Category: Industry News

Industry News

Commission Communication to strengthen the resilience of critical entities across the EU adopted

Agency News, Industry News

On 11 September 2025, a Commission Communication to strengthen the resilience of critical entities across the EU was adopted. It provides non-binding guidance to EU countries to identify their critical entities and a risk assessment reporting template.

Directive (EU) 2022/2557 on the resilience of critical entities1 (‘the Directive’) aims to ensure that services essential for the maintenance of vital societal functions or economic activities are provided in an unobstructed manner in the internal market. The Directive enhances the resilience of the critical entities providing such services and creates an overarching framework of resilience of critical entities in respect of all hazards (natural and man-made, accidental or intentional).
To achieve a high level of resilience, Member States have obligations under the Directive. The Commission was mandated to develop recommendations, non-binding guidelines and a voluntary common reporting template to support them in fulfilling some of these obligations. Specifically, this Communication gives effect to Article 5(5) of the Directive regarding the development of a template for the provision of certain information to the Commission, to Article 6(6) of the Directive regarding the development of recommendations and guidelines to support Member States in identifying critical entities, and to Article 7(3) of the Directive regarding the adoption of guidelines to facilitate the application of the criteria for determining the significance of a disruptive effect, taking into account the information that Member States must submit in accordance with Article 7(2) of the Directive.
Before the adoption of this Communication, in accordance with the aforementioned provisions, Member States were consulted in a workshop that took place on 3-4 October 2024 and the Critical Entities Resilience Group (CERG) was consulted on 12 February 2025. Further bilateral consultations of CERG delegates took place in writing in March 2025 and an updated version was shared with the CERG on 7 April 2025.
The present Communication is not legally binding and does not affect the interpretation of EU law by the Court of Justice of the European Union.
The voluntary common reporting template for Member States to provide certain information related to the risk assessment to the Commission, as provided for in Article 5(5) of the Directive, is set out in the Annex.
Although this reporting template is voluntary in nature, Member States are encouraged to use it when providing information pursuant to Article 5(4) of the Directive.
Further details can be found in the 'Commission Guidelines and reporting template developed pursuant to Articles 5(5), 6(6) and 7(3) of Directive (EU) 2022/2557 on the resilience of critical entities'.
Leave a comment

The latest issue of Critical Infrastructure Protection & Resilience News has arrived

Association News, Industry News
Download your copy now at www.cip-association.org/CIPRNews
Please find here your downloadable copy of the Summer 2025 issue of Critical Infrastructure Protection & Resilience News, the official magazine of the International Association of CIP Professionals (IACIPP), for the latest views, features and news, including a Preview of the forthcoming Critical Infrastructure Protection & Resilience Europe conference, taking place in Brindisi, Italy next month as part of CIP Week in Europe, and co-hosted with The International Emergency Management Society (TIEMS) conference.
Critical Infrastructure Protection & Resilience News in this issue:
- Building Ukraine’s Shield: The Bold New Effort to Train Critical Infrastructure Security Professionals
- Critical Infrastructure Security Doesn’t Have Time for False Alarms as the Airspace Gets Busier with Drones
- The Drones Revolution and Its Implications for Modern Ground Warfare with Special Focus on Critical Infrastructure Protection & Resilience
- E-GIANTS Project Concludes Study on GNSS Authentication and Security Improvements
- Digital twins: The new pillar of critical infrastructure security
- Legal and Regulatory aspects relating to the physical security of the telecommunications infrastructure used for critical communication services
- Celebrating 10 years of IACIPP
- Preview of Critical Infrastructure Protection & Resilience Europe
- Securing the Backbone of Society: How to Protect Critical Network Infrastructure
- Closing the Gaps in Insider Threat Mitigation
- Zero Trust IEEE Standard: In Progress
- Expert interview with the European Utilities Telecom Council (EUTC)
- Agency News
- Industry News
Download your copy at www.cip-association.org/CIPRNews
#criticalinfrastructureprotection #criticalinfrastructure #resilience #cybersecurity #emergencymanagement #riskmitigation #portsecurity #homelandsecurity #firstresponder #riskmanagement #ai #artificalintelligence #energysecurity #gridresilience
Leave a comment

