Training and further education courses

Association News

The International Association of CIP Professionals (IACIPP) is committed to the training and further education of industry professionals to enhance knowledge, expertise and ultimately improve industry standards. See our recommended useful training courses: https://www.cip-association.org/training-and-education/

Countering Insider Threats
Help2Protect is an eLearning Platform dedicated to Security and the Insider Threat courses help you put in place a detection and prevention program against this widespread and yet largely underestimated issue.
Further details: https://www.cip-association.org/help2protect-an-elearning-program-to-counter-insider-threats/

NIST Risk Management Framework
The purpose of these courses is to provide those new to risk management with an introduction to key publications associated with the NIST Risk Management Framework (RMF) methodology for managing cybersecurity and privacy risk.
Further details: https://csrc.nist.gov/Projects/risk-management/rmf-courses

Leave a comment , , ,

Standards Australia adopts world’s foremost standard for operational technology

Agency News, Cyber Security CII sector, Industry News
Australia has officially adopted the AS IEC 62443 series as national standards for protecting Operational Technology (OT) in critical infrastructure from cyber threats. This decision comes as cyberattacks grow more frequent and sophisticated, increasingly targeting the systems that support our daily lives.
OT systems are the backbone of essential services such as energy, water, transport, medical devices, and building automation. A successful cyberattack on these systems could disrupt communities, threaten public safety, and harm the environment. The AS IEC 62443 standards help prevent this by offering a clear, structured approach to cybersecurity that supports safety, reliability, and resilience throughout the life of these systems.
A Practical Framework for Securing OT Systems
OT environments face unique cybersecurity challenges that differ from traditional IT systems. To address these, specialised standards were developed for Industrial Automation and Control Systems (IACS). In response, the IEC/Technical Committee 65 Industrial-process measurement, control and automation developed the IEC 62443 series – Security for industrial automation and control systems. These standards are now recognised in Australia as AS IEC 62443, with the support and contributions from our national committee IT-006.
These standards are modular and role-based, allowing users to select only the parts relevant to their responsibilities or the stage of the system lifecycle they’re working in. They are designed for asset owners, service providers, and product suppliers, and they align with local regulatory requirements—making implementation practical and effective across sectors.
The benefits of adopting AS IEC 62443 are wide-reaching:
- Protects public health by helping to reduce the risk of system failures caused by cyberattacks
- Supports social stability by safeguarding the essential services communities rely on
- Boosts economic opportunities by allowing consumers to safely participate in energy markets, such as selling power back to the grid
- Reduces reputational risk by minimising the chance of prolonged outages and public fallout for organisations managing critical infrastructure
The IEC continues to evolve these standards to meet the needs of emerging technologies and smart systems. A new addition – Part 1-6 – will address the application of the series to the Industrial Internet of Things, further supporting the safety, reliability, and performance of smart energy, smart manufacturing, and smart cities.
By adopting AS IEC 62443, Australia is taking a proactive step to ensure its critical infrastructure is secure, resilient, and ready for the future.
Leave a comment ,

Thorium Platform Public Availability

Agency News, Cyber Security CII sector, Industry News
CISA, in partnership with Sandia National Laboratories, announced the public availability of Thorium, a scalable and distributed platform for automated file analysis and result aggregation. Thorium enhances cybersecurity teams' capabilities by automating analysis workflows through seamless integration of commercial, open-source, and custom tools. It supports various mission functions, including software analysis, digital forensics, and incident response, allowing analysts to efficiently assess complex malware threats.
Thorium enables teams that frequently analyze files to achieve scalable automation and results indexing within a unified platform. Analysts can integrate command-line tools as Docker images, filter results using tags and full-text search, and manage access with strict group-based permissions.
Designed to scale with hardware using Kubernetes and ScyllaDB, Thorium can ingest over 10 million files per hour per permission group while maintaining rapid query performance. It also allows users to define event triggers and tool execution sequences, control the platform via RESTful API, and aggregate outputs for further analysis or integration with downstream processes.
CISA encourages cybersecurity teams to use Thorium and provide feedback to enhance its capabilities. For more information on Thorium and how it can improve your cybersecurity operations, see CISA’s Thorium resource webpage.
One comment

CISA and USCG Issue Joint Advisory to Strengthen Cyber Hygiene in Critical Infrastructure

