As industrial control systems are connected to the cloud and the IoT, experts discuss security challenges.
There's no evidence that the Massachusetts gas explosions are caused by hackers, but that hasn't stopped people from baseless speculations.
These 40 Greater Baltimore professionals are going places.
There really is no single grid to bring down in a civilization-ending crash.
Listen in as Paul and Matt review the ICS security landscape, discussing the problems and potential solutions to secure critical infrastructure.
While burnout, depression and PTSD can affect anyone, infosec mental health still doesn't often get the attention it deserves, but Black Hat 2018 attempted to change that.
When I have a bad day it's a bad day for a lot of people, says Sergio Caltagirone, former NSA cyber-defense expert and director of threat intelligence at Dragos.
Attacks on American power systems are likely to be small and localized, according to a cybersecurity firm, casting doubt on the ability of a foreign power to take down broad swaths of U.S. electric systems at once.
Dragos is excited to announce updates to the Dragos Platform with the release of version 1.3.
A chill spread over the manufacturing automation sector this week as a warning released from the Department of Homeland Security (DHS) regarding Russian infiltration of energy sector systems and networks.
Unbreakable encryption is the best-known example of law enforcement’s struggles to access digital evidence, but it’s not the most pressing one, according to a report out today from the Center for Strategic and International Studies.
Experts say a recent DHS briefing that warned hackers could cause widespread blackouts may have overstated the threat.
Department of Homeland Security (DHS) officials have reportedly said that Russian hackers could have infiltrated power plant control rooms and caused blackouts last year. However, as an industrial cybersecurity expert pointed out, the impact of the incidents may be overstated.
ForeScout Technologies, Tripwire, Dragos, Splunk, KORE Wireless, TDi Technologies, FoxGuard Solutions, and Veracity Industrial Networks have joined the National Cybersecurity Center of Excellence (NCCoE) as technology collaborators in the Energy Sector Asset Management (ESAM) Project.
The U.S. Department of the Treasury on June 11 slapped sanctions on five Russian firms and three Russian individuals for several “significant” malicious cyber-enabled activities, including cyber intrusions in the U.S. energy grid.
The hacking threat to critical infrastructure in the United States and beyond is growing larger, with nation states and other malicious actors looking to gain a foothold in sensitive technologies to conduct espionage and potentially stage disruptive or destructive attacks.
In part two of this interview from RSA Conference 2018, Dragos CEO Robert Lee discusses the latest threats to industrial control systems and how those threats can be exaggerated.
A threat actor linked to North Korea’s Lazarus Group has stopped targeting organizations in the United States, but remains active in Europe and East Asia.
A cyber attack can be devastating, resulting in major losses to a company’s finances and reputation. But a cyber attack against critical infrastructure can also be deadly. That’s where Maryland-based cybersecurity startup Dragos finds its niche.
A group known for infecting a Saudi petrochemical plant with highly sophisticated industrial control malware has expanded its operations, according to new research, with a former U.S. official telling CyberScoop that companies inside the United States have been breached.
The “world’s most dangerous cyber threat” is on the move, according to an update out this morning from industrial control system cybersecurity firm Dragos.
A relatively new cyberattack threat activity group dubbed “XENOTIME” is intent on compromising and disrupting industry safety instrumented systems globally, and cybersecurity experts are warning it is “easily the most dangerous threat activity publicly known.”
To protect your most valuable information you need to move beyond so-called cyber hygiene, the necessary but insufficient deployment of security software and network-monitoring processes.
2017 featured a number of concerning discoveries in industrial control systems (ICS) network security: targeted, disruptive attacks; ICS-focused threat activity groups, and increasing permeability between IT and ICS networks.
Tracking the activity of nefarious groups affords defenders a deeper level of understanding that can be useful in not only understanding different types of threats but also in building defenses to withstand a cyber-attack.
The cyberthreat hunters had honed their chops at the National Security Agency — the world’s premier electronic spy agency. And last fall, they were analyzing malware samples from around the world when they stumbled across something highly troubling: the first known piece of computer software designed to kill humans.
Dragos, Inc., a leader in industrial threat detection and response, and Schweitzer Engineering Laboratories (SEL), a lead supplier of digital systems that protect power grids around the world, have formed a partnership to arm the electric power community with the tools to better detect and respond to threats within their industrial control system (ICS) networks.
Industrial security provider, Dragos, Inc., inked a partnership pact with Schweitzer Engineering Laboratories (SEL) to help the electric power sector detect and respond to threats within their industrial control system (ICS) networks.
SEL and Dragos, trusted names in digital power system products and cybersecurity, have jointly developed a solution that provides continuous monitoring, threat intelligence and active cyber defense for industrial control systems.
Here & Now's Peter O'Dowd speaks with Robert Lee (@RobertMLee), CEO of the cybersecurity company Dragos, Inc.
On Thursday, the Department of the Treasury announced new sanctions against a number of Russians and Russian entities believed to be linked to hacking efforts both during the 2016 election and since.
This was a great debate from S4x18. Dan Scali of FireEye took the Enterprise SOC side and debated with Rob Lee of Dragos, who argued the OT SOC side.
