Whitepapers & Reports
With in-house expertise from top security organizations including the NSA, CIA, FBI and DHS, our team of experts offer unprecedented insight on how to upgrade your organization’s cyber defenses while advancing its digital transformation.
Asset to Vendor Network for Power Utilities
August 30, 2021 The cost-effective CIP-013 supply chain risk management solution
Enhancing Cybersecurity Best Practices with Software Bill of Materials (SBOM)
August 13, 2021 The organizations that support and supply products and services to our critical infrastructure are wholly reliant on advanced operational software and hardware assets to ensure effective and reliable operations, and therefore are particularly vulnerable to cyber risk within their complex supply chains. Policies like Executive Order 14028 require the implementation of software supply chain risk strategies such as acquiring software bill of materials (SBOM) from supply chain vendors.
The Kaseya Ransomware Attack: What We Know Now
July 7, 2021 On July 2, 2021, the Miami-based Managed Service Provider (MSP) Kaseya announced they were experiencing an attack against their Virtual System Administrator (VSA) and that some on-premises clients had been affected. The attack culminated with the distribution of malware to certain Kaseya clients from the known ransomware-as-a-service (RaaS) group REvil, who demanded $70 million in cryptocurrency before they will distribute a decryption key to restore business data, although updates from Kaseya stated that this price has already been lowered to $50 million.
Zoom Video Conferencing & Communications
April 2, 2020 Zoom is the leader in modern enterprise video communications, with an easy, reliable cloud platform for video and audio conferencing, collaboration, chat, and webinars across mobile devices, desktops, telephones, and room systems. Due to COVID-19, there has been a sharp increase for remote communication needs, a preventative measure many are taking.
U.S. Power Grid Experiences a Denial-of-Service Attack Due to Outdated Security Appliance
October 1, 2019 In May of 2019, the U.S. power grid experienced another attack. A series of unpatched Cisco Adaptive Security Appliances belonging to a western electric utility provider suddenly began repeatedly rebooting – for over ten hours. These firewalls were on the outer security layer of the network, and as a result of the continued rebooting, local network services came to a halt. This type of attack is known as a Denial of Service (DoS) attack.The electric utility provider and device manufacturer both began combing through logs and network traffic, but they soon realized that the problem was not a hardware malfunction, but that the network was under direct attack.
NERC CIP Compliance
May 10, 2019 The North American Electric Reliability Corporation (NERC) is a non-profit organization tasked by the Federal Energy Regulatory Commission (part of the US Department of Energy) with ensuring the reliability of the North American electric power grid. Among its tasks are drafting and auditing standards for cyber security of the systems that monitor and control the grid.
5 Steps for an Effective Third Party Vendor Risk Program
May 9, 2019 Get the latest advisory report on planning and creating an effective third party vendor risk program.
White Paper: Building a Sustainable Maritime OT Cyber Security Program
January 15, 2019 The maritime industry including shipping companies, cargo carriers, and cruise lines is undergoing a massive digital transformation. It is seeing a dramatic shift from legacy, standalone Operational Technology (OT) to systems that are increasingly automated, complex and interconnected to both onboard and shore side resources.