Blog

We are wrapping up October, which is National Cyber Security Awareness Month, so today I want to share the ways citizens can help to support and build greater cyber resiliency.  

The purpose of National Cyber Security Awareness Month is to engage and educate public and private sector partners through events and initiatives with the goal of raising awareness about cyber security.  According to the Department of Homeland Security, Cyber Awareness Month aims to increase the resiliency of the nation in the event of a cyber incident.

The role of citizens is growing by leaps and bounds as it relates to thwarting and potentially curbing cyber attacks. In my mind, this role can be bolstered by the following three actions:

Read more

Fact: Being compliant is not being secure and being secure is not being compliant. Can electric utilities blend compliance and security objectives to leverage the same tools, people and time?

Compliance keeps you compliant. Security keeps you safe.”

Mark Weatherford of the Chertoff Group was very emphatic on this point in this month’s EnergyCentral webcast saying, “Compliance is not security. We should all have that tattooed somewhere on our body.”

Read more

This month marks the 10th anniversary of National Cyber Security Month in the U.S. and DHS.gov is dedicating the third week of the month to awareness on the topic of cyber security as it relates to critical infrastructure and the internet of things. This month is a great opportunity to raise awareness on the importance of cyber security with your customers, your employees and your boards. 

Read more

SANS European ICS Security Summit: Field Report

Don’t even think about ICS cyber security if you don’t first know what assets and software you have running in the ICS. You can’t start to assess your risk, if you don’t know what you have running.” 
– Ralph Langner, SANS EMEA ICS Summit

There’s an intensifying sense of urgency to protect critical infrastructure from cyber threats perpetrated by an accumulating cast of threat actors amid percolating geo-political crisis.  While SANS is known for training security professionals in both IT and OT security, their summits tend to attract thought leaders rather than practitioners and this year’s European SANS ICS Security Summit was no exception. Hosted by Mike Assante with a speaker lineup that included leaders from CERT-EU, ENCS, ABB, Rockwell, Siemens, as well as leading experts such as Ralph Langner, Jonathan Pollett – to name a few – there was no shortage of experts taking the podium.

Read more

All-day Industrial Defender ASM workshop in Amsterdam a success with European customers.

Lockheed Martin Industrial Defender conducted an all-day workshop on September 23 in Amsterdam, Netherlands with our European Technical Advisory Council (TAC). The purpose of the European TAC conference, comprising of a select group of our European customers, was to gather feedback from customers on Industrial Defender solutions with a focus on understanding the pain points in their operations and how Industrial Defender solutions can help. We shared the Lockheed Martin Industrial Defender Solutions product roadmap and moderated the free exchange of ideas amongst the customers on supporting security and compliance for Industrial Control Systems (ICS) in Europe and beyond.

Read more

The Shellshock vulnerability has put most of the operational technology (OT) world into a state of panic. Especially, it has been very confusing to OT operators in the critical infrastructure industries on how to deal with it. Here is a step-by-step process on what the OT operators can do to get a handle on the vulnerability.

Read more

The cloud might not be raining on industrial control rooms anytime soon, but IT departments in critical infrastructure industries will want the cost advantages and flexibility offered by cloud computing in all its forms. As IT and OT collaborate on projects to secure industrial control systems environments, cloud security will be an emerging topic. 

Read more

Five-question checklist for improved cyber situational awareness

Recently, Hold Security, a firm in Milwaukee, announced that a Russian crime ring had stolen 1.2 billion user credentials and 500 million e-mail addresses from 420,000 websites. According to an article by the New York Times, if true, the cyber-heist would be the largest in history.

Hold Security did not name the victims of the attack, citing nondisclosure agreements with victim companies.

In the face of attacks like this, it would be nice if Chief Information Security Officers (CISOs) had a crystal ball to keep their networks safe. But that's not really necessary. Attacks like this are as defendable as they are inevitable with the use of emerging tools including threat intelligence and outcome-based cybersecurity.

Read more

Last month, we took a look at the current landscape of minorities in cybersecurity and IT with a particular emphasis on women in those fields. Both personally and professionally, I feel that diversity is an important aspect of an effective cybersecurity approach, and can help fill the gap managers have to meet the demands for more talented cyber-professionals in today’s IT environment.

A couple of years ago, Frost and Sullivan released a study that shows that information security discipline is not evolving fast enough:

Read more

How NERC CIP v5 is igniting a more collaborative approach to critical infrastructure cyber security 

The recent EnergySec Security Summit in Austin, TX offered a SANS Institute course on NERC CIP readiness. The Lockheed Martin Industrial Defender Solutions team attended the 4-day event including the SANS curriculum. There were many a great sound bite that caught our attention and sparked conversation. Here are some of our favorites:

Sound-bite-ROSound-bite-BHSound_bite_KL

What do these summit sound bites mean for ICS management?

Read more