Tag: criticalinfrastructure

Commission Communication to strengthen the resilience of critical entities across the EU adopted

Agency News, Industry News

On 11 September 2025, a Commission Communication to strengthen the resilience of critical entities across the EU was adopted. It provides non-binding guidance to EU countries to identify their critical entities and a risk assessment reporting template.

Directive (EU) 2022/2557 on the resilience of critical entities1 (‘the Directive’) aims to ensure that services essential for the maintenance of vital societal functions or economic activities are provided in an unobstructed manner in the internal market. The Directive enhances the resilience of the critical entities providing such services and creates an overarching framework of resilience of critical entities in respect of all hazards (natural and man-made, accidental or intentional).
To achieve a high level of resilience, Member States have obligations under the Directive. The Commission was mandated to develop recommendations, non-binding guidelines and a voluntary common reporting template to support them in fulfilling some of these obligations. Specifically, this Communication gives effect to Article 5(5) of the Directive regarding the development of a template for the provision of certain information to the Commission, to Article 6(6) of the Directive regarding the development of recommendations and guidelines to support Member States in identifying critical entities, and to Article 7(3) of the Directive regarding the adoption of guidelines to facilitate the application of the criteria for determining the significance of a disruptive effect, taking into account the information that Member States must submit in accordance with Article 7(2) of the Directive.
Before the adoption of this Communication, in accordance with the aforementioned provisions, Member States were consulted in a workshop that took place on 3-4 October 2024 and the Critical Entities Resilience Group (CERG) was consulted on 12 February 2025. Further bilateral consultations of CERG delegates took place in writing in March 2025 and an updated version was shared with the CERG on 7 April 2025.
The present Communication is not legally binding and does not affect the interpretation of EU law by the Court of Justice of the European Union.
The voluntary common reporting template for Member States to provide certain information related to the risk assessment to the Commission, as provided for in Article 5(5) of the Directive, is set out in the Annex.
Although this reporting template is voluntary in nature, Member States are encouraged to use it when providing information pursuant to Article 5(4) of the Directive.
Further details can be found in the 'Commission Guidelines and reporting template developed pursuant to Articles 5(5), 6(6) and 7(3) of Directive (EU) 2022/2557 on the resilience of critical entities'.
Leave a comment

Standards Australia adopts world’s foremost standard for operational technology

Agency News, Cyber Security CII sector, Industry News
Australia has officially adopted the AS IEC 62443 series as national standards for protecting Operational Technology (OT) in critical infrastructure from cyber threats. This decision comes as cyberattacks grow more frequent and sophisticated, increasingly targeting the systems that support our daily lives.
OT systems are the backbone of essential services such as energy, water, transport, medical devices, and building automation. A successful cyberattack on these systems could disrupt communities, threaten public safety, and harm the environment. The AS IEC 62443 standards help prevent this by offering a clear, structured approach to cybersecurity that supports safety, reliability, and resilience throughout the life of these systems.
A Practical Framework for Securing OT Systems
OT environments face unique cybersecurity challenges that differ from traditional IT systems. To address these, specialised standards were developed for Industrial Automation and Control Systems (IACS). In response, the IEC/Technical Committee 65 Industrial-process measurement, control and automation developed the IEC 62443 series – Security for industrial automation and control systems. These standards are now recognised in Australia as AS IEC 62443, with the support and contributions from our national committee IT-006.
These standards are modular and role-based, allowing users to select only the parts relevant to their responsibilities or the stage of the system lifecycle they’re working in. They are designed for asset owners, service providers, and product suppliers, and they align with local regulatory requirements—making implementation practical and effective across sectors.
The benefits of adopting AS IEC 62443 are wide-reaching:
- Protects public health by helping to reduce the risk of system failures caused by cyberattacks
- Supports social stability by safeguarding the essential services communities rely on
- Boosts economic opportunities by allowing consumers to safely participate in energy markets, such as selling power back to the grid
- Reduces reputational risk by minimising the chance of prolonged outages and public fallout for organisations managing critical infrastructure
The IEC continues to evolve these standards to meet the needs of emerging technologies and smart systems. A new addition – Part 1-6 – will address the application of the series to the Industrial Internet of Things, further supporting the safety, reliability, and performance of smart energy, smart manufacturing, and smart cities.
By adopting AS IEC 62443, Australia is taking a proactive step to ensure its critical infrastructure is secure, resilient, and ready for the future.
Leave a comment ,

CISA, NSA, and NIST Publish Factsheet on Quantum Readiness

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA) and National Institute of Standards and Technology (NIST) released a joint factsheet, Quantum-Readiness: Migration to Post-Quantum Cryptography (PQC), to inform organizations—especially those that support Critical Infrastructure—of the impacts of quantum capabilities, and to encourage the early planning for migration to post-quantum cryptographic standards by developing a Quantum-Readiness Roadmap.