Agency News, Cyber Security CII sector, Industry News
CISA, in partnership with the U.S. Coast Guard (USCG), released a joint Cybersecurity Advisory aimed at helping critical infrastructure organizations improve their cyber hygiene. This follows a proactive threat hunt engagement conducted at a U.S. critical infrastructure facility.
During this engagement, CISA and USCG did not find evidence of malicious cyber activity or actor presence on the organization’s network but did identify several cybersecurity risks. CISA and USCG are sharing their findings and associated mitigations to assist other critical infrastructure organizations identify potential similar issues and take proactive measures to improve their cybersecurity posture. The mitigations include best practices such as not storing passwords or credentials in plaintext, avoiding sharing local administrator account credentials, and implementing comprehensive logging.
In coordination with the organization where the hunt was conducted, CISA and USCG are sharing cybersecurity risk findings and associated mitigations to assist other critical infrastructure organizations with improving their cybersecurity posture. Recommendations are listed for each of CISA’s findings, as well as general practices to strengthen cybersecurity for OT environments. These mitigations align with CISA and the National Institute for Standards and Technology’s (NIST) Cross-Sector Cybersecurity Performance Goals (CPGs), and with mitigations provided in the USCG Cyber Command’s (CGCYBER) 2024 Cyber Trends and Insights in the Marine Environment (CTIME) Report.
Although no malicious activity was identified during this engagement, critical infrastructure organizations are advised to review and implement the mitigations listed in this advisory to prevent potential compromises and better protect our national infrastructure. These mitigations include the following (listed in order of importance):
- Do not store passwords or credentials in plaintext. Instead, use secure password and credential management solutions such as encrypted password vaults, managed service accounts, or built-in secure features of deployment tools.
- Ensure that all credentials are encrypted both at rest and in transit. Implement strict access controls and regular audits to securely manage scripts or tools accessing credentials.
- Use code reviews and automated scanning tools to detect and eliminate any instances of plaintext credentials on hosts or workstations.
- Enforce the principle of least privilege, only granting users and processes the access necessary to perform their functions.
- Avoid sharing local administrator account credentials. Instead, provision unique, complex passwords for each account using tools like Microsoft’s Local Administrator Password Solution (LAPS) that automate password management and rotation.
- Enforce multifactor authentication (MFA) for all administrative access, including local and domain accounts, and for remote access methods such as Remote Desktop Protocol (RDP) and virtual private network (VPN) connections.
- Implement and enforce strict policies to only use hardened bastion hosts isolated from IT networks equipped with phishing-resistant MFA to access industrial control systems (ICS)/OT networks, and ensure regular workstations (i.e., workstations used for accessing IT networks and applications) cannot be used to access ICS/OT networks.
- Implement comprehensive (i.e., large coverage) and detailed logging across all systems, including workstations, servers, network devices, and security appliances.
- Ensure logs capture information such as authentication attempts, command-line executions with arguments, and network connections.
- Retain logs for an appropriate period to enable thorough historical analysis (adhering to organizational policies and compliance requirements) and aggregate logs in an out-of-band, centralized location, such as a security information event management (SIEM) tool, to protect them from tampering and facilitate efficient analysis.
Leave a comment

CISA and Partners Release Updated Advisory on Scattered Spider Group

Agency News, Cyber Security CII sector, Industry News
CISA, along with the Federal Bureau of Investigation, Canadian Centre for Cyber Security, Royal Canadian Mounted Police, the Australian Cyber Security Centre’s Australian Signals Directorate, and the Australian Federal Police and National Cyber Security Centre, released an updated joint Cybersecurity Advisory on Scattered Spider—a cybercriminal group targeting commercial facilities sectors and subsectors. This advisory provides updated tactics, techniques, and procedures (TTPs) obtained through FBI investigations conducted through June 2025.
Scattered Spider threat actors have been known to use various ransomware variants in data extortion attacks, most recently including DragonForce ransomware. While Scattered Spider often changes TTPs to remain undetected, some TTPs remain consistent. These actors frequently use social engineering techniques such as phishing, push bombing, and subscriber identity module swap attacks to obtain credentials, install remote access tools, and bypass multi-factor authentication.
The Mitigations section of the Scattered Spider joint Cybersecurity Advisory offers critical infrastructure organizations and commercial facilities recommendations to fortify their defenses.
Leave a comment

