Cyber round-up08 August 2023

cyber attacks National Cyber Security Centre Schneider Electric is developing a global operational technology (OT) risk identification and threat intelligence capability (Image credit: AdobeStock Mr.B-king)

​Cyber attacks resulting from vulnerabilities within the supply chain can result in devastating, expensive and long-term ramifications for affected organisations, their supply chains and their customers. But despite these risks, many companies lose sight of their supply chains. The National Cyber Security Centre has launched two new e-learning packages that will help procurement specialists, risk owners and cyber security professionals to effectively manage risks across their supply chains.

To use the training, visit www.is.gd/owujez. The package is free to use, and includes knowledge checks. No login is required - just click on the link and start learning.

Mapping your supply chain is the process of recording, storing and using information gathered from suppliers who are involved in a company’s supply chain. The training explains:

  • what supply chain mapping is, why it’s important and how it can benefit your organisation
  • what information it will typically contain
  • the role of sub-contractors that your suppliers may use
  • what this means when agreeing contracts.
  • Gaining confidence in your supply chain describes practical steps to help organisations assess cyber security in their supply chains. The training:

  • describes typical supplier relationships, and ways that organisations are exposed to vulnerabilities and cyber attacks via the supply chain
  • defines expected outcomes and key steps to help you assess your supply chain’s approach to cyber security.

  • NEW OT THREAT DATABASE

    Schneider Electric is developing a global operational technology (OT) risk identification and threat intelligence capability, in partnership with BitSight.

    In recent years, both opportunistic and advanced cyber threat actors have shown increased willingness to target industrial and operational sites. Schneider Electric and BitSight aim to improve the security and resilience of communities by detecting OT protocols exposed over the internet and contextualizing them with improved attribution.

    The aim of the collaboration is proactive security monitoring of externally observable risks to the OT community, and to strengthen industrial security and provide more visibility into industrial infrastructure and industrial control system devices that may be at risk.

    BitSight co-founder Stephen Boyer said: “Operational technology systems are often exposed and vulnerable to attackers who can exploit them through connected devices and converging networks.”

    Christophe Blassiau, a senior vice president at Schneider Electric, said: “With the enriched data and insight collected by BitSight, Schneider Electric is developing an OT threat intelligence capability to notify and work with customers who have exposed assets or insecure Internet-facing deployments.”

    The new capability, focused on risk identification and reduction across the entirety of the OT domain, is not an exclusive arrangement between the two companies, they add. Participation is open to all OT vendors willing to share information about their products to improve risk detection and attribution capabilities.

    BOX: FIND AN ADVISOR

    In the past, organisations seeking help from cybersecurity expert tended to be very large and complex or be from the defence, security or banking industries, or part of the critical national infrastructure.

    Today, expedited by the pandemic, the widespread adoption of digital technology for products and services has made basic cyber security essential to every business that connects to the internet. Accessibility to this protection contributes to the UK’s national security.

    Despite a growing emphasis on cybersecurity, many organisations often find it hard to choose the right help to meet current guidance.

    The Cyber Advisor scheme is for small and medium sized organisations across the UK aiming to improve their basic cyber security and avoid the disruption caused by some of the most common cyber attacks.

    All Cyber Advisors must work for a company which has met NCSC standards and been accepted as an assured service provider.

    Cyber Advisors focus on helping organisations to implement the five Cyber Essentials Technical Controls: firewalls, secure configuration, security update management, user access control and malware protection (see also pp18-19).

    A list of advisors is available via www.is.gd/oferey.

    For more in-depth advice, another consultancy accreditation scheme is also available: Assured Cyber Security Consultancies, of list of whom is available via www.is.gd/rixubu.

    Operations Engineer

    Related Companies
    Schneider Electric

    This material is protected by MA Business copyright
    See Terms and Conditions.
    One-off usage is permitted but bulk copying is not.
    For multiple copies contact the sales team.