IoT Cybersecurity Improvement Act Passed, Heads to President’s Desk

Security experts are applauding the recent stamp of approval by the U.S. Senate on a groundbreaking internet-of-things (IoT) security regulatory effort. The IoT Cybersecurity Improvement Act, which was led in bipartisan sponsorship by Reps. Will Hurd (R-Texas) and Robin Kelly Read More …

Adventures in MQTT Part II: Identifying MQTT Brokers in the Wild

The use of publicly accessible MQTT brokers is prevalent across numerous verticals and technology fields. I was able to identify systems related to energy production, hospitality, finance, healthcare, pharmaceutical manufacturing, building management, surveillance, workplace safety, vehicle fleet management, shipping, construction, Read More …

Australian government releases voluntary IoT cybersecurity code of practice

The Australian government has released a voluntary code of practice for securing the Internet of Things (IoT) in Australia. The voluntary Code of Practice: Securing the Internet of Things for Consumers [PDF] is intended to provide industry with a best-practice Read More …

DARPA Investing in Encryption to Secure “Internet of Things”

The Defense Advanced Research Projects Agency (DARPA) is seeking information on ways to secure billions of internet-connected devices against futuristic code-breaking tools, according to an Aug. 11 sources-sought notice. DARPA officials envision a not-too-distant future in which billions, perhaps trillions, Read More …

Ripple20 vulnerabilities will haunt the IoT landscape for years to come

Cyber-security experts have revealed today 19 vulnerabilities in a small library designed in the 90s that has been widely used and integrated into countless of enterprise and consumer-grade products over the last 20+ years. The number if impacted products is Read More …

Singapore to spend $719m beefing up government’s cyber, data security systems

The Singapore government will look to invest SG$1 billion to beef up its cyber and data security systems, which it says is critical as its agencies increasingly adopt technologies such as artificial intelligence (AI), cloud, and Internet of Things (IoT). Read More …

NERC CIP compliance in Azure

When I did my first North American Electric Reliability Corporation—Critical Infrastructure Protection (NERC CIP) compliance project it was 2009. NERC CIP was at version 3. It was the first mandatory cybersecurity standard that the utility I was working for had Read More …

Fake Smart Factory Honeypot Highlights New Attack Threats

A honeypot set up to observe the current security landscape in smart manufacturing systems observed numerous threats—including cryptomining malware and ransomware—in just a few months, highlighting the new threats that industrial control systems (ICS) face with increased exposure to the Read More …