CISA, NSA, and NIST urge organizations to review the joint factsheet and to begin preparing now by creating quantum-readiness roadmaps, conducting inventories, applying risk assessments and analysis, and engaging vendors. For more information and resources related to CISA’s PQC work, visit Post-Quantum Cryptography Initiative.

Leave a comment , ,

CISA and Partners Release Joint Cybersecurity Advisory on Newly Identified Truebot Malware Variants

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigations (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) released a joint Cybersecurity Advisory (CSA), Increased Truebot Activity Infects U.S. and Canada Based Networks, to help organizations detect and protect against newly identified Truebot malware variants. Based on confirmation from open-source reporting and analytical findings of Truebot variants, the four organizations assess cyber threat actors leveraged the malware through phishing campaigns containing malicious redirect hyperlinks.

Additionally, newer versions of Truebot malware allow malicious actors to gain initial access by exploiting a known vulnerability with Netwrix Auditor application (CVE-2022-31199). As recently as May 2023, cyber threat actors used this common vulnerability and exposure to deliver new Truebot malware variants and to collect and exfiltrate information against organizations in the U.S. and Canada.

CISA, FBI, MS-ISAC, and the CCCS encourage all organizations to review this joint advisory and implement the recommended mitigations contained therein—including applying patches to CVE-2022-31199, to reduce the likelihood and impact of Truebot activity, as well as other ransomware related incidents.

Leave a comment , , , , , ,

CISA CyberSentry Program Launches Webpage

Agency News, Cyber Security CII sector, Industry News

Cybersecurity & Infrastructure Security Agency (CISA) has published a blog and webpage on the CyberSentry program, a CISA-managed threat detection and monitoring capability with critical infrastructure partners that operate significant networks supporting National Critical Functions (NCFs): cisa.gov/CyberSentry

The CyberSentry program enables our agency to proactively hunt for malicious cyber activity, advise on mitigation strategies, and provide critical infrastructure partners with recommendations for improving overall network and control system security. The new CyberSentry webpage includes an informational video about the program, a fact sheet and details on how to contact CISA CyberSentry program.

Critical infrastructure organizations are experiencing network intrusions at an increasing frequency. To enhance detection of threats, CISA operates CyberSentry, which is a voluntary, proactive program that leverages its capabilities and partners with a select number of critical infrastructure organizations.

CyberSentry technology supports sensing and monitoring for information technology (IT) and operational technology (OT) networks. CyberSentry has added significant value to both CISA’s national mission and to our partners’ enterprise cybersecurity efforts.

Recent successes include:

- Infected OT Equipment: CyberSentry discovered an infection on a partner’s Human Machine Interface (HMI) equipment that had not been properly patched and secured. CISA analysts quickly notified the partner about the issue and offered guidance on preventive techniques for the future.

- Unintentional Exposure: CyberSentry tools spotted cleartext authentication occurring on a partner’s network, and further investigation revealed that a misconfiguration had caused the issue. A detailed report was provided to the partner, including specific guidance on remediating the situation.

- Private Sector Coordination: During the Colonial Pipeline disruption, CISA analysts coordinated closely with its pipeline partners to share information and monitor for adversary activity.

- SolarWinds Response: CyberSentry data helped to quickly identify partners affected by the SolarWinds supply chain compromise. All impacted partners were notified, and the program worked closely and expediently with these partners to confirm remediation of the threat.

- Identification of Malicious Activity: On multiple occasions, CISA analysts identified possible malicious activity at partner sites and worked with affected partners to identify the root causes of activity.

- Malware Discovery: CyberSentry tools quickly discovered and identified malware in a partner’s IT network. Working with the partner, CISA analysts were able to locate the infected device so the partner could remove it from the network and verify that the threat was contained.

