Aspen Institute Germany’s Post

A recent study commissioned by Telstra International sheds light on the pressing security risks looming over North Asia's Industry 4.0 ambitions. With only 13% of businesses possessing advanced readiness to tackle IT/OT security and a staggering 60% at a basic level, it's evident that the journey towards security convergence is not without its hurdles. Integrating transformative technologies like IoT, AI, and big data is driving unprecedented connectivity across manufacturing, healthcare, and logistics sectors. However, this integration also exposes organizations to heightened cybersecurity risks.

"IoT supply chain security: challenges and impacts" Are your systems at risk? Are you confident in the measures you've taken to safeguard your business operations or smart home from potential threats? How do you navigate the delicate balance between implementing patches and updates without risking the stability of your software and devices? Are you concerned about the increasing threat of IoT supply chain attacks?   Join us on 8. April 2024, at 14:00 CET, and listen to the representatives of the European Commission, ENISA, NIST, ETSI, ECSO,  BEUC, TÜVIT, and EY! You can expect to learn about crucial topics, including: ·       Threats posed to our interconnected systems; ·       Progress made in IoT security measures; ·       The current landscape of regulations and standards; ·       Measures for businesses and users to enhance their cybersecurity posture. Don't miss this opportunity to learn from industry experts! Register for free ➡️ https://lnkd.in/dff4xNaK If you can't attend live, we'll send you a recording of the Roundtable afterward. European Union Agency for Cybersecurity (ENISA) European Cyber Security Organisation (ECSO) ETSI National Institute of Standards and Technology (NIST) BEUC - The European Consumer Organisation TÜV Informationstechnik GmbH - TÜVIT (TÜV NORD GROUP) EY #iotsecurity #cybersecurity #supplychainsecurity #standards #regulation #NIST2 #CRA

🚨 Calling all industrial and cybersecurity experts! The clock is ticking on NIS2 compliance, and AWS Community Day Italy has you covered! Woody Borraccino presents: "Industrial Edge Security on AWS for NIS2 Directive" With the new NIS2 directive coming into effect in October 2024, is your company prepared to meet the security requirements for OT components in critical national infrastructure? This session is your roadmap to compliance and enhanced security. 🏭 What you'll discover: • A deep dive into the NIS2 directive and its implications • A reference architecture that meets the new directives using AWS Industrial IoT services • Real-world case studies of successful implementations • Strategies to enhance your industrial edge security Whether you're in manufacturing, energy, utilities, or any critical infrastructure sector, this session will provide invaluable insights to help you navigate the new regulatory landscape. 📅 Date: September 27, 2024 📍 Location: Rome, Italy Be proactive about NIS2 compliance! Reserve your spot now: https://lnkd.in/dKVsErwJ #AWSCommunity #AWSCommunityDay #NIS2 #IndustrialIoT #Cybersecurity

Inventorying IoT/OT devices is a substantial challenge. But it's also now a mandated challenge for federal agencies. In his latest blog for Phosphorus, John Vecchi breaks down key requirements from the OMB FY24 Memo, providing a path forward for agencies to address the OMB’s directives for IoT and OT discovery and compliance in environments complicated by decentralized device deployment, a wide-ranging variety of vendors, models, and protocols, and legacy systems integrated with modern cybersecurity frameworks. https://okt.to/WMLqBP #IoTSecurity #OTSecurity #OMBmemo #complianceregulations

Zscaler extends zero trust SASE and eliminates the need for firewall-based segmentation: Zscaler has signed an agreement to acquire Airgap Networks. Combining Zscaler’s zero trust SD-WAN and Airgap Networks’ agentless segmentation technology will transform how enterprises implement zero trust segmentation to IoT/OT devices, and critical infrastructure across branches, campuses, factories, and data centers, including east-west connectivity. Traditional NAC and network-based firewalls that use static access control lists (ACLs) to control east-west traffic were not designed to prevent sophisticated threats from moving laterally within a local area network … More → The post Zscaler extends zero trust SASE and eliminates the need for firewall-based segmentation appeared first on Help Net Security. @Poseidon-US #HelpNetSecurity #Cybersecurity

👀Advising Awareness👀 Just this week, CISA issued an advisory concerning a high-severity vulnerability in RAD Data Communications' SecFlow-2 switch/router, a device designed for tough industrial settings. 🚨 This path traversal vulnerability, identified as CVE-2019-6268, was highlighted due to a publicly available proof-of-concept (PoC) exploit that surfaced on the Packet Storm website in March 2024. The exploit allows unauthorized attackers to traverse directories to access sensitive files, like password hashes, on affected devices. ⬆️ CISA alerted RAD to the vulnerability following the discovery of the PoC. However, since the SecFlow-2 model is now end-of-life, RAD recommends that customers upgrade to their newer SecFlow-1p industrial IoT gateway. While specific updates for the discontinued product are unlikely, CISA has issued general security recommendations to mitigate the risk of exploitation, which remains a significant concern given the device's global deployment in the communications sector. 📣 Advisories like these can be crucial to the organizations and sectors that need them, and it's important they receive this information as soon as possible. ❓ What's your procedure and some best practices you follow for staying up to date on any announcements, patches, security advisories, or updates concerning your own networks and systems? Let us know in the comment below! #CISA #advisory #securityalert #vulnerability #RAD #SecFlow-2 #CVE-2019-6268 #industrial #criticalinfrastructure #riskmitigation #riskmanagement #technolgy https://buff.ly/3VMbs5v

Research finds that there were 420 million attacks on critical infrastructure in 2023 – a 30% increase from the prior year. Dive into the challenges and solutions for protecting critical infrastructure in the era of IoT in our latest blog.

Research finds that there were 420 million attacks on critical infrastructure in 2023 – a 30% increase from the prior year. Dive into the challenges and solutions for protecting critical infrastructure in the era of IoT in our latest blog.

Research finds that there were 420 million attacks on critical infrastructure in 2023 – a 30% increase from the prior year. Dive into the challenges and solutions for protecting critical infrastructure in the era of IoT in our latest blog.

I'm thrilled to share that our latest paper, "Patchy Performance? Uncovering the Vulnerability Management Practices of IoT-Centric Vendors," has been accepted at the prestigious 2024 IEEE Symposium on Security and Privacy (S&P)! In our study, we delve into the enduring challenges of IoT security, with a keen focus on the pivotal role of vendors. Through meticulous analysis of factors like vendor size, location, and vulnerability disclosure policies, we've uncovered some fascinating insights. One noteworthy discovery is that IoT-centric vendors tend to indeed produce more vulnerabilities. However, what's surprising is that when it comes to patching behavior, these vendors often outshine their non-IoT-centric counterparts by releasing patches more promptly. This empirical revelation not only enriches our understanding of IoT security dynamics but also lays the groundwork for regulatory interventions aimed at fortifying the security practices of IoT vendors. I want to extend my heartfelt gratitude to my esteemed co-authors, Carlos Hernandez-Gañan and Michel van Eeten, for their valuable contributions to this paper. You can dive into the full paper here: https://lnkd.in/eJ5cYFNc #IoTSecurity #IEEE #ResearchInsights #Cybersecurity