Municipal
Making Patching Work for SCADA and Industrial Control System Security
April 05, 2013 Added by:Eric Byres
Applying patches is a critical part of good security. According to US-CERT, about 95% of all network intrusions could have been avoided by keeping systems up to date with appropriate patches. What I am against is patching as a knee-jerk reaction to security vulnerabilities. You can’t expect your control system to operate reliably if you don’t have a controlled process for patching.
Comments (0)
The Threat to Industrial Control Systems from Physical Persistent Design Features (PPDF)
April 01, 2013 Added by:Joe Weiss
Industrial control systems (ICSs) were designed for reliability and safety and to enable system operability and functionality. Many ICSs were originally designed before networking was commonplace. Consequently, cyber security was not a design consideration.
Comments (0)
SCADA and ICS Security Patching: The Good, the Bad and the Ugly
March 26, 2013 Added by:Eric Byres
Let's examine the good, the bad and the ugly details of patching as a means to secure SCADA and ICS systems. And to begin, let’s suppose patches could be installed without shutting down the process...
Comments (1)
Congress is Hurting the U.S. Regarding Cybersecurity
March 19, 2013 Added by:Joel Harding
If Congress doesn’t wake up and begin asking serious questions around cybersecurity, their inattention is going to cause us great harm in the coming years.
Comments (0)
SCADA and ICS Security: Welcome to the Patching Treadmill
March 15, 2013 Added by:Eric Byres
After Stuxnet, security researchers and hackers on the prowl for new targets to exploit shifted their efforts to critical industrial infrastructure. Unfortunately, the SCADA and Industrial Control Systems applications they are now focusing on are sitting ducks.
Comments (0)
China's PLA Behind Massive Cyber Espionage Operation
February 19, 2013 Added by:Mike Lennon
In a fascinating, unprecedented, and statistics-packed report, security firm Mandiant made direct allegations and exposed a multi-year, massive cyber espionage campaign that they say with confidence is the work of China.
Comments (0)
Defining the Qualities of Cyber Warfare
February 14, 2013 Added by:Jarno Limnéll
Cyber warfare is one of the hottest topics currently trending in newsfeeds and, although many are quick to use the term, not everyone fully understands the concept.
Comments (1)
Time to Speak Up on New IF-MAP Specs for ICS and SCADA Security
February 12, 2013 Added by:Eric Byres
Something I believe industry urgently needs is better standards for information exchange between security solutions. Unfortunately while TCG has had feedback from the IT community, they have received little from the SCADA or ICS community. I encourage everyone involved with SCADA and ICS security to review the specification.
Comments (0)
US Water System Hacked: A Community-Wide Issue
November 18, 2011 Added by:Robert M. Lee
Information is still coming out on this event and the DHS has stated that they and FBI are still gathering information but believe none of the information so far indicates a risk to critical infrastructure. However, the concerns this incident raises are valid regardless...
Comments (3)
New Federal Cyber Security Work Group
June 23, 2010 Added by:Richard Stiennon
A few weeks ago I participated in a cyber roundtable pulled together in Washington DC. This was, in part, a meeting to kick off a new organization that will seek to bring security technologists and policy makers together. (Much more on this at a later date).
Comments (0)
Is the U.S. prepared for cyber war or are we sitting ducks?
June 17, 2010 Added by:Ron Lepofsky
Last night Pres Obama made a speech to the nation about the BP oil spill. One of his three central points dealt with preventing a future oil spill disaster. Today the President told BP to allocate billions of dollars to reimburse those who suffered as the result of BP’s oil spill. Perhaps now is the time to take similar action and allocate funds and sticks to pr...
Comments (0)
ISAlliance Presents at Congressional Cybersecurity Event
June 15, 2010 Added by:Marjorie Morgan
Internet Security Alliance President Larry Clinton and ISA Board Member, Jeff Brown, Raytheon, Director of Infrastructure Services and Chief Information Security Officer will take part in a forethcoming Congressional Cybersecurity Caucus Event.
Comments (0)
No Internet Kill Switch is No Guarantee
June 13, 2010 Added by:Anthony M. Freed
In continued efforts to centralize the cybersecurity authority within the White House, more than 40 bills have been introduced that will dramatically alter the balance of power between the government and the private sector. Protecting Cyberspace as a National Asset Act of 2010 will shift the responsibility of federal agency cybersecurity from the Office of Management and Budget (OMB) to DHS by cre...
Comments (3)
What About Web Smuggling?
May 13, 2010 Added by:Dario Forte
After Viagra, guns and fake medicines, now we can purchase contraband cigarettes online. But the police are always on the alert. Here we discuss a recent Italian case. The Italian Guardia di Finanza (Finance Police) recently completed a longstanding investigation of a criminal organization specialized in Internet sales of tobacco products processed outside of Italy.
Comments (0)
Carl Levin Poses Several Cyber Scenarios
April 29, 2010 Added by:Richard Stiennon
Today’s hearing on the nominations of Keith Alexander to head CYBERCOM (and Admiral Winnfield to head NORAD and NORTHCOM) were the first time that operational responsibilities of CYBERCOM have been discussed in a public forum.
Comments (0)
Should we be afraid of Chinese hackers? ...Or lost cyber war
April 27, 2010 Added by:Roman Zeltser
The terms "cyber terrorism" or "information warfare" are derived from political agendas of those who rule the countries or from global conglomerates and large corporations that don't hesitate to use any possible measures to achieve their goal. The information age gave us not only sophisticated computer equipment, software, and gadgets but also something that many of u...
Comments (4)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)