Cyber Preparedness and Incident Response to Critical Infrastructure

Cyber Security CII sector
Dr. Ron Martin, Professor of Practice, Capitol Technology University
Every organization worldwide must protect its cyber resources from unauthorized intrusions. Cyber preparedness against attacks is essential. Recently, NIST released the Cybersecurity Framework (CSF) 2.0. The CSF suggests that each organization acquire knowledge of six core functions: Govern, Identify, Protect, Detect, Respond, and Recover.
NIST also released Special Publication (SP) 800- 61 Revision 3, titled “ Incident Response Recommendations and Considerations for Cybersecurity Risk Management. “ The purpose of NIST SP 800-61r3 is to assist organizations in incorporating cybersecurity incident response recommendations and considerations throughout their cybersecurity risk management activities.
This integration aims to help organizations:
1. Prepare for incident responses by improving readiness.
2. Reduce the number and impact of incidents that occur.
3. Enhance the efficiency and effectiveness of incident detection, response, and recovery activities.
The article will focus on showing a nexus between these two publications. Before we discuss the initiatives outlined in SP 800- 61r3, let’s summarize CSF 2.0. The CSF provides guidance for organizations to manage and reduce cybersecurity risks. One important addition to the framework is the GOVERN function. Governance establishes a risk management strategy that establishes roles and responsibilities and enforces policies and procedures. Another function is the implementation of safeguards that can reduce the likelihood and impact of cybersecurity incidents.
Organizations must adopt CSF 2.0 because it will provide a flexible framework to effectively manage and reduce cybersecurity risks.  It assists organizations of all sizes to understand, assess, prioritize, and communicate their cybersecurity posture.  CSF 2.0 allows organizations to tailor their approach to unique risks, missions, and objectives by focusing on desired outcomes rather than prescriptive actions.  It integrates cybersecurity with enterprise risk management, supports continuous improvement, and enhances communication between executives, managers, and practitioners.  Its supplementary online resources, such as Quick Start Guides and Implementation Examples, make it accessible and actionable for organizations at any stage of cybersecurity readiness.
NIST SP 800-61r3’s purpose is to assist organizations in incorporating cybersecurity incident response recommendations and considerations into their cybersecurity risk management activities.
It organizes its recommendations and considerations using the NIST Cybersecurity Framework (CSF) 2.0 Functions.
Critical Infrastructure Protection Mechanisms are similar globally. They are part of a country’s legal requirements, and the basic tenets of protection, preparedness, and incident responses are similar.
The incident response life cycle model described in NIST SP 800-61r3 is based on the six NIST Cybersecurity Framework (CSF) 2.0 Functions. It reflects the integration of incident response into broader cybersecurity risk management activities.
Importance of Cybersecurity Risk Management Incident Response is outlined below:
• Minimizing Damage
• Ensuring Business Continuity
• Proactive Risk Management
• Improved Detection and Response
• Compliance with Regulations
• Building Stakeholder Confidence
• Learning and Continuous Improvement
• Reducing Long-Term Costs
• Adapting to Evolving Threats
• Protecting Sensitive Data
Cybersecurity risk management and incident response are essential for protecting an organization’s assets, ensuring operational resilience, and maintaining trust in an increasingly threat-prone digital environment. Critical infrastructure protection practitioners should review these documents to enhance their organizations’ cybersecurity posture.
SP 800-61r3 contains community profiles in Table 2, which outline CSF preparation and lessons learned. Table 3 contains the second part of the Community Profile: Incident Response. Both tables recommend an element priority with suggested considerations.
Since many NIST Publications are reviewed and used internationally, NIST provides translations of key publications to support the global understanding of cybersecurity and privacy resources. I recommend that the English version be reviewed alongside the translation.
Leave a comment

DIREKTION network and CMINE Responder Technologies Cluster release joint policy brief and survey

Industry News
The DIREKTION network has released a joint policy brief together with the CMINE Responder Technologies Cluster under the title “Strengthening Responder Technology in Disasters”. The brief includes concrete recommendations to support the operational uptake of innovation and to strengthen coordination mechanisms across Europe.
The document provides a set of recommendations to better align research and innovation programming with the real needs of disaster responders, improve the conditions for technology uptake, and foster coordination among actors and countries.
The brief is aimed at three key stakeholder groups:
- First responders and civil protection actors, who need practical, user-friendly, and trustworthy technologies;
- Technology developers and research consortia, who must design solutions that are fit for operational environments;
- Public authorities and policymakers, who shape the research agendas, funding frameworks, and standards that govern innovation uptake.
Structured around five strategic areas, the policy brief recommends:
- Aligning research priorities with operational needs
- Promoting ethical and inclusive technology design
- Leveraging innovation procurement (e.g. Pre-Commercial Procurement, Public Procurement of Innovative Solutions)
- Enhancing interoperability and cross-border standardisation
- Supporting responder training, guidance, and preparedness
These insights were generated through work carried out by the Responder Technology Cluster, consisting of more than 20 projects hosted on the CMINE platform and supported by the DIREKTION consortium.
Organisations and individuals are invited to read, share, and endorse the brief.
Leave a comment

Critical Infrastructure Protection & Resilience Europe announces Preliminary Conference Programme

