griDNA, an R&D 100 (2025) finalist from Sandia National Laboratories, is an autoencoder-based system that fuses 60-samples-per-second grid measurements (frequency, voltage, current) with intermittent network telemetry to identify cyber, physical, and blended anomalies on the power grid. The team has run the model on low-cost single-board computers and on existing security devices and is field-testing… The post R&D 100 finalist: Sandia’s griDNA flags cyber-physical grid anomalies at the ed...| Research & Development World
"Critical infrastructure faces not only unresolved weaknesses but mounting geopolitical risks."| Machine
The U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) plans to delay the publication of its much-anticipated cybersecurity incident reporting rule implementing the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”). According to an entry on the Spring 2025 Unified Agenda of Regulatory and Deregulatory Actions, released on September 4, 2025, CISA currently plans... Continue Reading…| Inside Privacy
Last month, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”), in partnership with the Federal Bureau of Investigation (“FBI”), National Security Agency, Environmental Protection Agency, and cybersecurity authorities in Australia, Canada, Germany, Netherlands, and New Zealand, published new cybersecurity guidance (the “Guidance”) related to operational technology (“OT”), i.e., systems and devices that interact with a... Continue Reading…| Inside Privacy
A new report from PinnacleOne reveals the rise of cyber risks in UK construction and offers guidance for CISOs in this critical industry.| SentinelOne
Looking back at 2024, we recognize the immense value in revisiting some of our most impactful threat research. These articles not only offered real-time insights into pressing cybersecurity issues but also set the stage for advancements in AI-powered threat detection and defense.| MixMode
In our first blog, we outlined the challenges of NERC CIP-015-1, which mandates Internal Network Security Monitoring (INSM) within Electronic Security Perimeters (ESPs), exposing the limitations of traditional SIEM, IDS, and NTA tools in SCADA and air-gapped Sensitive Compartmented Information Facilities (SCIFs). Our second blog highlighted the need for an OT-centric approach, introducing MixMode’s Third-Wave […]| MixMode
We explore why an OT-centric approach is critical for addressing CIP-015-1’s unique demands and introduce MixMode’s Third-Wave AI, a transformative solution with origins in SCADA and mechanical engineering.| MixMode
During the first week of August 2025, the U.S. Nuclear Regulatory Commission (NRC) published Event Notification Reports documenting a wide range of nuclear-related incidents nationwide. The following events were published [...] Read the full story at CBRNE Central: U.S. NRC Radiological Incident Reports for Early August 2025.| CBRNE Central
Pacific Northwest National Laboratory (PNNL) has released a new report titled “Zero Trust Strategies for Chemical, Biological, Radiological, and Nuclear Detection Systems: D.1 Cyber Scenarios,” prepared for the U.S. Department [...] Read the full story at CBRNE Central: Zero Trust Strategies for Securing CBRN Detection Systems.| CBRNE Central
In an important international collaboration, U.S. Navy explosive ordnance disposal (EOD) technicians from Explosive Ordnance Disposal Mobile Unit 2 (EODMU-2) recently completed a joint training initiative with Panamanian EOD forces [...] Read the full story at CBRNE Central: U.S. and Panamanian EOD Teams Join Forces to Protect the Panama Canal.| CBRNE Central
What Differentiates Public Transport From Other OT Technology An Attack on Public Transport Is an Attack on the Public When a cyberattack hits any sector of critical infrastructure, it can directly impact the public by rendering water undrinkable, shutting off the electricity, and otherwise disrupting people’s lives. But when it comes to public transit, the... Read more » The post When People Are the Cargo appeared first on TXOne Networks.| TXOne Networks
Understand what OT cybersecurity is, how it differs from IT, and how to protect industrial environments from cyber threats.| TXOne Networks
The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standard CIP-015-1, effective September 2, 2025, demands a new approach to securing critical infrastructure, exposing the inadequacies of conventional methods.| MixMode
In today’s connected world, artificial intelligence (AI) is driving innovation in everything from healthcare and agriculture to threat detection and disaster response. But as systems become more reliant on sensitive, [...] Read the full story at CBRNE Central: Federated Learning for Security and Resilience: Transforming Privacy-Conscious AI in Critical Infrastructure.| CBRNE Central
Overview UNC3886 is a state-sponsored advanced persistent threat (APT) group first identified by Mandiant in 2022. Believed to be linked to China, UNC3886 has been active since at least 2021, conducting highly targeted cyber espionage operations against critical infrastructure and virtualized environments worldwide—with a strategic focus on Asia and North America. Targeted Sectors and... Read more » The post Unmasking UNC3886: A Sophisticated Cyber Espionage Group Targeting Critical Inf...| TXOne Networks
