Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Guest Blog Post

 

GUEST ESSAY: A call for immediate, collective action to stem attacks on industrial control systems

By Andrew Kling

As the Industrial Internet of Things continues to transform the global industrial manufacturing and critical infrastructure industries, the threat of aggressive, innovative and dangerous cyber-attacks has become increasingly concerning.

Related: The top 7 most worrisome cyber warfare attacks

Adopting modern technology has revealed a downside: its interconnectedness. The vast web of connectivity has expanded the number of potential entry points for hackers. Unfortunately, you can never trust your systems are safe from intrusion. Many of today’s progressively bold, innovative attacks are perpetrated by malicious actors, such as nation-states, who have unlimited time, resources and funding.

One year ago, cybersecurity experts discovered the world’s first known cyberattack on a safety instrumented system. This incident, most commonly referred to as Triton, remains a call to action for the global industrial process and manufacturing industry.

In the year since this attack, the industry has taken a step forward in cyber preparedness. We see plant asset owners addressing cyber risks with more vigilance, and vendors hardening their solutions with cybersecurity built directly into the product offer.

These are important and positive steps. But there is a long way to go; so, where should we focus our attention?

Resiliency needed

Building cybersecurity resilience is an ongoing pursuit, one that ensures our systems and assets operate reliably and safely—at all times—in our digital world. Fifteen years ago, the cyber threats we all face today were unimaginable.

But the business synergies and financial implications of implementing interconnected, automated industrial systems make it a no-brainer for manufacturers to pursue. However, it’s a risk/reward situation, and as an industry, we must continuously address the threat of cyber warfare in this pervasively connected world.

Many of the legacy, pre-IIoT critical infrastructure systems we installed decades ago, when cybersecurity wasn’t even …more

GUEST ESSAY: 6 best practices that will help protect you company’s digital assets in the cloud

By Mike James

More businesses than ever before are choosing to move their IT infrastructure and systems to cloud solutions such as Amazon Web Services and Microsoft Azure. There are many reasons to choose a cloud solution including increased flexibility and scalability, as well as reduced cost. In fact, a recent study of nearly 200 businesses and entrepreneurs found that 76% are looking to cloud solutions in order to increase the efficiency of their business.

Related: Why identities are the new firewall

James

But some organizations make the mistake of assuming that storing data in the cloud makes it automatically safe and secure. The truth is, that public and private cloud networks are just as vulnerable to attack by cyber criminals as on-premise environments, so to ensure the safety of your data, it is essential that you should put appropriate controls in place to protect data wherever it is resides. Here are seven best practices:

•Monitor your cloud networks. It is important to achieve visibility of activity in your cloud networks, as this can help you to monitor and identify malicious activity before it becomes a problem. If you don’t have the sort of technical expertise in-house to make this possible, managed detection and response services can provide you with the manpower, tools and threat intelligence to monitor your networks 24/7 and swiftly respond to attacks.

•Make sure networks and applications are configured correctly. Regularly examining and assessing cloud infrastructure to ensure that networks and applications are securely configured is another important step. It is unfortunately the case that a large percentage of security breaches against cloud platforms are due to basic security negligence. Vulnerability scanning and penetration testing can help to identify weaknesses and areas where networks have not been configured correctly. Exposures can then be addressed and rectified before they are exploited by criminals. …more

GUEST ESSAY: A case for moving beyond SIEMS, UEBAs to ‘real-time threat hunting’

By Rick Costanzo

Understanding today’s cybersecurity landscape is complex. The amount of threats aimed at enterprises is staggering. More than 230,000 new malware samples are launched every day. The average small and medium-size business experiences a cyber attack 44 times every day. And the cost of damage directly related to cybercrime is adding up, expected to reach $6 trillion by 2021, according to Cybersecurity Ventures.

Related article: SIEMs strive for a comeback

Costanzo

The painful impact of cyber attacks on businesses is worsening despite advances in technology aimed at protecting enterprises from malicious network traffic, insider threats, malware, denial of service attacks and phishing campaigns.

This has left many CISOs questioning if today’s incumbent cybersecurity solutions are enough.

Categorizing solutions

Over the past decade, cyber security solutions have evolved into specific categories of solutions.  Grouping similar items into categories serve a particular purpose. They help compartmentalize.  They help rank. They help compare.

For example, sports cars represent an entirely different category of vehicles than luxury vehicles. It is easier to compare features and capabilities of one sports car with another sports car than it is to compare a sports car with a luxury vehicle.