Patching security vulnerabilities in industrial control systems (ICS) is useless in most cases and actively harmful in others, ICS security expert and former NSA analyst Robert M. Lee of Dragos told the US Senate in written testimony last Thursday.
In a series of reports, specialist cybersecurity vendor Dragos has published data on the cybersecurity risks facing industrial control systems (ICS). One of the three reports is titled Hunting and Responding to Industrial Intrusions.
How many hacking groups are focusing on ICS systems? Dragos security researchers say at least five were active in 2017.
New Dragos report finds rising number of public vulnerability advisories around ICS with not enough reasonable guidance around how to deal with these flaws.
Though increasingly serious cybersecurity threats loom, nearly two-thirds of U.S. industrial control system (ICS) vulnerabilities identified in 2017 could cause severe operational impact if exploited, cybersecurity firm Dragos Inc. warned in a series of reports published March 1.
Hackers who attacked a petrochemical plant in Saudi Arabia last year gained control over a safety shut-off system that is critical in defending against catastrophic events, according to security researchers shedding light on what they describe as a new type of cyberattack.
Electricity isn’t exactly a growth business, so Xcel Energy’s employee head count doesn’t budge much from year to year. One department is an exception: cybersecurity.
On this week’s episode of Research Saturday, we talk about TRISIS, the ICS tailored malware affecting the safety systems of at least one victim in the Middle East. This is only the fifth known incident of malware targeting ICS systems, and joining us to talk about it is Robert M. Lee, CEO of Dragos.
We have considerably expanded our cybersecurity program at the Forum this year, and as a preview ARC vice president and cybersecurity domain expert Sid Snitkin interviewed NaturEner's Marc DeNarie and Dragos Inc. founder and CEO Robert Lee. In this podcast, Marc shares some details of the case study he will present jointly with Rob at the ARC forum about his experience implementing a cybersecurity strategy with the Dragos solution at NaturEner.
Swedish and international security experts estimate that there have been serious security shortcomings in the infrastructure that provides the Swedish rail network with electricity.
The country has been attacked the past two years in December. A new strike could have major implications for cybersecurity in the U.S.
Cyberattacks are a major concern for industrial organizations around the world. Most have accepted the need for cybersecurity and invested in defensive technologies and practices recommended by automation suppliers and security consultants.
A government security alert about foreign hackers probing the networks of U.S. energy companies frightened casual observers, but security experts say the report provided little more than an update on relatively well-known activity and behavior.
The U.S government issued a rare public warning that sophisticated hackers are targeting energy and industrial firms, the latest sign that cyber attacks present an increasing threat to the power industry and other public infrastructure.
Last week cybersecurity firm Symantec released a report on what it calls Dragonfly 2.0—a collection of intrusions into industrial and energy-related organizations worldwide.
A well-resourced hacking group known as Dragonfly is actively and successfully targeting U.S. and European energy companies. Robert Lee, CEO of cybersecurity company Dragos, told CyberScoop that people shouldn’t be alarmed, though.
From the media buzz, one might conclude that power grid infrastructure is teetering on the brink of a hacker-induced meltdown. The real story is more nuanced, however. Scientific American spoke with grid cybersecurity expert Robert M. Lee, CEO of industrial cybersecurity firm Dragos, Inc., to sort out fact from hype.
Maryland-based firm, Dragos, raised $9 million in a funding round co-led by Silicon Valley venture fund Allegis Capital and east coast Energy Impact Partners.
The funding will go into expanding the team and spreading the firm's Dragos Platform technology. Built on the founders' knowledge of attacks on actual industrial control systems, it looks out for and acts on anything that looks abnormal.
Robert M. Lee thinks we should start taking infrastructure cybersecurity seriously. For a number of people right now, that may mean calming down. The U.S. is coming off two high-profile cyber threats that were less dangerous than many made them out to be.
Russian government hackers were behind recent cyber-intrusions into the business systems of U.S. nuclear power and other energy companies in what appears to be an effort to assess their networks, according to U.S. government officials.
Washington Post coverage of Dragos' research into CRASHOVERRIDE and the potential impacts.
In this report, Dragos’ Robert M. Lee and Ben Miller combine their knowledge of proper industrial control system functionality with new research conducted to better understand the threats posed to the ICS.
This week’s Deep Dive will revolve around the discussion I had with Sean Peasley, of Deloitte & Touche LLP, about their latest announcement of their new cyber risk platform. This platform was enabled by Dragos...
“We need to begin to have more technical leadership in government positions,” said Rob Lee, CEO of Dragos, Inc. in the context of attacks like the Ukraine power grid attack.
Two days before Christmas the lights went out across the Ivano-Frankivsk region of Ukraine.
IT WAS 3:30 p.m. last December 23, and residents of the Ivano-Frankivsk region of Western Ukraine were preparing to end their workday and head home through the cold winter streets.
The Obama administration’s efforts to press its election-hacking accusations against Russia could be undermined by a flurry of unfounded cyber charges against Moscow.