Skip Navigation

Critical Infrastructure News

Researchers with cybersecurity company SentinelOne reconstructed the recent cyberattack on Iran's train system in a new report, uncovering a new threat actor -- which they named 'MeteorExpresss' -- and a never-before-seen wiper.

On July 9, local news outlets began reporting on a cyberattack targeting the Iranian train system, with hackers defacing display screens in train stations by asking passengers to call '64411', the phone number of Iranian Supreme Leader Khamenei's office. 

Train services were disrupted and just one day later, hackers took down the website of Iran's transport ministry. According to Reuters, the ministry's portal and sub-portal sites went down after the attack targeted computers at the Ministry of Roads and Urban Development

Read more: ZD Net

Protection of our Nation’s critical infrastructure is a responsibility of the government at the Federal, State, local, Tribal, and territorial levels and of the owners and operators of that infrastructure.  The cybersecurity threats posed to the systems that control and operate the critical infrastructure on which we all depend are among the most significant and growing issues confronting our Nation.  The degradation, destruction, or malfunction of systems that control this infrastructure could cause significant harm to the national and economic security of the United States.

Read more: The White House

Critical pipeline operators have reported more than 220 cybersecurity incidents since the Transportation Security Administration implemented emergency measures in the wake of the crippling ransomware attack on one of America's most important pipelines, according to TSA Administrator David Pekoske.

Companies have been reporting incidents since day one of the agency's May 28 security directive aimed at critical pipelines, Pekoske told CNN in an interview. Reporting of cybersecurity incidents has ramped up since the directive, according to Pekoske, who said the reports will help TSA understand the risks facing the industry. Prior to the directive, reporting was voluntary.

TSA issued its first cybersecurity directive following the ransomware incident at Colonial Pipeline, which prompted the shutdown of operations and led to several days of panic gasoline buying and shortages throughout the East Coast.

The directive includes a requirement for around 100 critical pipeline companies to report cybersecurity incidents to the Department of Homeland Security's cybersecurity agency within 12 hours, a DHS official previously said. TSA has unique authority over the surface transportation industry, which includes more than 2.7 million miles of natural gas and hazardous liquid pipelines, allowing the agency to regulate the industry.

Read more: CNN

JOHANNESBURG, July 22 (Reuters) - A cyber attack has disrupted container operations at the South African port of Cape Town, an email seen by Reuters on Thursday said.

Durban, the busiest shipping terminal in sub-Saharan Africa, was also affected, three sources with direct knowledge of the matter told Reuters.

Cape Town Harbour Carriers Association said in an email to members, seen by Reuters: "Please note that the port operating systems have been cyber-attacked and there will be no movement of cargo until the system is restored."

Read more: Reuters

The U.S. House of Representatives this week passed several cybersecurity bills, including ones related to critical infrastructure, industrial control systems (ICS), and grants for state and local governments.

One of the bills focusing on critical infrastructure is the Cybersecurity Vulnerability Remediation Act, which aims to authorize the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to assist owners and operators of critical infrastructure with mitigation strategies against serious vulnerabilities.

The bill covers vulnerabilities in IT and OT systems, as well as security holes in hardware or software that is no longer supported. It also authorizes the DHS to create a competition for identifying remediation solutions for vulnerabilities in IT and ICS products.

Read more: Security Week