SentinelOne shares distinct attack clusters and a detailed timeline of events on an active exploit of the ToolShell 0-day in MS SharePoint.| SentinelOne
Water and wastewater utilities in New York State will for the first time be required to meet a host of basic cybersecurity requirements.| StateScoop
My name is Josh Velazquez, and I’m the vice president of the Fence Division at SAGE Integration. At SAGE I lead high-security perimeter projects for critical infrastructure—from data centers to substations, solar farms, and more. With a degree in construction management from Bowling Green State University and over 15 years in the construction industry, I’ve… The post The Fence Perspective: Bringing Construction to Security appeared first on Security Industry Association.| Security Industry Association
Water and Wastewater Systems are increasingly becoming soft targets for sophisticated cyber attackers. A new joint fact sheet from the EPA and CISA puts this threat front and center, warning utilities about the growing risk of internet-exposed Human Machine Interfaces (HMIs).| MixMode
Purism’s Librem 5 and Liberty Phones Named the Most Secure Smartphones in the World Top cybersecurity and tech publications agree—Purism leads the industry in mobile security for 2025. The post The 2025 Most Secure Phone in The World Reviews Are In: Efani, Analytics Insight, Navi, and Cashify appeared first on Purism.| Purism
80% of utility operators were targeted by cyberattacks in the past year, according to The State of Critical Infrastructure Resilience report.| Help Net Security
What IT & OT leaders must know about the NCIIPC Conformity Assessment Framework to safeguard India’s Critical Infrastructure. Prepare for CAF in 2025.| Payatu
As we approach the end of the year, here are the Top 10 Cybersecurity posts on the Debevoise Data Blog in 2024 by page views. If you are not already a Blog subscriber, click here to sign up. Managing Cybersecurity Risks Arising from AI – New Guidance from the NYDFS (October 20, 2024) As cybersecurity risks continue [...]| Debevoise Data Blog
Debevoise’s Data Strategy and Security group recently assisted four leading trade associations that represent the financial services industry in preparing a joint comment letter in response to the Cybersecurity and Infrastructure Security Agency’s (“CISA”) notice of proposed rulemaking for reporting requirements for critical infrastructure entities that experience covered cybersecurity incidents (the “Proposed Rule”), developed pursuant [...]| Debevoise Data Blog
Ransomware and malware delivered through USB devices put pressure on industrial systems, according to the Honeywell 2025 Cyber Threat Report.| Help Net Security
The chairman of the House Homeland Security subcommittee on cybersecurity is apprehensive about the Department of Homeland Security’s plans to end a program that vets mobile apps for federal agencies.| CyberScoop
Budget and funding uncertainty make efficiency essential in civil infrastructure projects. How new, cloud-based technologies can help.| GovDesignHub
China’s state-sponsored cyber operations, driven by groups like Volt Typhoon, Salt Typhoon, Brass Typhoon, and APT41, and amplified by techniques like Fast Flux DNS, are not chasing Hollywood apocalypse—they’re seizing America’s networks, turning our infrastructure into a weapon against us.| MixMode
In our newest MixMode report, we break down how a critical infrastructure provider uncovered active nation-state and insider threats within three days of deploying our AI-driven security platform.| MixMode
Operational Technology (OT) networks and Industrial Control Systems, the backbone of critical infrastructure, have traditionally operated in isolation and designed more for reliability and efficiency than security. The increasing convergence of IT and OT systems, driven by digital transformation and the Internet of Things (IoT), promises to revolutionize industries from…| MixMode
Governor Greg Abbott has issued a ban on Chinese AI and social media apps, including DeepSeek, citing cybersecurity risks and potential threats to state infrastructure.| WinBuzzer
Ransomware and extortion incidents increased in 2023, creating a global crisis. 5,000 ransomware victims were detected across social channels.| Help Net Security
The Biden administration is looking to understand just how widespread open-source software is in critical infrastructure.| CyberScoop
CISA Director Jen Easterly says the CrowdStrike-linked outage serves as a “dress rehearsal” for what China may have planned for U.S. critical infrastructure.| CyberScoop
Industry representatives in a House hearing pointed to the Biden administration’s cyber reporting mandate as an example of overlapping regulations.| CyberScoop
The attack is the latest in a string targeting Ukrainian critical infrastructure and illustrates the growing ease of targeting industrial systems.| CyberScoop
A new document from CISA guides local governments and the private sector on how to improve the resiliency of critical infrastructure.| StateScoop
A guide to using cybersecurity metrics and Security Key Performance Indicators (SKPI) to measurably develop OT security maturity levels.| TXOne Networks
Open source is people and people are open source. Duane O’Brien talks about what he’s learned about supporting, connecting with, and caring for the critical human infrastructure of open source.| Open Source Stories