Friday, March 30, 2012

Cyber Security: Hackers HIt Military Networks

Once again, hackers have infiltrated some of the most Critical Infrastructure U.S. has, Military Networks.  Adding to the list of DoD sites, NASA, foriegn Government military establishments.

Hackers Infiltrate U.S. Military Networks - Topix

Tuesday, March 27, 2012

Cyber Attacks Up for both Private and Public Sector

According to a recent report from the White House Office of Management and Budget (OMB).  Cyber attacks are up across the board for both Private and the Public sectors.

Monday, March 26, 2012

SCADA Cyber Security for Water Treatment

- Abstract
Supervisory Control And Data Acquisition (SCADA) systems are used throughout the Water and Wastewater industry to monitor and control the processes which allow them to provide reliable affordable high quality water and services to their customers.  In 2003, the Homeland Security Presidential Directive 7 (HSPD7) identified Water as one of its critical infrastructures.

Thursday, March 22, 2012

Are your Remote Access points cyber secure?

Cyber Securtity researcher Dan Kaminsky, recently reported that Remote Desktop Protocol (RDP) vulnerability in Windows has a potential attack surface equal to millions of systems.  As reported in this Security Week  article At Least 5 Million Endpoints on the Internet Are Speaking RDP, Says Researcher.

Tuesday, March 20, 2012

SCADA Cyber Security and your smartphone

Security of your smartphone affecting your Industrial control system?

I have become dependent on my smart phone.  I suspect you have too?  Have you considered the possible attack vectors we open up while leveraging all these great features on these important little devices.

I know with my Blackberry, I download music, movies, files, email, pictures, apps,  etc.    It connects to Cellular wireless networks along with Wi-Fi and Bluetooth.  If not configured correctly it could associate with rogue Cellular base stations that “bad actors” prop up to either steal your information or send malware to your phone.       You can also become a carrier of malware from downloading apps, files, music and pictures of Cellular or Wifi networks.   How about access via Bluetooth?

So, how does this affect other systems?   While not overlooking the risk of  losing your own data on the phone, having accounts hijacked etc, you also risk every system that you connect your phone to.   While I travel, I was using my laptop as my charger.    Using the supplied USB cable I connect my phone to my laptop and let it “Charge” but ignoring the fact that I’m connecting a USB drive to my system that could possibly infect it. I suspect this could be an overlooked practice on any system with the USB connector exposed.  Not only do we need to manage our thumb drives we have to consider everything we connect to these systems even when in the past we consider them benign.  

Some things to consider for your smartphone:
1.        Configure your phone to only join trusted networks
2.       Beware of Apps and any file downloads.
3.       Keep your phones OS up to date
4.       Set a screen lock and password ….and use it.
5.       Don’t hack your phone…ie Jail Break it.    
6.       Consider some of the phone locator apps to locate your lost phone.

Does it sound like a stretch?  Maybe it is…but I would hope this might make you consider these little overlooked attack vectors.

Six Things Management Needs to Know about Cyber Security Compliance

Critical to the success of any cyber security initiative is a clear understanding of what a compliance program is.

Six Things Management Needs To Better Understand About Compliance - Dark Reading

Monday, March 12, 2012

Cyber Security Threat #1 ... Weak Passwords

Weak or poor Password policies continues to be a major weakness in Cyber Security programs.  Did you know that 5% off passwords invloved a variation on the word "Password"? 

If You're Using 'Password1,' Change It. Now. - Technology News Story - KVIA El Paso

Monday, March 5, 2012

Cyber Security Advisor Newsletter



Volume 5 of our Critical Infrastructure and Security Practice(CISP) newsletter focuses on “Government Influence” on cyber security and critical infrastructure.