Safeguard
Tag

critical-infrastructure

Safeguard articles tagged "critical-infrastructure" — guides, analysis, and best practices for software supply chain and application security.

31 articles

Regulatory Compliance

TSA pipeline cybersecurity directive and software supply ...

A breakdown of TSA's pipeline cybersecurity directives and the software supply chain requirements they impose on operators and oil and gas vendors alike.

Dec 21, 20257 min read
Regulation

CIRCIA Final Rule Slips to May 2026: What Changes

CISA pushed the CIRCIA final rule deadline from October 2025 to May 2026, citing 24,000 public comments and harmonization work with other federal cyber reporting frameworks.

Oct 2, 20255 min read
Breach Analysis

Harrods Cyber Attack: The UK Retail Sector Under Sustained Assault

Harrods became the third major UK retailer hit by cyber attacks in weeks, following M&S and Co-op. The pattern points to coordinated campaigns targeting retail.

May 1, 20256 min read
Breach Analysis

Nova Scotia Power Cyber Incident: When Critical Infrastructure Gets Hit

Nova Scotia Power disclosed a cyber incident in April 2025 that compromised customer data. The attack highlights the persistent vulnerability of utility companies.

Apr 28, 20256 min read
Regulatory Compliance

Oracle Critical Control Baseline: Regulatory Impact

Oracle's February 2025 Critical Control Baseline for critical infrastructure customers reshapes SCRM obligations. Here's what legal and security teams must know.

Mar 25, 20255 min read
Incident Analysis

American Water Cyberattack: Largest U.S. Utility Forced Offline

American Water Works discovered unauthorised network access on October 3, 2024, shutting down its MyWater customer portal and billing systems serving 14 million people across 24 states.

Feb 26, 20256 min read
Threat Intelligence

Qilin Ransomware Group: Dissecting a Rising Threat Actor

Qilin has rapidly become one of the most active ransomware operations, targeting healthcare, manufacturing, and critical infrastructure. A technical breakdown of their methods.

Feb 20, 20255 min read
Incident Analysis

Port of Seattle Rhysida: Airport Ransomware and the Public-Sector Tail

On August 24, 2024, Rhysida ransomware took down Port of Seattle systems including Sea-Tac airport check-in, baggage, and the Port website. The Port refused a $6 million ransom. We unpack the case.

Dec 5, 20247 min read
Threat Intelligence

Fog Ransomware: Why Schools and Universities Are Under Siege

Fog ransomware has carved a niche by targeting educational institutions — organizations with tight budgets, thin security teams, and massive attack surfaces. Here is how they operate.

Nov 5, 20246 min read
Industry Analysis

Volt Typhoon: Living-Off-the-Land and Supply Chain

The PRC-linked pre-positioning group that scared DHS and the NSA into a public warning, and what it means for supply chain defenders.

Sep 30, 20246 min read
Ransomware

Rhysida Ransomware: Systematic Targeting of Government and Critical Infrastructure

Rhysida ransomware distinguished itself through deliberate targeting of government agencies, education institutions, and healthcare organizations across multiple countries.

Aug 5, 20247 min read
Regulatory Compliance

Utilities Sector NERC CIP Software Supply Chain

NERC CIP-013 turned software supply chain into a regulated obligation for the bulk electric system. A practical look at what utilities are actually doing.

May 20, 20247 min read
critical-infrastructure (Page 2) — Safeguard Blog