- Attacker Exfiltration Detected: CyberSentry discovered that an attacker was actively exfiltrating information. CyberSentry worked with the partner to identify information that had been exfiltrated. After conferring with CyberSentry analysts, the partner was able to isolate infected systems that same evening, eliminating the threat.

Leave a comment , , ,

CISA and FBI Release #StopRansomware: CL0P Ransomware Gang Exploits MOVEit Vulnerability

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity & Infrastructure Security Agency (CISA) and FBI released a joint Cybersecurity Advisory (CSA) CL0P Ransomware Gang Exploits MOVEit Vulnerability in response to a recent vulnerability exploitation attributed to CL0P Ransomware Gang. This [joint guide] provides indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) identified through FBI investigations as recently as May this year. Additionally, it provides immediate actions to help reduce the impact of CL0P ransomware.

The CL0P Ransomware Gang, also known as TA505, reportedly began exploiting a previously unknown SQL injection vulnerability in Progress Software's managed file transfer (MFT) solution known as MOVEit Transfer. Internet- facing MOVEit Transfer web applications were infected with a web shell named LEMURLOOT, which was then used to steal data from underlying MOVEit Transfer databases.

CISA and FBI encourage information technology (IT) network defenders to review the MOVEit Transfer Advisory and implement the recommended mitigations to reduce the risk of compromise. This joint CSA is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed TTPs and IOCs to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.

Leave a comment , , , , ,

IACIPP Speak at CyberCon Conference in Bucharest

Association News, Cyber Security CII sector

John Donlon QPM FSyI, Chairman of the International Association of Critical Infrastructure Protection Professionals (IACIPP), was a guest speaker on behalf of the National Institute for Research & Development in Informatics (ICI Bucharest) at the CyberCon Conference which took place in Romania between the 22nd and 27th May.

John was on a panel session addressing the subject of Cyber Diplomacy. The session was moderated by Carmen-Elena CÎRNU, the Scientific Director of ICI Bucharest and opened by the Director General of ICI Bucharest, Victor Vevera. In his opening address Victor referenced the Romanian position on Cyber Diplomacy from his organisations perspective and also highlighted the continuing partnership with IACIPP and the successful joint conference held in the Romanian Royal Place in 2022.

John delivered a presentation where he outlined his views on how the type and nature of the crisis being faced within our increasingly interconnected, globalised and rapidly changing world were ever evolving referencing the pandemic, the war in Ukraine and the devastating earthquakes that hit Turkey and Syria at the start of this year.

He summarised the development of IACIPP and what it seeks to achieve as a platform for likeminded individuals. The aim being to create a space to share information, connect and communicate on all matters relating to the protection and resilience of national infrastructure and information. The focus being on the part that such an association can play in facilitating communication across both the public and private sectors.

That need for connectivity was a common thread throughout the session. It was acknowledged that the worlds infrastructure and cyber position is a greater target and more vulnerable than ever and in order to address issues of concern there is a requirement to continue to develop a comprehensive approach that aligns both physical and cyber security, protection and resilience through enhanced levels of cooperation and coordination.

There was consensus across the panel and from the audience, of the continued need for greater levels of coordination, cooperation and communication across both nation states and between public and private sector entities.

It was recognised that the development of Cyber Diplomacy along with the growth in Cyber Ambassadors across the globe could go some significant way to addressing cyber problems internationally and improving the connectivity that has to be in place.

Leave a comment , , ,

CISA Warns of Hurricane/Typhoon-Related Scams

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity & Infrastructure Security Agency (CISA) urges users to remain on alert for malicious cyber activity following a natural disaster such as a hurricane or typhoon, as attackers target potential disaster victims by leveraging social engineering tactics, techniques, and procedures (TTPs). Social engineering TTPs include phishing attacks that use email or malicious websites to solicit personal information by posing as a trustworthy organization, notably as charities providing relief. Exercise caution in handling emails with hurricane/typhoon-related subject lines, attachments, or hyperlinks to avoid compromise. In addition, be wary of social media pleas, texts, or door-to-door solicitations related to severe weather events.

CISA encourages users to review the Federal Trade Commission’s Staying Alert to Disaster-related Scams and Before Giving to a Charity, and CISA’s Using Caution with Email Attachments and Tips on Avoiding Social Engineering and Phishing Attacks to avoid falling victim to malicious attacks.

