Short Takes – 10-26-22

Commercial building owners fretting over cyber risk should check the fine print on their insurance. SCMagazine.com article. Interesting look at building control systems and cyber insurance. Pull quote: “Earlier this year, Intelligent Buildings, an advisory and managed service for real estate owners, said a Chinese-speaking threat actor was targeting building automation systems across several Asian countries using the Microsoft Exchange ProxyLogon vulnerabilities. In 2019, researchers at ForeScout developed proof of concept malware code exploiting 10 different vulnerabilities capable of worming through different building automation systems.”

Biden-⁠Harris Administration Expands Public-Private Cybersecurity Partnership to Chemical Sector. WhiteHouse.gov statement. Brief. Pull quote: “The majority of chemical companies are privately owned, so we need a collaborative approach between the private sector and government. The nation’s leading chemical companies and the government’s lead agency for the chemical sector – the Cybersecurity and Infrastructure Agency (CISA) – have agreed on a plan to promote a higher standard of cybersecurity across the sector, including capabilities that enable visibility and threat detection for industrial control systems.”

The 5 D's of Cyber Sabotage. LinkedIn.com article by Tony Turner. 5 D’s, Deny, Disrupt, Deceive, Degrade and Destroy. Pull quote: “These kinetic consequences are not new, but through the connection of technology, become far more accessible to our adversaries. Vulnerability advisories will not talk about them and will paint a picture of bits and bytes affected, with no real-world consequence. It is extremely important that we start connecting the consequences of failure to the esoteric scenarios that keep security folks up at night but are largely lost on the operator and the business. Its time we start thinking about cyber sabotage as part of a robust safety culture. It’s time we take cyber security seriously.”

Fatal Blender Explosion: It does not have to be this way. StoneHouseSafety.com blog post. Metal dust explosions, special problems. Pull quote: “Dust fires and explosions in blending operations do happen. Performing a Dust Hazards Analysis (DHA) is the starting point to establish a basis of safety for your blending operations, as per NFPA 652 (Standard on Fundamentals of Combustible Dust), NFPA 484 (for metal dusts) and other industry-specific NFPA standards.”

A second railroad union votes down Biden's tentative agreement. NPR.org article. Pull quote: “"It is the responsibility of the parties involved to resolve this issue and any idea that kicking this to Congress will result in a quick or favorable outcome is deeply misguided," Jean-Pierre said. "These unions' rejection of the current proposed contract does not mean we face an immediate rail shut down, that's not how we view it. But it does mean the unions and their employers have additional work to do."”