Agency News, Cyber Security CII sector, Industry News, Power/Energy/Oil & Gas sector, Telecomms sector, Transport sector
The 10th Critical Infrastructure Protection & Resilience Europe, taking place in Brindisi, Italy on 14th-16th October, has announced its Preliminary Conference Programme, with a fantastic line up of international expert speakers sharing their thoughts, experiences and expertise at this premier conference.
Download your guide at www.cipre-expo.com/guide
The second ‘Critical Infrastructure Protection Week in Europe’ will take place in Italy, Brindisi and will see the International Association for CIP Professionals (IACIPP) host the ‘Critical Infrastructure Protection & Resilience Europe’ conference and exhibition and ‘The International Emergency Management Society (TIEMS)’ conference as the two key events as part of the initiative.
Download your preliminary conference guide now
The Preliminary Conference Programme guide provides you with the latest conference agenda, speakers and information to plan your attendance to the premier conference for the critical infrastructure protection, civil contingencies and safer cities professionals.
Download your guide at www.cipre-expo.com/guide
Register online today at: https://www.cipre-expo.com/buy-tickets/
#criticalinfrastructure #criticalinfrastructureprotection #cybersecurity #resilience #emergencymanagement #transport #energy #communications #security #criticalassets #criticalcommunications #firstresponders #nis2 #cerdirective #uas #drones #riskmanagement #riskmitigation
Leave a comment

CISA and Partners Urge Critical Infrastructure to Stay Vigilant in the Current Geopolitical Environment

Agency News, Cyber Security CII sector, Industry News
CISA, in collaboration with the Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Security Agency (NSA), released a Fact Sheet urging organizations to remain vigilant against potential targeted cyber operations by Iranian state-sponsored or affiliated threat actors.
Over the past several months, there has been increasing activity from hacktivists and Iranian government-affiliated actors, which is expected to escalate due to recent events. These cyber actors often exploit targets of opportunity based on the use of unpatched or outdated software with known Common Vulnerabilities and Exposures or the use of default or common passwords on internet-connected accounts and devices.
At this time, we have not seen indications of a coordinated campaign of malicious cyber activity in the U.S. that can be attributed to Iran. However, CISA, FBI, DC3, and NSA strongly urge critical infrastructure asset owners and operators to implement the mitigations recommended in the joint Fact Sheet, which include:
• Identifying and disconnecting operational technology and industrial control systems devices from the public internet,
• Protecting devices and accounts with strong, unique passwords,
• Applying the latest software patches, and
• Implementing phishing-resistant multifactor authentication for access to OT networks.
Review the joint Fact Sheet: Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest and act now to understand the Iranian state-backed cyber threat, assess and mitigate cybersecurity weaknesses, and review and update incident response plans to strengthen your network against malicious cyber actors.
Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest
CISA, the Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Security Agency (NSA) published Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest. This joint fact sheet details the need for increased vigilance for potential cyber activity against U.S. critical infrastructure by Iranian state-sponsored or affiliated threat actors.
Defense Industrial Base companies, particularly those possessing holdings or relationships with Israeli research and defense firms, are at increased risk.
At this time, we have not seen indications of a coordinated campaign of malicious cyber activity in the U.S. that can be attributed to Iran. However, CISA urges owners and operators of critical infrastructure organizations and other potentially targeted entities to review this fact sheet to learn more about the Iranian state-backed cyber threat and actionable mitigations to harden cyber defenses.
Leave a comment

DHS S&T Releases New Tool to Strengthen Global Navigation Satellite Systems for Critical Infrastructure

Agency News, Industry News, Space Sector
The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) launched an important new resource on GitHub to help safeguard critical infrastructure: the Global Navigation Satellite System (GNSS) Test Vector Suite and Distribution Methodology. This effort supports Executive Order 13905, which aims to protect essential Positioning, Navigation and Timing (PNT) systems used in industries like energy, transportation and telecommunications.
PNT systems rely on accurate GNSS signals to function properly. If these signals are disrupted – whether by natural events, technical failures, or cyber threats – critical services could be impacted. To address this risk, the GNSS Test Vector Suite and Distribution Methodology provides critical infrastructure owners and operators the tools to independently identify and define appropriate test scenarios that support standards conformity assessments, to help evaluate and improve the resilience of their systems.
“Accurate and precise Positioning, Navigation, and Timing information is vital to the nation’s critical infrastructure and is the backbone of the many services we depend on daily, from keeping our lights on to ensuring planes land safely,” said Julie Brewer, DHS Acting Under Secretary for Science and Technology. “This new toolset gives people responsible for safeguarding these systems a way to independently test and strengthen them, ensuring our nation’s infrastructure is more secure against potential disruptions.”
The GNSS Test Vector Suite includes a standardized set of test scenarios and tools that allow developers and testers to assess how well their equipment can handle challenges like signal interference or spoofing attempts. The process works as follows:
- The GNSS Test Vector Suite generates simulated data - The data is converted into signals that mimic real-world GNSS systems - These signals are fed into designated GNSS devices or other PNT equipment, enabling users to evaluate how their systems respond to simulated disruptions
By offering this testing capability, S&T is helping critical infrastructure operators identify vulnerabilities in PNT systems and ensure they meet established resilience standards. This is a critical step in protecting the essential systems that Americans rely on every day.
Leave a comment
1 2 3 63