The US House of Representatives has once again passed the Cyber Intelligence Sharing and Protection Act (CISPA), which died in the Senate last year, by a margin of 288 to 127 after two days of debate. Over several hours, House opinion on the bill boiled down to whether the redesigned CISPA successfully addressed criticism from […]
House passes revamped CISPA cybersecurity bill amidst warnings of ‘digital bombs’ | The Verge
NESCO Town Hall Meeting – Denver, CO – Sept. 19, 2013
The next Town Hall Meeting will be held in Denver, Colorado as part of the EnergySec 9th Annual Security Summit. This will be the 6th Town Hall meeting in our on-going series of electric sector cybersecurity moderated discussions. Be sure to put this meeting on your calendar! It’s certain to be another great conversation […]
IBM: Cyber-Security Practices Key for Electric Power Sector | eWEEK
With the threat of cyber security breaches impacting the electric power sector increasing, IBM has come up with a set of best practices for energy and utility organizations to adopt and live by. At an event featuring leaders from various parts of the electric power ecosystem here, IBM opened up the floor for discussion about […]
The SCADA Security Survival Guide | CSO Online – Security and Risk
“There does exist this major disconnect between the people who do SCADA/ICS operations and engineering and the people who do IT security. They’re each convinced that they know what is good and true, and they’re not listening much to each other,” says James Arlen, utility security expert and senior consultant at Leviathan Security Group. Additionally, […]
ICS-CERT Examines 3 Years of Data to Reveal Common Vulnerabilities for Critical Asset Owners | SecurityWeek.Com
Lack of formal documentation, event monitoring, and permissions and privileges control, remain common among industrial control system environments, according to the Department of Homeland Security. The assessment identified security gaps in the enterprise and control system networks for over 230 critical asset owners, the Industrial Control Systems-Computer Emergency Response Team (ICS-CERT) said in its latest […]
3 Tough Questions with Chris Jager | MSI :: State of Security
“Typically, industrial control systems are deployed in step with the physical equipment they are designed to manage. The physical equipment is often orders of magnitude more expensive than the ICS components that ship with it and may be designed for lifespans measured in decades. In short, upgrades seldom occur as they need to be engineered […]
Napolitano Urges Hill to Grant DHS, Others Regulatory Power on Executive Order Tasks | Bloomberg BNA
Homeland Security Secretary Janet Napolitano March 7 urged Congress to enact a comprehensive cybersecurity package that would assist the administration with advancing standards for critical parts of the private sector, among other goals. While the Department of Homeland Security and other agencies were directed under a recent executive order to promote industry adoption of cybersecurity […]
Cyber security advice from the field | Control Engineering
“In February, the SANS Institute held its ICS and SCADA Security Summit near Orlando, Fla. Control Engineering was able to spend some time with Michael Assante and Tim Conway, who were both on the program. Assante is currently ICS and SCADA lead for SANS, and was vice president and chief security officer at NERC. He […]
Nations Had Electric WMD For Years | Business Insider
“In a world with Weapons of Mass Destruction, deterrence is key. The recent discovery “Chinese” hackers of probing America’s electrical grid serves as a reminder of a potential cyber attack that could far surpass the destructive impact of Stuxnet, which is believed to have been released by the U.S. and Israel to attack Iranian industrial […]
The Case Against A Risk-Based Approach | Digital Bond
Ralph Langner’s paired with Perry Pederson for his first major paper at the Brookings Institution – Bound To Fail: Why Cyber Risk Cannot Be “Managed” Away. The authors write “The sober reality is that in respect to the cyber security of critical infrastructure, there is no empirical evidence that a risk-based approach, despite its near decade of […]