Categories of cybersecurity solutions, like many categories in IT, have been defined by third parties. Many vendors devote significant resources to be highly positioned in coveted reports issued by these third parties. However, the reality is many of these third parties are interested observers. They are not on the front lines fighting the cybersecurity battle. …more

GUEST ESSAY: Theft of MQ-9 Reaper docs highlights need to better protect ‘high-value assets’

By Sherban Naum

The discovery of sensitive U.S. military information for sale on the Dark Web for a nominal sum, in and of itself, is unfortunate and unremarkable.

However, details of the underlying hack, ferreted out and shared by researchers of the Insikt Group, an arm of the security research firm Recorded Future, are most welcomed. They help frame wider questions, and pave the way for improved best practices.

Here is what is known thus far: Team members of the Insikt Group encountered an English-speaking hacker who jumped on a Dark Web forum to pitch the sale of MQ-9 Reaper UAV docs for $150 to $200. The hacker/salesman also had other unclassified military intelligence for sale: an M1 Abrams tank maintenance manual, a tank platoon training course, a crew survival course, documentation on improvised explosive device (IED) mitigation tactics; he even claimed to have access to footage from a MQ-1 Predator drone.

The Insikt Group determined that the hacker/seller must have accessed a Netgear router with misconfigured FTP login credentials. This raises wider questions about data security best practices, not to mention the wider contractor support community. …more

GUEST ESSAY: Here’s why Tesla has been sabotaged twice in two years — lax network security

By Igor Baikalov

The disclosure earlier this week that Tesla CEO Elon Musk reportedly informed all of his employees about a rogue worker conducting “extensive and damaging sabotage” to the company’s operations very much deserves the news coverage it has gotten.

Related: The ‘golden age’ of cyber spying is upon us

Musk reportedly sent out an internal email describing how an unnamed insider allegedly made unspecified code changes to the company’s manufacturing systems. The news agency Reuters, which viewed a copy of Musk’s email, quotes it as saying: “The full extent of his actions are not yet clear, but what he has admitted to so far is pretty bad . . . His stated motivation is that he wanted a promotion that he did not receive.”

For now the company is investigating the matter, focused on determining if the employee acted alone, or with co-conspirators.

Baikalov

For a cutting-edge company like Tesla, its security practices seem to be pretty lax, especially in light of previous suspicions of sabotage two years hence. In 2016, the company sued a former oil-services executive for impersonating Musk while crafting an email message sent to former Tesla CFO Jason Wheeler. The lawsuit describes how that email was part of an oil-industry effort to undermine the company’s push for energy-efficient transportation.

Fast forward to this week. Based on the limited information available, the alleged saboteur was able to accomplish a series of pretty advanced steps to access and inflict damage on the company jewels. This included:

•Hijacking other employees’ accounts to gain access to sensitive systems and data.

•Modifying production code affecting manufacturing operations.

•Exfiltrating highly sensitive data to external third parties.

Each one of these steps should be sounding alarms in a well-protected environment, as these are the most watched insider activities, and their concentration around a single person would be a huge risk booster. …more

GUEST ESSAY: 3 key ingredients to stress-free compliance with data handling regulations

By Izak Bovee

The variety of laws and regulations governing how organizations manage and share sensitive information can look like a bowl of alphabet soup: HIPAA, GDPR, SOX, PCI and GLBA. A multinational conglomerate, government contractor, or public university must comply with ten or more, which makes demonstrating regulatory compliance seem like a daunting, even impossible, undertaking. But there are a manageable number of precautions you can take to secure customer data that will tick the boxes for many different regulations.

Organizations that have control of their information have an easier time demonstrating compliance with regulations. Passing a compliance audit boils down to proving to auditors that your organization has implemented three fundamental things:  adequate data security, …more

GUEST ESSAY: DHS tackles supply-chain issues over malware-laden smartphones

By Vincent Sritapan

At the Black Hat security conference last August, researchers from the security firm Kryptowire announced that they’d discovered Amazon’s #1-selling unlocked Android phone, the BLU R1 HD, was sending Personally Identifiable Information (PII) to servers in China. The culprit was a piece of firmware update software created by AdUps Technologies, a company based in Shanghai.

Related article: How enterprises address mobile security

For many members of the audience, it was a major episode of deja vu. Just eight months earlier, the same company, Kryptowire, had announced they had discovered the exact same backdoor in AdUps software running on the exact same BLU phone. BLU claimed then that the existence of the backdoor was a mistake, and that the problem …more