Blog

On May 29, 2009, the President of the United States gave a speech on securing our nation's cyber infrastructure. Despite the fact that we were in the height the great recession at the time, the importance for cyber security prompted immediate attention and awareness by the Executive office. 

When recounting, then recent attacks that led to the need to address cyber security, President Obama remarked, “In one brazen act last year, thieves used stolen credit card information to steal millions of dollars from 130 ATM machines in 49 cities around the world -- and they did it in just 30 minutes. A single employee of an American company was convicted of stealing intellectual property reportedly worth $400 million. It's been estimated that last year alone cyber criminals stole intellectual property from businesses worldwide worth up to $1 trillion.”

Read more

Cyber security leaders discuss intelligent defense at API conference

Of course anyone with the expertise and courage to pursue a career securing the oil industry is intelligent, but intelligence became the theme of the 9th annual American Petroleum Institute (API) Cybersecurity Conference in Houston last week.  Whether upstream, midstream or downstream, oil & gas companies heard from experts that a new era in cybersecurity is here. Perimeter defenses and firewalls no longer provide protection from APTs and the range of adversaries who target their companies’ most valuable assets and operations.

Read more

Release of ASM 6.0 was a significant milestone for Lockheed Martin and the Industrial Defender ASM solution stack. In a little more than two years from its first release ASM has captured the mindshare of the OT market. With ASM 6.0 we’ve introduced new applications and several key improvements to existing applications. After a successful controlled introduction process we are to happy to announce the general availablity to the market.

Industrial Defender solutions will be the standard across our entire fleet." – Leading US Utility

Read more

Primary objectives of hydroelectric control systems operators include ensuring operational stability and simplifying the task of meeting federal security and compliance requirements.

What's standing in their way? We've compiled a list of 10 major concerns facing operators in assuring the operational stability of all water management assets, as well as compliance with Federal Energy Regulatory Commission and NERC standards. These challenges can be broadly grouped into three major areas:

  • Business Practices
  • Infrastructure Management
  • Policy Considerations

Read more

Understanding the art and science of securing your environment

Cybersecurity is a gigantic topic. It’s more than just technology. It’s a careful mixture between art and science. Understanding the mechanics behind protecting, identifying and thwarting attacks, although crucial to the science of cybersecurity, represents only one side of the coin. Knowing your enemy, understanding the sociopolitical nuances of your environment, and predicting where you’re most likely to get attacked, that’s art.

Read more

Defining Cyber Concerns at 2014 ICS Cyber Security Conference

Joe Weiss has been beating the ICS Cyber Security drum for the past 12 years. Once again he summoned global critical infrastructure control systems engineers and asset owners working in operations management or in IT to join him for an annual conference. During the opening keynote Weiss articulated three challenges to achieving ICS cyber security in the context of collaborating with enterprise IT professionals.

Read more

We are wrapping up October, which is National Cyber Security Awareness Month, so today I want to share the ways citizens can help to support and build greater cyber resiliency.  

The purpose of National Cyber Security Awareness Month is to engage and educate public and private sector partners through events and initiatives with the goal of raising awareness about cyber security.  According to the Department of Homeland Security, Cyber Awareness Month aims to increase the resiliency of the nation in the event of a cyber incident.

The role of citizens is growing by leaps and bounds as it relates to thwarting and potentially curbing cyber attacks. In my mind, this role can be bolstered by the following three actions:

Read more

Fact: Being compliant is not being secure and being secure is not being compliant. Can electric utilities blend compliance and security objectives to leverage the same tools, people and time?

Compliance keeps you compliant. Security keeps you safe.”

Mark Weatherford of the Chertoff Group was very emphatic on this point in this month’s EnergyCentral webcast saying, “Compliance is not security. We should all have that tattooed somewhere on our body.”

Read more

This month marks the 10th anniversary of National Cyber Security Month in the U.S. and DHS.gov is dedicating the third week of the month to awareness on the topic of cyber security as it relates to critical infrastructure and the internet of things. This month is a great opportunity to raise awareness on the importance of cyber security with your customers, your employees and your boards. 

Read more

SANS European ICS Security Summit: Field Report

Don’t even think about ICS cyber security if you don’t first know what assets and software you have running in the ICS. You can’t start to assess your risk, if you don’t know what you have running.” 
– Ralph Langner, SANS EMEA ICS Summit

There’s an intensifying sense of urgency to protect critical infrastructure from cyber threats perpetrated by an accumulating cast of threat actors amid percolating geo-political crisis.  While SANS is known for training security professionals in both IT and OT security, their summits tend to attract thought leaders rather than practitioners and this year’s European SANS ICS Security Summit was no exception. Hosted by Mike Assante with a speaker lineup that included leaders from CERT-EU, ENCS, ABB, Rockwell, Siemens, as well as leading experts such as Ralph Langner, Jonathan Pollett – to name a few – there was no shortage of experts taking the podium.

Read more