The Shellshock vulnerability has put most of the operational technology (OT) world into a state of panic. Especially, it has been very confusing to OT operators in the critical infrastructure industries on how to deal with it. Here is a step-by-step process on what the OT operators can do to get a handle on the vulnerability.
The cloud might not be raining on industrial control rooms anytime soon, but IT departments in critical infrastructure industries will want the cost advantages and flexibility offered by cloud computing in all its forms. As IT and OT collaborate on projects to secure industrial control systems environments, cloud security will be an emerging topic.
Recently, Hold Security, a firm in Milwaukee, announced that a Russian crime ring had stolen 1.2 billion user credentials and 500 million e-mail addresses from 420,000 websites. According to an article by the New York Times, if true, the cyber-heist would be the largest in history.
Hold Security did not name the victims of the attack, citing nondisclosure agreements with victim companies.
In the face of attacks like this, it would be nice if Chief Information Security Officers (CISOs) had a crystal ball to keep their networks safe. But that's not really necessary. Attacks like this are as defendable as they are inevitable with the use of emerging tools including threat intelligence and outcome-based cybersecurity.
Last month, we took a look at the current landscape of minorities in cybersecurity and IT with a particular emphasis on women in those fields. Both personally and professionally, I feel that diversity is an important aspect of an effective cybersecurity approach, and can help fill the gap managers have to meet the demands for more talented cyber-professionals in today’s IT environment.
A couple of years ago, Frost and Sullivan released a study that shows that information security discipline is not evolving fast enough:
The recent EnergySec Security Summit in Austin, TX offered a SANS Institute course on NERC CIP readiness. The Lockheed Martin Industrial Defender Solutions team attended the 4-day event including the SANS curriculum. There were many a great sound bite that caught our attention and sparked conversation. Here are some of our favorites:
One emotion few of my peers experience is the feeling of walking into a room and being the only woman - and it didn't matter whether I was visiting a Security Operations Center (SOC), attending a Chief Information Security Forum or meeting with Information Security leaders in various industries. Meeting after meeting and at all levels, I have concluded that the low numbers of women and minorities working within cybersecurity and across the IT discipline is a concern from a personal standpoint and a business risk that I feel few recognize.
The cybersecurity industry continues to grow at an incredible rate. A recent study by the organization Women in Cybersecurity found that security professionals worldwide are expected to increase to nearly 4.2 million by 2015. Although women hold 56 percent of all professional jobs in the U.S. workforce, only 25% of all IT jobs are held by women (ncwit.org).
Having diversity drives the intelligence-driven acumen behind an effective cybersecurity infrastructure."
Quick - what do you think of when I say "Lockheed Martin"?
Of course you do! Over the past 100 years Lockheed Martin has built a global reputation on the backs of high profile defense contracts. But Lockheed Martin offers more defense than you may have realized. Perhaps one of the best kept secrets that's not a secret after all is Lockheed Martin also delivers commercial cyber security business solutions to critical infrastructures among the Fortune 500; 79% of utilities, 35% of oil & gas and 46% of chemical processing.
In a recent visit to the Global Vision Center in Arlington, VA I toured the facility's 100 Moments exhibit. From witnessing Amelia Earhart's records (plural), to Air Force One, to the International Space Station solar array panels - the Lockheed Martin mark has proven to be a symbol of innovation. The centennial mission, "Helping the Future Arrive" includes tackling the challenges faced by critical infrastructures.
To that end, Lockheed Martin combines the intel analytic capabilities provided to the Department of Defense for decades with available technology to bring something unique and different to critical infrastructure markets including electric utilities, oil & gas and chemical processing.
As a global security company and as a member of the cyber defense community, Lockheed Martin joins their competitors and colleagues on a weekly basis to share relevant intelligence that can help all parties better protect the interests of the critical infrastructures they serve.
The critical systems and networks of our customers come under attack every day. And every day we continue to safeguard some of the most sensitive information and mission-critical systems in the world. Lockheed Martin’s Computer Incident Response Team has created an intelligence-driven defense process, Cyber Kill Chain®, which allows cyber security professionals to proactively remediate and mitigate advanced threats in the future.
There are seven steps every Advanced Persistent Threat (APT) and attacker must take to accomplish their mission.
The expanded use of mobile technology could potentially create havoc in the right hands, especially when acquiring passwords and sensitive information for espionage."
Last week, we talked about how cyber security is like Chess. In order to be effective, you have to prepare and anticipate your opponent’s moves and styles of attack before they happen. Today we will look at the other side of the cyber coin: attackers. What future capabilities do we think they will have, and what can we do to start preparing for them?