Short Takes – 3-12-24

Damage a Distillation Column.  LinkedIn discussion. Pull quote: “Actually so far I haven’t found that many process equipment inherently secure against cyber attack. Attackers require very specific knowledge of the local system, and it depends on the type of production process, but once a threat actor gains access into the automation system also distillation columns aren’t inherently safe against cyber attack.” Very interesting discussion about physical modes for cyberattacks on process equipment.

Chemical manufacturer facing £233,000 [$289,439] in penalties for endangering workers. HazardExOnTheNet.net article. Pull quote: “"Employers must evaluate and effectively control respiratory hazards in the workplace and establish a hazard communication program that meets or exceeds federal safety standards to protect workers. Our hazard communication overview provides employers with the knowledge to get this done and make their workplaces safer for all," Stawowy added.”

CISA targeted through Ivanti VPN vulnerabilities, reports say. GovExec.com article. Pull quote: “The compromised systems included CISA’s Infrastructure Protection Gateway, where DHS partners can access infrastructure protection tools, and the [CFATS] Chemical Security Assessment Tool [emphasis added] that provides private sector chemical security information, according to The Record and CNN.”

Security Risks of the AeroScope Upgrade Module. LinkedIn.com article. Pull quote: “The most significant difference between [DJI] Drone ID and RID [FAA Remote ID] is the underlying physical protocols. While Drone ID is integrated within DJI’s proprietary OcuSync protocol (for all newer models), RID makes use of standard WiFi and Bluetooth protocols. By and large, this means that while Drone ID has historically been detectable for many kilometers (sometimes as much as 30+), Remote ID will not – and is likely to achieve 1-2 km max (when in good physical conditions). Coupling this range restriction with network congestion and noise, the protocol is likely to be extremely difficult to distinguish when in dense crowded environments (such as a stadium or an urban city-center).”

Susio secures funding to support 1,000kg per day hydrogen generator development. H2-View.com article. “Susio’s process is expected to produce low-cost, low-carbon or zero-carbon energy, using “novel microwave technology” to extract hydrogen from natural gas or biogas while capturing the carbon in the form of carbon black.” While not a greenhouse gas, carbon black has a number of unique handling and environmental issues that are difficult to deal with.

Automakers Are Sharing Consumers’ Driving Behavior With Insurance Companies. NYTimes.com article. Pull quote: “What it contained stunned him: more than 130 pages detailing each time he or his wife had driven the Bolt over the previous six months. It included the dates of 640 trips, their start and end times, the distance driven and an accounting of any speeding, hard braking or sharp accelerations. The only thing it didn’t have is where they had driven the car.”

Department of Defense (DoD) Defense Industrial Base (DIB) Cybersecurity (CS) Activities. Federal Register DOD final rule. Summary: “The DoD is finalizing revisions to the eligibility criteria for the voluntary Defense Industrial Base (DIB) Cybersecurity (CS) Program. These revisions will allow all defense contractors who own or operate an unclassified information system that processes, stores, or transmits covered defense information to benefit from bilateral information sharing. DoD is also finalizing changes to definitions and some technical corrections for readability.”