Earlier this week, the US’ Energy Information Agency (EIA) gave a preview of the changes the nation’s electrical grid is likely to see over the coming year. The data is based on information submitted to the Department of Energy by utilities and power plant owners, who are asked to estimate when generating facilities that are planned or under construction will come online. Using that information, the EIA estimates the total new capacity expected to be activated over the coming year.
Critical Manufacturing Organizations Face Significant Risk of Cyber Attacks
Recent years have seen an alarming increase in the number of cyberattacks against critical infrastructure, many of which involved ransomware. Particularly in terms of cyber resilience, the industrial industry appears to be falling behind.
SUPPLY CHAIN SECURITY: 98% of Firms Have a Supply Chain Relationship That Has Been Breached: Analysis
The digital supply chain is probably more extensive and more complicated than you realize. Upward of 98% of organizations have a relationship with at least one third party that has experienced a breach in the last two years – and these figures are almost certainly no exaggeration.
Additional Supply Chain Vulnerabilities Uncovered in AMI MegaRAC BMC Software
Two more supply chain security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller (BMC) software, nearly two months after three security vulnerabilities were brought to light in the same product. Firmware security firm Eclypsium said the two shortcomings were held back until now to provide AMI additional time to engineer appropriate mitigations.
How Biden’s microchip ban is curbing China’s AI weapons efforts
President Joe Biden’s motorcade pulled up to a 40-acre construction site dotted with some two dozen red, blue and gold cranes. An American flag hung from one of the site’s buildings alongside a banner that read “A Future made in America: Phoenix, Arizona.”
The site will feature a new facility of the Taiwan Semiconductor Manufacturing Company. Biden had arrived to tout the company’s newly announced $40 billion investment in U.S. microelectronics manufacturing following the July enactment of the CHIPS Act, which included $52 billion in subsidies and tax incentives for businesses that produce semiconductors within the country.
2022 global smartphone shipments were the lowest in nearly a decade
The industry capped off another dismal year with a 17% year over year drop for Q4. That number puts the full year’s shipping figures 11% below 2021, per new numbers from Canalys, which refer to it as “an extremely challenging year for all vendors.”
CISA released four Industrial Control Systems (ICS) Advisories
These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations:
Ransomware attack on maritime software impacts 1,000 ships
About 1,000 vessels have been affected by a ransomware attack against a major software supplier for ships. Oslo-based DNV – one of the world’s largest maritime organizations – said it was hit with ransomware on the evening of January 7 and was forced to shut down the IT servers connected to their ShipManager system.
U.S. manufacturing output tumbles in December
Production at U.S. factories fell more than expected in December and output in the prior month was weaker than previously thought, indicating that manufacturing was rapidly losing momentum as higher borrowing costs hurt demand for goods.
Manufacturing output dropped 1.3% last month, the Federal Reserve said on Wednesday. Data for November was revised lower to show production at factories decreasing 1.1% instead of the previously reported 0.6%. Economists polled by Reuters had forecast factory production would decline 0.3%.
Software Supply Chain Security Needs a Bigger Picture
The intricate labyrinth of open source dependencies across the global software supply chain has created an application security puzzle of mammoth proportions. Whether open source or closed, most of the world’s software today is built on third-party components and libraries. Consequently, one piece of vulnerable code in even the smallest of open source projects can have a domino effect that impacts thousands of other applications, APIs, cloud infrastructure components, and more.