critical-infrastructure
Safeguard articles tagged "critical-infrastructure" — guides, analysis, and best practices for software supply chain and application security.
31 articles
TSA pipeline cybersecurity directive and software supply ...
A breakdown of TSA's pipeline cybersecurity directives and the software supply chain requirements they impose on operators and oil and gas vendors alike.
CIRCIA Final Rule Slips to May 2026: What Changes
CISA pushed the CIRCIA final rule deadline from October 2025 to May 2026, citing 24,000 public comments and harmonization work with other federal cyber reporting frameworks.
Harrods Cyber Attack: The UK Retail Sector Under Sustained Assault
Harrods became the third major UK retailer hit by cyber attacks in weeks, following M&S and Co-op. The pattern points to coordinated campaigns targeting retail.
Nova Scotia Power Cyber Incident: When Critical Infrastructure Gets Hit
Nova Scotia Power disclosed a cyber incident in April 2025 that compromised customer data. The attack highlights the persistent vulnerability of utility companies.
Oracle Critical Control Baseline: Regulatory Impact
Oracle's February 2025 Critical Control Baseline for critical infrastructure customers reshapes SCRM obligations. Here's what legal and security teams must know.
American Water Cyberattack: Largest U.S. Utility Forced Offline
American Water Works discovered unauthorised network access on October 3, 2024, shutting down its MyWater customer portal and billing systems serving 14 million people across 24 states.
Qilin Ransomware Group: Dissecting a Rising Threat Actor
Qilin has rapidly become one of the most active ransomware operations, targeting healthcare, manufacturing, and critical infrastructure. A technical breakdown of their methods.
Port of Seattle Rhysida: Airport Ransomware and the Public-Sector Tail
On August 24, 2024, Rhysida ransomware took down Port of Seattle systems including Sea-Tac airport check-in, baggage, and the Port website. The Port refused a $6 million ransom. We unpack the case.
Fog Ransomware: Why Schools and Universities Are Under Siege
Fog ransomware has carved a niche by targeting educational institutions — organizations with tight budgets, thin security teams, and massive attack surfaces. Here is how they operate.
Volt Typhoon: Living-Off-the-Land and Supply Chain
The PRC-linked pre-positioning group that scared DHS and the NSA into a public warning, and what it means for supply chain defenders.
Rhysida Ransomware: Systematic Targeting of Government and Critical Infrastructure
Rhysida ransomware distinguished itself through deliberate targeting of government agencies, education institutions, and healthcare organizations across multiple countries.
Utilities Sector NERC CIP Software Supply Chain
NERC CIP-013 turned software supply chain into a regulated obligation for the bulk electric system. A practical look at what utilities are actually doing.