as many professionals with vast experience in Information Security, industrial companies taking action, renowned cybersecurity consultancies, government organizations and technology developers are wrong (by far) when it comes to mitigating industrial cyber risk. One of the main mistakes is to implement the same strategies as in industrial information security.
We continue to observe how many professionals with vast experience in Information Security, industrial companies that take action, renowned cybersecurity consultants, government organizations and technology developers are wrong (by far) when it comes to identifying, evaluating, classifying and managing industrial cyber assets. One of the main mistakes is to focus and prioritize those that have communications interfaces over those that do not. The errors we observe are many and very significant.
During the assessment of industrial cyber risks with the industrial cyber risk management system "ZCM-RM-ASSESS" we can mitigate the risk of vulnerabilities that do not yet exist or that are unknown. The unique methodology developed within the ZCM system allows long-term decisions to be made that are appropriate for industrial areas.
The new training courses 2150, 2160, 2161, and 2162 are dedicated exclusively and primarily to implementation and compliance, with the ZCM system developed by WisePlant Group LLC. Users are able to begin implementation and begin to comply immediately and without delay with all the requirements of the ISA/IEC-62443 series of standards.