Bibliography
BitChute. n.d. “NXP: What Is IEC 62443 for Industrial Cyber Security?” https://www.bitchute.com/video/DJnKWIWTx5as. Accessed October 8, 2024.
CISA (Cybersecurity and Infrastructure Security Agency). 2023. “People’s Republic of China state-Sponsored Cyber Actor Living Off the Land to Evade Detection.”
CISA. 2024. “PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure.” February 7. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a.
DOE (Department of Energy). 2024. “Supply Chain Cybersecurity Principles.” https://www.energy.gov/sites/default/files/2024-06/Final%20Supply%20Chain%20Cybersecurity%20Principles%20061424_0.pdf.
EnergiCERT. 2022. Handbook on Threat Assessments. EnergiCERT.
Epp, S. 2024. “Firmware Security: Watch Out for These 5 Excuses.” https://www.paloaltonetworks.com/cybersecurity-perspectives/firmware-security-watch-out-for-these-5-excuses.
FFC (Federal Facilities Council). 2021. The Gates Are Open: Control System Cyber-Physical Security for Facilities: Proceedings of a Federal Facilities Council Workshop—in Brief. The National Academies Press.
GAO (Government Accountability Office). 2020. Information Technology: Federal Agencies Need to Take Urgent Action to Manage Supply Chain Risks. GAO-21-171.
Garton, D. 2019. “Purdue Model Framework for Industrial Control Systems and Cybersecurity Segmentation.” Topic Paper 4-14. National Petroleum Council. November 12. https://www.energy.gov/sites/default/files/2022-10/Infra_Topic_Paper_4-14_FINAL.pdf.
GSA (General Services Administration). 2024. “IT Contract Vehicles and Purchasing Programs.” Updated October 10. https://www.gsa.gov/technology/it-contract-vehicles-and-purchasing-programs?gsaredirect=itc.
Joint Task Force. 2020. “Security and Privacy Controls for Information Systems and Organizations.” National Institute of Standards and Technology.
Jones, D. 2024. “CVE Exploitation Nearly Tripled in 2023, Verizon Finds.” https://www.cybersecuritydive.com/news/cve-exploitation-tripled-2023-verizon/714848.
NIST (National Institute of Standards and Technology). 2017. “Cybersecurity Framework Manufacturing Profile.” NIST IR 8183. September. https://csrc.nist.gov/pubs/ir/8183/upd1/final.
NIST. 2024. “The NIST Cybersecurity Framework (CSF) 2.0.”
OMB (Office of Management and Budget). 2023. “Fiscal Year 2024 Guidance on Federal Information Security and Privacy Management Requirements.” M-24-04. Memorandum for the Heads of Executive Departments and Agencies from Shalanda D. Young, Director. Executive Office of the President. December 4. https://www.whitehouse.gov/wp-content/uploads/2023/12/M-24-04-FY24-FISMA-Guidance.pdf.
Ribeiro, A. 2024. “Forescout Identifies PLCs, DCSs, Industrial Robots as Top Vulnerabilities in 2024 Risk Report.” https://industrialcyber.co/threat-landscape/forescout-identifies-plcs-dcss-industrial-robots-as-top-vulnerabilities-in-2024-risk-report.
Rose, S., O. Borchert, S. Mitchell, and S. Connelly. 2020. Zero Trust Architecture. NIST SP 800-207. https://doi.org/10.6028/NIST.SP.800-207.
Schaefer, W. 2023. “The Rising Importance of PLC Cybersecurity: An Essential Look into Industrial Vulnerability.” https://www.engineering.com/the-rising-importance-of-plc-cybersecurity-an-essential-look-into-industrial-vulnerability.
Security Staff. 2021. “91% of Organizations Faced a Software Supply Chain Attack Last Year.”
SektorCERT. 2023. “The Attack Against Danish Critical Infrastructure.”
Stouffer, K., T. Zimmerman, C.Y. Tang, J. Lubell, J. Cichonski, and J. McCarthy. 2017. “Cybersecurity Framework Manufacturing Profile.” NIST.
Stouffer, K., M. Pease, C.Y. Tang, T. Zimmerman, et al. 2023. Guide to Operational Technology (OT) Security. NIST SP 800-82r3. NIST. https://doi.org/10.6028/NIST.SP.800-82r3.
Trend Micro. n.d. “Zero-Day Vulnerability.” https://www.trendmicro.com/vinfo/hk-en/security/definition/zero-day-vulnerability. Accessed October 8, 2024.
U.S. House of Representatives. 2024. “Hearing Transcript: The CCP Cyber Threat to the American Homeland and National Security.” Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party. January 31. https://selectcommitteeontheccp.house.gov/media/remarkstranscripts/hearing-transcript-ccp-cyber-threat-american-homeland-and-national.
White House. 2024. “National Security Memorandum on Critical Infrastructure Security and Resilience.” NSM-22. April 30.
