Cyber Security Management – How and Why it’s Failing

Posted on May 18, 2012 by Kim Legelis

Yesterday, Carnegie Mellon CyLab in conjunction with RSA issued the Governance of Enterprise Security: CyLab 2012 Report. This report surveyed boards of directors and senior management executives to determine how they are managing privacy and cyber security within their organizations. 75 percent of the respondents were from the critical infrastructure industry, and the energy and utilities sectors indicated that nearly 80 percent of their executive do not review insurance for cyber security risk << More >>

ICSJWG – Key Takeaways

Posted on May 17, 2012 by Jacob Kitchel

If you attended the recent ICSJWG Spring 2012 conference, you likely attended the panel that Industrial Defender organized entitled “Key Takeaways from S4 and Project Basecamp.” Moderated by Bob Lockhart from Pike Research, the members of the panel included: Markus Braendle, ABB Robert McComber, Telvent/Schnieder Graham Speake, Yokogowa Brad Hegrat, Rockwell/Allen-Bradley Jonathan Pollet, Red Tiger Security Jacob Kitchel, Industrial Defender There were a lot of good questions, strong opin << More >>

After Thoughts on ICSJWG

Posted on May 15, 2012 by Kim Legelis

As you may know, Industrial Defender spent the last few days down in sunny Savannah, Georgia at the Industrial Control Systems Joint Working Group Spring Conference. For your reference, the Department of Homeland Security established the ICSJWG to facilitate information sharing and reduce the risk to the nation’s industrial control systems. At this conference, Industrial Defender organized and participated in a panel session entitled Key Take-Aways from S4 and Project Basecamp. This sessio << More >>

How to Make BYOD Work

Posted on May 11, 2012 by Kim Legelis

This year’s IBM X-Force report focused on the growing trend of “Bring your Own Device,” or BYOD. It reported a 19 percent increase over the prior year in the number of exploits publicly released that can be used to target mobile devices. Workers bring in various mobile devices that have unpatched vulnerabilities to publicly released exploits, creating an opportunity for attackers to use the device as an access points. So, what does BYOD mean for ICS? Kevin McCaney, managing editor of Gover << More >>

Safety vs. Security

Posted on May 8, 2012 by Kim Legelis

Most assume that safety and security go together and are basically synonymous concepts. However, over the years experts in the ICS industry have continuously emphasized the physical safety in organizations and put less focus on the security aspect. IT professionals in these environments are now being confronted with real consequences due to a lack of security measures. Stuxnet is a perfect example of what happens when security precautions are ignored. Operators, IT managers and directors must no << More >>

What’s The Best Piece of Security Advice You’ve Ever Received?

Posted on May 1, 2012 by Kim Legelis

The security industry is unpredictable. After being in the space for almost 10 years, the experts at Industrial Defender have seen their share of changes and lessons learned. Whether you are updating company systems, training employees or maintaining networks, sustaining security is of critical importance to any organization. Jacob Kitchel recently shared his tips and advice about working in security with David Spark of the State of Security Blog. In Jacob’s role as senior manager of security << More >>

Cyber Security Lesson’s from Iran: The Sequel

Posted on April 26, 2012 by Kim Legelis

While no one is yet crying over spilled oil, it appears that once again Iran’s energy infrastructure has fallen victim to cyber security disruption. As reported in The New York Times , it seems that fears of operational impact on Iranian oil terminals caused officials there to unplug their facilities from the internet in order to avoid damage for the “wiper” virus. Surely this is harder than it sounds and has far reaching implications when it comes to system restoration. We can all lea << More >>

Log Management and Auditing from ICS CERT

Posted on April 25, 2012 by Kim Legelis

For those of you concerned with Industrial Control System (ICS) Security, the DHS ICS-CERT is an invaluable resource. In their most recent ICS CERT Newsletter (p2) the Situational Awareness section focuses on failures and fixes for logging and event monitoring. “ICS CERT found that ineffective auditing and logging was one of the most consistent technical issues/obstacles encountered when responding to onsite incident visits.” The lesson’s learned this from the folks that provide i << More >>

Use Cases in Automation Systems Management – Software Inventory and Version Details

Posted on April 23, 2012 by MIke Dugent

This is a continuation of a series discussing different use cases in Automation Systems Management, and will focus on the operational advantages of knowing exactly what software is running on the control systems in your environment. This post is coming to you from ABB Automation and Power World in Houston, Texas, so if you happen to be here as you read this come find us in booth 8 of the Technology Expo. To see the first part of this series on managing ports and services, click here. Here’s a << More >>

Why Smart Meters Need To Be Smarter

Posted on April 13, 2012 by Kim Legelis

Smart meters are designed to provide efficient and reliable electricity services and rates throughout the day. So what happens when these systems become compromised? Hundreds of millions of dollars goes missing… annually. The most recent case of this theft was announced in a cyber intelligence bulletin, in which the FBI disclosed information about a hack that occurred on a Puerto Rico smart meter. Hacking meters is not a new issue. However, with the advancement of digital smart meters, hackers << More >>

May 2012
M	T	W	T	F	S	S
« Apr
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31