April 05, 2013 Added by:Eric Byres
Applying patches is a critical part of good security. According to US-CERT, about 95% of all network intrusions could have been avoided by keeping systems up to date with appropriate patches. What I am against is patching as a knee-jerk reaction to security vulnerabilities. You can’t expect your control system to operate reliably if you don’t have a controlled process for patching.
April 01, 2013 Added by:Joe Weiss
Industrial control systems (ICSs) were designed for reliability and safety and to enable system operability and functionality. Many ICSs were originally designed before networking was commonplace. Consequently, cyber security was not a design consideration.
March 26, 2013 Added by:Eric Byres
Let's examine the good, the bad and the ugly details of patching as a means to secure SCADA and ICS systems. And to begin, let’s suppose patches could be installed without shutting down the process...
March 19, 2013 Added by:Joel Harding
If Congress doesn’t wake up and begin asking serious questions around cybersecurity, their inattention is going to cause us great harm in the coming years.
March 15, 2013 Added by:Eric Byres
After Stuxnet, security researchers and hackers on the prowl for new targets to exploit shifted their efforts to critical industrial infrastructure. Unfortunately, the SCADA and Industrial Control Systems applications they are now focusing on are sitting ducks.
February 19, 2013 Added by:Mike Lennon
In a fascinating, unprecedented, and statistics-packed report, security firm Mandiant made direct allegations and exposed a multi-year, massive cyber espionage campaign that they say with confidence is the work of China.
February 12, 2013 Added by:Eric Byres
Something I believe industry urgently needs is better standards for information exchange between security solutions. Unfortunately while TCG has had feedback from the IT community, they have received little from the SCADA or ICS community. I encourage everyone involved with SCADA and ICS security to review the specification.
November 18, 2011 Added by:Robert M. Lee
Information is still coming out on this event and the DHS has stated that they and FBI are still gathering information but believe none of the information so far indicates a risk to critical infrastructure. However, the concerns this incident raises are valid regardless...
June 23, 2010 Added by:Richard Stiennon
A few weeks ago I participated in a cyber roundtable pulled together in Washington DC. This was, in part, a meeting to kick off a new organization that will seek to bring security technologists and policy makers together. (Much more on this at a later date).
June 17, 2010 Added by:Ron Lepofsky
Last night Pres Obama made a speech to the nation about the BP oil spill. One of his three central points dealt with preventing a future oil spill disaster. Today the President told BP to allocate billions of dollars to reimburse those who suffered as the result of BP’s oil spill. Perhaps now is the time to take similar action and allocate funds and sticks to pr...
June 15, 2010 Added by:Marjorie Morgan
Internet Security Alliance President Larry Clinton and ISA Board Member, Jeff Brown, Raytheon, Director of Infrastructure Services and Chief Information Security Officer will take part in a forethcoming Congressional Cybersecurity Caucus Event.
June 13, 2010 Added by:Anthony M. Freed
In continued efforts to centralize the cybersecurity authority within the White House, more than 40 bills have been introduced that will dramatically alter the balance of power between the government and the private sector. Protecting Cyberspace as a National Asset Act of 2010 will shift the responsibility of federal agency cybersecurity from the Office of Management and Budget (OMB) to DHS by cre...
May 13, 2010 Added by:Dario Forte
After Viagra, guns and fake medicines, now we can purchase contraband cigarettes online. But the police are always on the alert. Here we discuss a recent Italian case. The Italian Guardia di Finanza (Finance Police) recently completed a longstanding investigation of a criminal organization specialized in Internet sales of tobacco products processed outside of Italy.
April 29, 2010 Added by:Richard Stiennon
Today’s hearing on the nominations of Keith Alexander to head CYBERCOM (and Admiral Winnfield to head NORAD and NORTHCOM) were the first time that operational responsibilities of CYBERCOM have been discussed in a public forum.
April 27, 2010 Added by:Roman Zeltser
The terms "cyber terrorism" or "information warfare" are derived from political agendas of those who rule the countries or from global conglomerates and large corporations that don't hesitate to use any possible measures to achieve their goal. The information age gave us not only sophisticated computer equipment, software, and gadgets but also something that many of u...
Mobile Security Processes Could Be Applied t... Johnnie Nix on 05-21-2013
ATM Security (And Really Learning from the P... Johnnie Nix on 05-21-2013
New Study Published on Mobile Malware... Caitlin Rachel on 05-21-2013