Codifying the Process: Outsiders Gain Insider Advantage

I was at Black Hat 2017 last week and was impressed with the Industroyer /Crashoverride: Zero Things Cool About a Threat Targeting the Power Grid  presentation by ESET and Dragos Security. The teams outlined well how the attack was executed. One of the big takeaways was that attackers did not exploit a vulnerability or zero day to bring down Ukrainian power. Robert Lee from Dragos Security put it well when he said that... Read more

ICS Cybersecurity Cognitive Dissonance

ICS Cybersecurity's Cognitive Dissonance

In the recently released survey from SANS, Securing Industrial Control Systems—2017, there were two results that stood out more than most. The first came from a question assessing which control systems had the greatest impact if compromised and exploited; the second related to which systems had the strongest data collection and analysis. In the case of impact, survey respondents ranked computer assets with... Read more

Ready, Set…Hang On, Maybe We Are Not Ready

Recently, the NATO Cooperative Cyber Defence Center of Excellence (CCDCOE) executed their annual Locked Shields exercise in which participating blue team countries defended networks from a NATO-supported red team attacks. In 2016, participating countries saw industrial control systems added to the list of cyber assets they were required to defend. So, how did the U.S. do in this exercise? Unfortunately, in its inaugural... Read more

When White Hats Go Grey

The way it’s supposed to work, white hat security researchers find vulnerabilities and report them to the offending company giving that company time to provide a patch before the vulnerabilities are published. It is what “good guys” do.Cybersecurity company Medsec took a different path. After discovering vulnerabilities in St. Jude Medical’s pacemakers and defibrillators, they approached... Read more

Are We Four Lines of Python Away from Cybersecurity Trouble?

A USA Today reporter recently interviewed the guys who hacked the Jeep Cherokee last year. One of the white hats said something that was particularly distressing. He said that he wrote “four lines of python and owned [had access to] 1.4 million cars.” What gets me is not that he did it (he revealed their hack to Fiat/Chrysler before publishing), but that a hunk of metal traveling down the road at 60 or... Read more

Displaying results 1-5 (of 14)
 |<  < 1 2 3  >  >|