Codifying the Process: Outsiders Gain Insider Advantage

I was at Black Hat 2017 last week and was impressed with the Industroyer /Crashoverride: Zero Things Cool About a Threat Targeting the Power Grid  presentation by ESET and Dragos Security. The teams outlined well how the attack was executed. One of the big takeaways was that attackers did not exploit a vulnerability or zero day to bring down Ukrainian power. Robert Lee from Dragos Security put it well when he said that... Read more

When White Hats Go Grey

The way it’s supposed to work, white hat security researchers find vulnerabilities and report them to the offending company giving that company time to provide a patch before the vulnerabilities are published. It is what “good guys” do.Cybersecurity company Medsec took a different path. After discovering vulnerabilities in St. Jude Medical’s pacemakers and defibrillators, they approached... Read more

A Tale of Two Lines

Change is part of daily industrial operations. Detecting a change and assessing the validity of that change are critical to effective ICS cybersecurity. Let’s say, for instance, that two lines have been removed from an SIS configuration file. Now let’s say this change blinds the operator to the availability of the SIS.How will you know this configuration change occurred? This particular change happens deep... Read more

Are We Chasing Our Tail?

Recent security alerts say your car isn’t secure and can be remotely controlled. Your house isn’t secure and can let the bad guys unlock the doors. Your watch isn’t secure and can let your confidential information out. Where does this end?As anyone in the security world will tell you, there is no such thing as a completely secure system. There are just levels of... Read more

When a Cybersecurity Stranger Calls

Ever since I was a kid, certain movies have stuck with me, surfacing unexpectedly. Some because they are irreverently funny; I still quote Caddyshack when on a golf course. Others because they explore some element of humanity; think The Deer Hunter and Apocalypse Now. And others simply scare the ever loving you-know-what out of me; The Exorcist was definitely one of those. The movie ... Read more

Displaying results 1-5 (of 6)
 |<  < 1 2  >  >|