Standards Australia adopts world’s foremost standard for operational technology

Agency News, Cyber Security CII sector, Industry News
Australia has officially adopted the AS IEC 62443 series as national standards for protecting Operational Technology (OT) in critical infrastructure from cyber threats. This decision comes as cyberattacks grow more frequent and sophisticated, increasingly targeting the systems that support our daily lives.
OT systems are the backbone of essential services such as energy, water, transport, medical devices, and building automation. A successful cyberattack on these systems could disrupt communities, threaten public safety, and harm the environment. The AS IEC 62443 standards help prevent this by offering a clear, structured approach to cybersecurity that supports safety, reliability, and resilience throughout the life of these systems.
A Practical Framework for Securing OT Systems
OT environments face unique cybersecurity challenges that differ from traditional IT systems. To address these, specialised standards were developed for Industrial Automation and Control Systems (IACS). In response, the IEC/Technical Committee 65 Industrial-process measurement, control and automation developed the IEC 62443 series – Security for industrial automation and control systems. These standards are now recognised in Australia as AS IEC 62443, with the support and contributions from our national committee IT-006.
These standards are modular and role-based, allowing users to select only the parts relevant to their responsibilities or the stage of the system lifecycle they’re working in. They are designed for asset owners, service providers, and product suppliers, and they align with local regulatory requirements—making implementation practical and effective across sectors.
The benefits of adopting AS IEC 62443 are wide-reaching:
- Protects public health by helping to reduce the risk of system failures caused by cyberattacks
- Supports social stability by safeguarding the essential services communities rely on
- Boosts economic opportunities by allowing consumers to safely participate in energy markets, such as selling power back to the grid
- Reduces reputational risk by minimising the chance of prolonged outages and public fallout for organisations managing critical infrastructure
The IEC continues to evolve these standards to meet the needs of emerging technologies and smart systems. A new addition – Part 1-6 – will address the application of the series to the Industrial Internet of Things, further supporting the safety, reliability, and performance of smart energy, smart manufacturing, and smart cities.
By adopting AS IEC 62443, Australia is taking a proactive step to ensure its critical infrastructure is secure, resilient, and ready for the future.
Leave a comment ,

Thorium Platform Public Availability

Agency News, Cyber Security CII sector, Industry News
CISA, in partnership with Sandia National Laboratories, announced the public availability of Thorium, a scalable and distributed platform for automated file analysis and result aggregation. Thorium enhances cybersecurity teams' capabilities by automating analysis workflows through seamless integration of commercial, open-source, and custom tools. It supports various mission functions, including software analysis, digital forensics, and incident response, allowing analysts to efficiently assess complex malware threats.
Thorium enables teams that frequently analyze files to achieve scalable automation and results indexing within a unified platform. Analysts can integrate command-line tools as Docker images, filter results using tags and full-text search, and manage access with strict group-based permissions.
Designed to scale with hardware using Kubernetes and ScyllaDB, Thorium can ingest over 10 million files per hour per permission group while maintaining rapid query performance. It also allows users to define event triggers and tool execution sequences, control the platform via RESTful API, and aggregate outputs for further analysis or integration with downstream processes.
CISA encourages cybersecurity teams to use Thorium and provide feedback to enhance its capabilities. For more information on Thorium and how it can improve your cybersecurity operations, see CISA’s Thorium resource webpage.
One comment

CISA and USCG Issue Joint Advisory to Strengthen Cyber Hygiene in Critical Infrastructure

Agency News, Cyber Security CII sector, Industry News
CISA, in partnership with the U.S. Coast Guard (USCG), released a joint Cybersecurity Advisory aimed at helping critical infrastructure organizations improve their cyber hygiene. This follows a proactive threat hunt engagement conducted at a U.S. critical infrastructure facility.
During this engagement, CISA and USCG did not find evidence of malicious cyber activity or actor presence on the organization’s network but did identify several cybersecurity risks. CISA and USCG are sharing their findings and associated mitigations to assist other critical infrastructure organizations identify potential similar issues and take proactive measures to improve their cybersecurity posture. The mitigations include best practices such as not storing passwords or credentials in plaintext, avoiding sharing local administrator account credentials, and implementing comprehensive logging.
In coordination with the organization where the hunt was conducted, CISA and USCG are sharing cybersecurity risk findings and associated mitigations to assist other critical infrastructure organizations with improving their cybersecurity posture. Recommendations are listed for each of CISA’s findings, as well as general practices to strengthen cybersecurity for OT environments. These mitigations align with CISA and the National Institute for Standards and Technology’s (NIST) Cross-Sector Cybersecurity Performance Goals (CPGs), and with mitigations provided in the USCG Cyber Command’s (CGCYBER) 2024 Cyber Trends and Insights in the Marine Environment (CTIME) Report.
Although no malicious activity was identified during this engagement, critical infrastructure organizations are advised to review and implement the mitigations listed in this advisory to prevent potential compromises and better protect our national infrastructure. These mitigations include the following (listed in order of importance):
- Do not store passwords or credentials in plaintext. Instead, use secure password and credential management solutions such as encrypted password vaults, managed service accounts, or built-in secure features of deployment tools.
- Ensure that all credentials are encrypted both at rest and in transit. Implement strict access controls and regular audits to securely manage scripts or tools accessing credentials.
- Use code reviews and automated scanning tools to detect and eliminate any instances of plaintext credentials on hosts or workstations.
- Enforce the principle of least privilege, only granting users and processes the access necessary to perform their functions.
- Avoid sharing local administrator account credentials. Instead, provision unique, complex passwords for each account using tools like Microsoft’s Local Administrator Password Solution (LAPS) that automate password management and rotation.
- Enforce multifactor authentication (MFA) for all administrative access, including local and domain accounts, and for remote access methods such as Remote Desktop Protocol (RDP) and virtual private network (VPN) connections.
- Implement and enforce strict policies to only use hardened bastion hosts isolated from IT networks equipped with phishing-resistant MFA to access industrial control systems (ICS)/OT networks, and ensure regular workstations (i.e., workstations used for accessing IT networks and applications) cannot be used to access ICS/OT networks.
- Implement comprehensive (i.e., large coverage) and detailed logging across all systems, including workstations, servers, network devices, and security appliances.
- Ensure logs capture information such as authentication attempts, command-line executions with arguments, and network connections.
- Retain logs for an appropriate period to enable thorough historical analysis (adhering to organizational policies and compliance requirements) and aggregate logs in an out-of-band, centralized location, such as a security information event management (SIEM) tool, to protect them from tampering and facilitate efficient analysis.
Leave a comment