Leave a comment , , , , ,

Nuclear Security: DOE Should Take Actions to Fully Implement Insider Threat Program

Agency News, Cyber Security CII sector, Industry News, Power/Energy/Oil & Gas sector

The theft of nuclear material and the compromise of information could have devastating consequences. Threats can come from external adversaries or from "insiders," including employees or visitors with trusted access. In 2014, DOE established its Insider Threat Program to integrate its policies, procedures, and resources. The program also coordinates analysis, response, and mitigation actions among DOE organizations.

The House report accompanying a bill for the National Defense Authorization Act for fiscal year 2022 includes a provision for GAO to review DOE's efforts to address insider threats with respect to the nuclear security enterprise. This report examines (1) the extent to which DOE has implemented required standards to protect the nuclear security enterprise from insider threats and (2) the factors that have affected DOE's ability to fully implement its Insider Threat Program.

GAO reviewed the minimum standards and best practices for federal insider threat programs, DOE documentation, and four assessments by independent reviewers. GAO also interviewed DOE and National Nuclear Security Administration officials and contractors.

The Department of Energy has several programs to ensure proper access to and handling of the nation's nuclear weapons and related information. DOE started a program in 2014 to further protect against insider threats from employees, contractors, and trusted visitors.

But as of 2023, DOE hasn't fully implemented the program. For example, DOE doesn't ensure that employees are trained to identify and report potential insider threats. Also, the agency hasn't clearly defined contractors' responsibilities for this program.

DOE changed the program's leadership in February 2023, but there's more to do. We recommended ways to improve the program.

The Department of Energy (DOE) has not implemented all required measures for its Insider Threat Program more than 8 years after DOE established it in 2014, according to multiple independent assessments. Specifically, DOE has not implemented seven required measures for its Insider Threat Program, even after independent reviewers made nearly 50 findings and recommendations to help DOE fully implement its program (see fig. for examples). DOE does not formally track or report on its actions to implement them. Without tracking and reporting on its actions to address independent reviewers' findings and recommendations, DOE cannot ensure that it has fully addressed identified program deficiencies.

Examples of Selected Recommendations from Independent Assessments of DOE's Insider Threat Program

DOE has not fully implemented its Insider Threat Program due to multiple factors.

- DOE has not integrated program responsibilities. DOE has not effectively integrated Insider Threat Program responsibilities. Instead, DOE divided significant responsibilities for its program between two offices. Specifically, the program's senior official resides within the security office, while operational control for insider threat incident analysis and response resides within the Office of Counterintelligence—a part of the organization with its own line of reporting to the Secretary of Energy. Without better integrating insider threat responsibilities between these offices, DOE's insider threat program will continue to face significant challenges that preclude it from having an effective or fully operational program.

- DOE has not identified and assessed resource needs. DOE has not identified and assessed the human, financial, and technical resources needed to fully implement its Insider Threat Program. Program funding identified in DOE's budget does not account for all program responsibilities. For example, DOE's budget does not include dedicated funding for its contractor-run nuclear weapons production and research sites to carry out their responsibilities for implementing the program. Unless DOE identifies and assesses the resources needed to support the Insider Threat Program, it will be unable to fully ensure that components are equipped to respond to insider threat concerns, potentially creating vulnerabilities in the program.

Leave a comment , , ,

CISA and Partners Release Cybersecurity Advisory Guidance detailing PRC state-sponsored actors evading detection by “Living off the Land”

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity & Infrastructure Security Agency (CISA) joined the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and international partners in releasing a joint cybersecurity advisory highlighting recently discovered activities conducted by a People’s Republic of China (PRC) state-sponsored cyber threat actor.

This advisory highlights how PRC cyber actors use techniques called “living off the land” to evade detection by using built-in networking administration tools to compromise networks and conduct malicious activity. This enables the cyber actor to blend in with routine Windows system and network activities, limit activity and data captured in default logging configurations, and avoid endpoint detection and response (EDR) products that could alert to the introduction of third-party applications on the host or network. Private sector partners have identified that this activity affects networks across U.S. critical infrastructure sectors, and the authoring agencies believe the actor could apply the same techniques against these and other sectors worldwide.

The authoring agencies have identified potential indicators associated with these techniques. To hunt for this activity, CISA and partners encourage network defenders to use the actor’s commands and detection signatures provided in this advisory. CISA and partners further encourage network defenders to view the indicators of compromise (IOCs) and mitigations summaries to detect this activity.

Leave a comment , , , , , ,
1 2 3 4