“In case you missed it, the cybersecurity firm Mandiant just released a bombshell report (pdf) on how nearly 150 sophisticated hacking attempts against American corporations and government agencies over the past decade almost certainly originated from a single Shanghai office building controlled by People’s Liberation Army (PLA). The hacking group, dubbed APT1 in the report, […]
Archive | News RSS feed for this section
Meet the 3 Chinese Hackers Pwned By Mandiant | Mother Jones
Read More 0 Comments
Security Convergence Went Nowhere | 451 Security
“A topic in security media around four years ago was ‘convergence,’ an irritatingly generic word used to describe the fusion of physical and information security disciplines under a single umbrella. This largely came into view based on a steady evolutionary path that saw the bulk of resources used to protect corporate assets shift from the […]
Read More 0 Comments
White House: Executive order is not magical, cyber bill still needed | The Hills Hillicon Valley
Andy Ozment, a senior director for cybersecurity at the White House, said Wednesday that an executive order aimed at securing critical infrastructure from cyberattacks wont replace the need for comprehensive legislation. “I think its worth highlighting that an executive order is not magical. It doesnt create new power or authorities for any government agency,” Ozment […]
Read More 0 Comments
Obama to issue cybersecurity executive order this month | Computerworld
“President Barack Obama is expected to issue a cybersecurity executive order in the days after his Feb. 12 State of the Union address. The long-expected executive order will create a voluntary program that will call for companies in critical infrastructure industries to agree to adopt a minimum set of security standards created by the government, […]
Read More 0 Comments
Interview: Critical Infrastructure Security Perspectives From Bruce Schneier
A couple weeks ago we asked Bruce Schneier if he would be kind enough to respond to a few questions about security related to critical infrastructures such as the power grid. We are delighted and honored that Mr. Schneier would take the time from his busy schedule to answer our request! Below is a perspective that […]
Read More 2 Comments
CSSP says infrastructure company intrusion detection, forensic capabilities critical | Government Security News
“In an update of Cyber intrusion strategies on Jan. 22 , The DHS National Cyber Security Division’s Control Systems Security Program (CSSP) said sophisticated and targeted cyber intrusions have increased in recent months against owners and operators of industrial control systems across multiple critical infrastructure sectors. In response to those attacks, CSSP updated its recommendations […]
Read More 0 Comments
Growing attack surfaces require new security model | TechRepublic
Editor’s note: This is not an electric sector specific article; however, the topic is relevant. When reading this article, consider the perimeters being established within your control networks and the fact that a large majority of utilities have not completely isolated connectivity from other (untrusted) networks (e.g., corporate networks, required 3rd party information connections, remote […]
Read More 0 Comments
Energy sector cyberattacks jumped in 2012. Were utilities prepared? | CSMonitor.com
“Energy companies were clearly in the cyber bullseye in 2012, targeted in 41 percent of the malicious software attack cases reported to a special Department of Homeland Security (DHS) team that responds to cyberattacks on industrial computer networks. The overall number of attacks remained flat at 198 incidents for the year, the same as 2011. […]
Read More 0 Comments
Information Sharing vs. Incident Response
In the world of cybersecurity where there are so many overlapping perspectives, roles, and missions, it is easy for even seasoned veterans to mistake common practice with actual requirements. One area where this is prevalent is “Information Sharing.” Many of the organizations that provide information to us are also incident responders in one capacity or […]
Read More 0 Comments
Self-Correcting Cyber Policies: Pathway to Convergence of Compliance and Security
The following is an excerpt of the executive Summary from Stephen Flanagan’s¹ whitepaper entitled Self-Correcting Cyber Policies: Pathway to Convergence of Compliance and Security. Version 5 of the Critical Infrastructure Protection (CIP) standards includes language requiring registered entities to create self‐correcting policies. When coupled with changes to the underlying Compliance Management and Enforcement […]
Read More 0 Comments
