š¬ MITRE CVE list might go offline today! This would be catastrophic for global vulnerability management. What I’ve described as a scenario theoretically possible in How Trump 2.0 could affect the IT industry in Europe might become reality more quickly than I’ve thought and not on the NIST-NVD level, but on the MITRE level including…
The shifting political landscape in the United States may significantly impact the global IT industry, especially in Europe. This blog post explores three aspects of how Trump 2.0 could impact the IT sector in Europe, offering insights into the near future and potential developments ahead. Data Transfer to the US The foundation for the legal…
Critical infrastructure faces a growing number of security threats.. Critical infrastructure typically relies on Industrial Automation and Control Systems (IACS) and other non-IT components, often referred to as “Operational Technology.” To effectively assess cybersecurity risks within operational technology (OT) systems, adhering to the internationally recognized IEC 62443 standard is best practice. IEC 62443-3-2, part of…
In December, I completed the EULYNX introduction course at the EULYNX Academy. This course represents the initial level of training. EULYNX Academy Certificate ā EULYNX What is EULYNX? EULYNX is an initiative among European railway infrastructure managers. Its main objective is to establish a modular signaling architecture featuring standardized interfaces. More information can be found…
Railway safety is a critical aspect of transportation that ensures the protection of passengers, staff, and infrastructure. Adhering to established safety norms is essential for minimizing risks and enhancing the reliability of railway systems. This blog post will explore key European railway safety standards EN 50126, EN 50128, and EN 50129. Safety measures are essential…
In this post, I delve into the most relevant standards that secure our railway systems. Using Europe and Germany as a case study for the local and national level of standards, the following infographics provides a comprehensive overview of the most relevant standards helping to increase security on the tracks. š Download infographics as pdf:…
Today I attended theĀ CNA e.V.Ā railway technology forum 2024 in Nuremberg forĀ ICS GmbH. The title of the conference was “Unlocking the opportunities of railtech”, which is both necessary and possible with the help of digital systems such as ETCS, ATO and CTMS – if it’s done in the right way. Cybersecurity plays a vital role in…
Since February 2022, cybersecurity threats to railways in the European Union have changed fundamentally: nation-state actors are no longer a theoretical possibility, but a dangerous reality. Russia is trying to sabotage European railways, warns Prague š” We therefore need to increase the resilience of the railway system against attacks by very capable attackers with access…
Despite the Easter holidays, a lot of incredible work was done over the weekend by many researchers analysing the details of the xz-utils backdoor. Some examples are: As the situation unfolds, it is becoming clear that this was not just one of the most sophisticated technical (perhaps the most sophisticated) attempts to introduce a backdoor…
The newly discovered xz-utils backdoor, which was published yesterday (NVD – CVE-2024-3094 (nist.gov)) also affects one of the Linux distributions most used by penetration testers: Kali Linux. āMake sure, that you are updating your Kali installations as fast as possible, especially when you updated them before in the time frame between 26.03.2024 and 29.03.2024. š”For…