CISA and Partners Release Updated Advisory on Scattered Spider Group

Agency News, Cyber Security CII sector, Industry News
CISA, along with the Federal Bureau of Investigation, Canadian Centre for Cyber Security, Royal Canadian Mounted Police, the Australian Cyber Security Centre’s Australian Signals Directorate, and the Australian Federal Police and National Cyber Security Centre, released an updated joint Cybersecurity Advisory on Scattered Spider—a cybercriminal group targeting commercial facilities sectors and subsectors. This advisory provides updated tactics, techniques, and procedures (TTPs) obtained through FBI investigations conducted through June 2025.
Scattered Spider threat actors have been known to use various ransomware variants in data extortion attacks, most recently including DragonForce ransomware. While Scattered Spider often changes TTPs to remain undetected, some TTPs remain consistent. These actors frequently use social engineering techniques such as phishing, push bombing, and subscriber identity module swap attacks to obtain credentials, install remote access tools, and bypass multi-factor authentication.
The Mitigations section of the Scattered Spider joint Cybersecurity Advisory offers critical infrastructure organizations and commercial facilities recommendations to fortify their defenses.
Leave a comment

DIREKTION network and CMINE Responder Technologies Cluster release joint policy brief and survey

Industry News
The DIREKTION network has released a joint policy brief together with the CMINE Responder Technologies Cluster under the title “Strengthening Responder Technology in Disasters”. The brief includes concrete recommendations to support the operational uptake of innovation and to strengthen coordination mechanisms across Europe.
The document provides a set of recommendations to better align research and innovation programming with the real needs of disaster responders, improve the conditions for technology uptake, and foster coordination among actors and countries.
The brief is aimed at three key stakeholder groups:
- First responders and civil protection actors, who need practical, user-friendly, and trustworthy technologies;
- Technology developers and research consortia, who must design solutions that are fit for operational environments;
- Public authorities and policymakers, who shape the research agendas, funding frameworks, and standards that govern innovation uptake.
Structured around five strategic areas, the policy brief recommends:
- Aligning research priorities with operational needs
- Promoting ethical and inclusive technology design
- Leveraging innovation procurement (e.g. Pre-Commercial Procurement, Public Procurement of Innovative Solutions)
- Enhancing interoperability and cross-border standardisation
- Supporting responder training, guidance, and preparedness
These insights were generated through work carried out by the Responder Technology Cluster, consisting of more than 20 projects hosted on the CMINE platform and supported by the DIREKTION consortium.
Organisations and individuals are invited to read, share, and endorse the brief.
Leave a comment

Critical Infrastructure Protection & Resilience Europe announces Preliminary Conference Programme

