When I joined 3eTI a year ago, I recall often hearing about “Federal Information Processing Standards (FIPS)” and “Common Criteria (CC),” and their importance to cybersecurity from my peers. But at the time I had never heard of these and
(Authors Matt Cowell & Sunny DeMattio)
As many have heard, ransomware is one of the latest forms of malware plaguing the internet today. With typical ransomware a user’s system is held hostage until the user agrees to pay the proposed
The 2017 RSA Conference wrapped up this week in San Francisco and wow, what a show! The sheer size and scale of the event was absolutely jaw dropping. It’s hard to find the words to do it justice. Organizers estimated that 40,000-50,000 people attended the show and considering the size, RSA does a great job with the organization of the event and providing an impressive experience overall.
Regulators Weigh in on Medical Devices
While the medical device as a cyber-attack target has increasingly concerned health regulators in recent years, the risk may come as news to many in traditional ICS infrastructure circles. For cyber security specialists focused on
A next-generation firewall (NGFW) enforces security policy on multiple layers of the OSI model. In addition to a traditional network layer firewall, an NGFW is able to filter at the application layer as well.
Seven months have passed since the Department of Homeland Security issued Seven Strategies to Defend ICSs and the time seems ripe to consider the state of control system cyber security.
As reported April 27, one such incident involved the Gundremmingen plant in Germany that was found to be infected with malware intended to allow remote access. Even though the viruses seem to have posed no threat to operations of the plant 75 miles from Munich, it’s scary stuff when malware finds its way into a nuclear facility, and onto its industrial control system (ICS).
Like many in the business of cyber security for industrial control systems (ICS), I’ve been closely following this winter’s cruel and expertly executed hack in Ukraine that left more than 200,000 people in the cold and dark two days before Christmas. The first confirmed cyber-attack to shut down a power grid, the Ukraine assault demonstrated that a motivated enemy can, and will, break through standard cyber-defenses to further an agenda in ways that are not soon forgotten.
Stating that weaknesses in industrial control system (ICS) security “will have serious consequences on our ability to execute assigned missions if not addressed,” the letter I recently received was addressed to Defense Secretary Ash Carter. In it, two Navy admirals asked the Secretary to require improved control-system security by adding it as a priority in the cyber scorecard.
Days before the New Year rang in, and less than a week after a cyber-attack cut electricity to tens of thousands of Ukrainians, the Department of Homeland Security released new guidance on tightening security in “as-built” industrial control systems (ICS). The recommendations, presented in “Seven Steps to Effectively Defend Industrial Control Systems,” are high-level but clearly support elevating the cyber security posture of ICS and critical network infrastructures.