WannaCry: A Serious Threat and Patching Challenge for Critical Infrastructure

It happened. The ransomware known as WannaCry was confirmed this week as having made it into industrial process facilities. This should put all companies who rely upon industrial control systems (ICS) – particularly companies classified as critical infrastructure – on high alert. Why? Because the choices available to protect the systems within an industrial facility’s network are much more... Read more

Avoid the ICS Cybersecurity Blind Spot

The Verizon Data Breach Investigations Report (DBIR) is as interesting for the unexamined risks as it is for the examined ones. If you look at the cyber assets on which the report gathered security data (page 10), there is not a single industrial control system (ICS) category listed. Why is this important? Because ICS are the systems that have direct responsibility for running volatile chemical and oil... Read more

When White Hats Go Grey

The way it’s supposed to work, white hat security researchers find vulnerabilities and report them to the offending company giving that company time to provide a patch before the vulnerabilities are published. It is what “good guys” do.Cybersecurity company Medsec took a different path. After discovering vulnerabilities in St. Jude Medical’s pacemakers and defibrillators, they approached... Read more

Are We Four Lines of Python Away from Cybersecurity Trouble?

A USA Today reporter recently interviewed the guys who hacked the Jeep Cherokee last year. One of the white hats said something that was particularly distressing. He said that he wrote “four lines of python and owned [had access to] 1.4 million cars.” What gets me is not that he did it (he revealed their hack to Fiat/Chrysler before publishing), but that a hunk of metal traveling down the road at 60 or... Read more