An unnamed APT has a remote code execution exploit for Rockwell Automation ControlLogix communications modules. Court temporarily blocks water system cybersecurity mandate. Industrial controller vulnerabilities pose a risk to critical infrastructure. US Federal government issues voluntary IoT security guidelines. Our guest is Mea Clift of Woodard & Curran discussing how compliance should not be a checkbox activity with an eye on OT security and shares her experience in securing the water/utilities space. On the Learning Lab, Mark Urban is joined by Dragos Vulnerability Analyst Logan Carpenter in final part of three segments focused on vulnerabilities in the OT world. Webinars. Webinar: Operationalizing OT Threat Intelligence – a Rockwell Automation ControlLogix Case Study Join us for this exclusive behind-the-scenes look at how Dragos approaches this on a regular basis, using the recently disclosed Rockwell Automation ControlLogix EtherNet/IP (ENIP) communication module vulnerabilities (CVE-2023-3595 and CVE-2023-3596). Webinar: Securing Digital Transformation: OT Cybersecurity Innovation and Resilience As business and innovation come together, digital transformation isn’t a future concept - it’s happening right now. Join Dave Bittner and our friends from AWS, Splunk and Dragos on August 3rd @ 2pm EST for a live panel on “Securing Digital Transformation: OT Cybersecurity Innovation and Resilience” where we’ll dive into secure digital transformation, managing OT/IT cyber risk and the value and vision of Cloud resources. Control Loop News Brief. ControlLogix RCE exploit. Rockwell warns of new APT RCE exploit targeting critical infrastructure (BleepingComputer) Dragos Enabled Defense Against APT Exploits for Rockwell Automation ControlLogix (Dragos) Court temporarily blocks water system cybersecurity mandate. EPA ’disappointed’ by hold on agency efforts to spur water systems cybersecurity (The Washington Post) Industrial controller vulnerabilities pose a risk to critical infrastructure. Security flaws in Honeywell devices could be used to disrupt critical industries (TechCrunch) Implementing the US National Cybersecurity Strategy. National Cybersecurity Strategy Implementation Plan (The White House) US Federal government issues voluntary IoT security guidelines. Biden-⁠Harris Administration Announces Cybersecurity Labeling Program for Smart Devices to Protect American Consumers (The White House) White House, FCC advance efforts to add security labels to connected devices (CyberScoop) Control Loop Interview. The interview is with Mea Clift of Woodard & Curran discussing how compliance should not be a checkbox activity with an eye on OT security and her experience in securing the water/utilities space. Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos Vulnerability Analyst Logan Carpenter in final part of three segments focused on vulnerabilities in the OT world. Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.