https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2022 Winter Showcase
    • IWCE 2023 Pre-event Guide
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookie Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2023 Pre-event Guide
    • IWCE 2022 Winter Showcase
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Terms of Service
    • Privacy Statement
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Cybersecurity


Partner content

Digital-supply-chain challenge to cities and counties: Another cyber minefield to navigate

Digital-supply-chain challenge to cities and counties: Another cyber minefield to navigate

  • Written by Dr. Alan R. Shark / American City & County
  • 16th September 2021

As cities and counties have steadfastly turned to managed service providers for enhanced improvements and security for their networks, a new type of cyberthreat has emerged to greatly undermine trust. The irony here is that many turned to managed service providers who promised greater cybersecurity and hardened system protections. Perhaps managed services sounded too good to be completely true, as cities and counties looked to their providers for more secure solutions in better managing and protecting their networks from cyber intrusions. A rash of incidents in mid-2021 helped to undercut all such blanket assurances and promises. Supply-chain hacks are not new, but-—ike all cybercrime they—have become more pernicious.

The Colonial Pipeline hack is a prime example of a “traditional” supply-chain hack, when a ransomware attack caused one of the largest oil-supply pipelines to cease operation for less than a week, leading to gas outages, shortages and higher prices. Most thought of supply-chain issues as something completely focused on getting parts and materials to suppliers in the most expeditious manner possible. In addition, the pandemic highlighted supply-chain issues regarding shortages in furniture availability, due to shortages of lumber and foam. Cars, trucks, boats and even appliances had to cut their production lines because of shortages in essential computer chips.

Physical or traditional supply-chain issues can certainly be disruptive, but so can digital-supply-chain issues. As reported, what is now being referred to as digital-supply-chain attacks have proven to be particularly worrisome. When a cyber services company or managed service provider’s customer downloads an update, it was once rightful to assume the update had been fully vetted, etc.

Until recently, few saw how supply hacks could occur in the cybersecurity environment; then the cyberthreat landscape presented no less than three digital-supply-chain hacks. Threat actors had successfully compromised the technology supply chains and were able to obtain access into their target’s customer base, providing them unprecedented access to thousands of unsuspecting customers. This led to large-scale attacks on governments and enterprises, impacting small and large businesses, local governments and hospitals. The SolarWinds, CodeCov and Kaseya attacks are prime examples. Threat actors were able to gain entrance to these company’s ecosystems through unknown vulnerabilities and backdoor supplier support chains.

SolarWinds is a major cybersecurity company that provides system management tools for network and infrastructure monitoring offering technical services to hundreds of organizations around the world through its Orion software product. More than 30,000 public and private organizations—including local, state and federal agencies—use the Orion network management system to manage their IT resources. Threat actors were able to infiltrate at least nine U.S. agencies and about 100 companies, plus hundreds of electric utilities in North America. The hack compromised the data, networks and systems of thousands, as SolarWinds inadvertently delivered malware as a “routine” update to the Orion software.

To read the complete article, visit American City & County.

 

Tags: Applications Companies Critical Infrastructure Cybersecurity Enterprise Federal Government/Military Incident Command/Situational Awareness News Public Safety Security Software State & Local Government System Installation System Operation Tracking, Monitoring & Control Training Partner content

Most Recent


  • Microsoft Outlook vulnerability could be 2023's 'It' bug
    Microsoft recently patched a zero-day vulnerability under active exploit in Microsoft Outlook, identified as CVE-2023-23397, which could enable an attacker to perform a privilege escalation, accessing the victim’s Net-NTLMv2 challenge-response authentication hash and impersonating the user. Now it’s becoming clear that CVE-2023-23397 is dangerous enough to become the most far-reaching bug of the year, security researchers are […]
  • Getting to know the how—and why—of the telecom cloud
    A funny thing happened during the pandemic: The giant cloud hyperscalers burst into the telecom industry. And now it’s time for everyone to get acquainted with them. Why? Well, it seems increasingly inevitable that a certain percentage – ranging from “a little” to “most” – of telecom operators’ network functions are going to run in […]
  • Zipline delivery drone docks, charges by itself
    Zipline has unveiled its new autonomous drone platform, designed to provide accurate everyday delivery to homes in the U.S., including in busy residential areas. Zipline’s previous delivery system worked by parachuting parcels into a specified area. Now the new drone, dubbed Platform 2 or P2 Zip, sends its goods down to customers via a tether […]
  • State and local leaders can alleviate the burden on public-safety personnel by tackling three workforce trends
    Government officials and public safety leaders wear many different hats. They serve as sounding boards for constituent complaints and for new ideas that need vetting. They are change agents charged with improving the lives of citizens and colleagues and are tasked with keeping order. Their most daunting responsibility, however, is keeping members of their community […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • White House Cybersecurity Summit: A missed opportunity
  • IoT cyberattacks escalate in 2021, according to Kaspersky
  • OMIGOD: Azure users warned of critical OMI vulnerabilities
  • ESChat: Josh Lober highlights interop capabilities, Siyata integration for IWCE

Commentary


Updated: How ‘sidelink’ peer-to-peer communications can enhance public-safety operations

  • 1
27th February 2023

NG911 needed to secure our communities and nation

24th February 2023

How 5G is making cities safer, smarter, and more efficient

26th January 2023
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

Microsoft Outlook vulnerability could be 2023’s ‘It’ bug dlvr.it/SlC3Hh

20th March 2023
UrgentComm

Getting to know the how–and why–of the telecom cloud dlvr.it/SlBbD1

20th March 2023
UrgentComm

Zipline delivery drone docks, charges by itself dlvr.it/SlBNWy

20th March 2023
UrgentComm

State and local leaders can alleviate the burden on public-safety personnel by tackling three workforce trends dlvr.it/SlBH89

20th March 2023
UrgentComm

6G is shaping up to disappoint, and the industry can blame itself dlvr.it/Sl918J

20th March 2023
UrgentComm

Change is coming to the network detection and response (NDR) market dlvr.it/Sl4cts

18th March 2023
UrgentComm

Telcos need to build businesses, as well as networks dlvr.it/Sl4cRR

18th March 2023
UrgentComm

Get ready for the summer of spectrum squabbling dlvr.it/Sl4c1J

18th March 2023

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.