Agency News, Cyber Security CII sector, Industry News, Power/Energy/Oil & Gas sector, Telecomms sector, Transport sector
The 10th Critical Infrastructure Protection & Resilience Europe, taking place in Brindisi, Italy on 14th-16th October, has announced its Preliminary Conference Programme, with a fantastic line up of international expert speakers sharing their thoughts, experiences and expertise at this premier conference.
Download your guide at www.cipre-expo.com/guide
The second ‘Critical Infrastructure Protection Week in Europe’ will take place in Italy, Brindisi and will see the International Association for CIP Professionals (IACIPP) host the ‘Critical Infrastructure Protection & Resilience Europe’ conference and exhibition and ‘The International Emergency Management Society (TIEMS)’ conference as the two key events as part of the initiative.
Download your preliminary conference guide now
The Preliminary Conference Programme guide provides you with the latest conference agenda, speakers and information to plan your attendance to the premier conference for the critical infrastructure protection, civil contingencies and safer cities professionals.
Download your guide at www.cipre-expo.com/guide
Register online today at: https://www.cipre-expo.com/buy-tickets/
#criticalinfrastructure #criticalinfrastructureprotection #cybersecurity #resilience #emergencymanagement #transport #energy #communications #security #criticalassets #criticalcommunications #firstresponders #nis2 #cerdirective #uas #drones #riskmanagement #riskmitigation
Leave a comment

CISA and Partners Urge Critical Infrastructure to Stay Vigilant in the Current Geopolitical Environment

Agency News, Cyber Security CII sector, Industry News
CISA, in collaboration with the Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Security Agency (NSA), released a Fact Sheet urging organizations to remain vigilant against potential targeted cyber operations by Iranian state-sponsored or affiliated threat actors.
Over the past several months, there has been increasing activity from hacktivists and Iranian government-affiliated actors, which is expected to escalate due to recent events. These cyber actors often exploit targets of opportunity based on the use of unpatched or outdated software with known Common Vulnerabilities and Exposures or the use of default or common passwords on internet-connected accounts and devices.
At this time, we have not seen indications of a coordinated campaign of malicious cyber activity in the U.S. that can be attributed to Iran. However, CISA, FBI, DC3, and NSA strongly urge critical infrastructure asset owners and operators to implement the mitigations recommended in the joint Fact Sheet, which include:
• Identifying and disconnecting operational technology and industrial control systems devices from the public internet,
• Protecting devices and accounts with strong, unique passwords,
• Applying the latest software patches, and
• Implementing phishing-resistant multifactor authentication for access to OT networks.
Review the joint Fact Sheet: Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest and act now to understand the Iranian state-backed cyber threat, assess and mitigate cybersecurity weaknesses, and review and update incident response plans to strengthen your network against malicious cyber actors.
Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest
CISA, the Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Security Agency (NSA) published Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest. This joint fact sheet details the need for increased vigilance for potential cyber activity against U.S. critical infrastructure by Iranian state-sponsored or affiliated threat actors.
Defense Industrial Base companies, particularly those possessing holdings or relationships with Israeli research and defense firms, are at increased risk.
At this time, we have not seen indications of a coordinated campaign of malicious cyber activity in the U.S. that can be attributed to Iran. However, CISA urges owners and operators of critical infrastructure organizations and other potentially targeted entities to review this fact sheet to learn more about the Iranian state-backed cyber threat and actionable mitigations to harden cyber defenses.
Leave a comment

DHS S&T Releases New Tool to Strengthen Global Navigation Satellite Systems for Critical Infrastructure

Agency News, Industry News, Space Sector
The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) launched an important new resource on GitHub to help safeguard critical infrastructure: the Global Navigation Satellite System (GNSS) Test Vector Suite and Distribution Methodology. This effort supports Executive Order 13905, which aims to protect essential Positioning, Navigation and Timing (PNT) systems used in industries like energy, transportation and telecommunications.
PNT systems rely on accurate GNSS signals to function properly. If these signals are disrupted – whether by natural events, technical failures, or cyber threats – critical services could be impacted. To address this risk, the GNSS Test Vector Suite and Distribution Methodology provides critical infrastructure owners and operators the tools to independently identify and define appropriate test scenarios that support standards conformity assessments, to help evaluate and improve the resilience of their systems.
“Accurate and precise Positioning, Navigation, and Timing information is vital to the nation’s critical infrastructure and is the backbone of the many services we depend on daily, from keeping our lights on to ensuring planes land safely,” said Julie Brewer, DHS Acting Under Secretary for Science and Technology. “This new toolset gives people responsible for safeguarding these systems a way to independently test and strengthen them, ensuring our nation’s infrastructure is more secure against potential disruptions.”
The GNSS Test Vector Suite includes a standardized set of test scenarios and tools that allow developers and testers to assess how well their equipment can handle challenges like signal interference or spoofing attempts. The process works as follows:
- The GNSS Test Vector Suite generates simulated data - The data is converted into signals that mimic real-world GNSS systems - These signals are fed into designated GNSS devices or other PNT equipment, enabling users to evaluate how their systems respond to simulated disruptions
By offering this testing capability, S&T is helping critical infrastructure operators identify vulnerabilities in PNT systems and ensure they meet established resilience standards. This is a critical step in protecting the essential systems that Americans rely on every day.
Leave a comment
1 2 3 58