Friday, May 31, 2013

Cyber Security: Dell Tablet Giveaway extended to June 7

We are extending the Dell Tablet Giveaway though Friday, June 7! Although we got many great survey responses, many survey takers did not leave comments saying they took the survey for the qualifying posts. For those of you who took the surveys but forgot to say so in the comments section, now is the time go back and do so to increase your chances of winning!

If you are new to the giveaway contest, here are the rules:

Dell Tablet Giveaway

We want to hear from you, so we're giving away a Dell tablet! Keep up to date with the Invensys cyber security team through a pre-loaded Android app and have easy access to The Cyber Advisor Newsletters as well as datasheets and service profiles about our solutions.

During the month of May, there will be 2 blog entries a week that contain a link to a survey related to that post. The rules are simple. To qualify, you must take the survey and leave a comment saying you completed the survey.  The more blogs you read, the more surveys you take, the greater your chances of winning. The winner will be announced on the blog June 7, so please remember to check back!


Qualifying Dell Tablet Giveaway blog entries and survey links can be found below:

Cyber Security: Nuclear Cyber Security Compliance
Cyber Security: Cyber criminals responsbile for world's largest bank heist
Cyber Security: ICS-CERT Vulnerability Summary for Week of May 6
Cyber Security: Nuclear Incident Response
Cyber Security: Hack the hacker
Cyber Security: Cyber Security Life Cycle

Thursday, May 30, 2013

Cyber Security: Cyber Security Life Cycle

Cyber security cannot be maintained from a one-time initiative. Learn about a methodology designed to keep your site cyber secure well into the future.



Want to win a Dell Tablet? Read the rules below and take the survey for this post here

**Remember, if you take the survey, please leave a comment with your name and let us know you took it!**

Dell Tablet Giveaway

We want to hear from you, so we're giving away a Dell tablet! Keep up to date with the Invensys cyber security team through a pre-loaded Android app and have easy access to The Cyber Advisor Newsletters as well as datasheets and service profiles about our solutions.

During the month of May, there will be 2 blog entries a week that contain a link to a survey related to that post. The rules are simple. To qualify, you must take the survey and leave a comment saying you completed the survey.  The more blogs you read, the more surveys you take, the greater your chances of winning. The winner will be announced on the blog May 31, so please remember to check back!

Wednesday, May 29, 2013

Cyber Security: ICS-CERT Vulnerability Summary for Week of May 20

Click the link below to view the summary of cyber security vulnerabilities for the week of May 20 as collected and reported by ICS-CERT.


http://www.us-cert.gov/ncas/bulletins/SB13-147



Cyber Security: Hack the hacker

The IP commission is urging Congress to legalize cyber attacks against hackers to fight cyber crime. Read more at this link: http://www.albanytribune.com/27052013-congress-urged-to-legalize-cyber-attacks-to-fight-cybercrimes/


Want to win a Dell Tablet? Read the rules below and take the survey for this post here

**Remember, if you take the survey, please leave a comment with your name and let us know you took it!**

Dell Tablet Giveaway

We want to hear from you, so we're giving away a Dell tablet! Keep up to date with the Invensys cyber security team through a pre-loaded Android app and have easy access to The Cyber Advisor Newsletters as well as datasheets and service profiles about our solutions.

During the month of May, there will be 2 blog entries a week that contain a link to a survey related to that post. The rules are simple. To qualify, you must take the survey and leave a comment saying you completed the survey.  The more blogs you read, the more surveys you take, the greater your chances of winning. The winner will be announced on the blog May 31, so please remember to check back!

Tuesday, May 28, 2013

Cyber Security: Chinese hackers access major weapons systems

Chinese hackers have gained access to designs of more than two dozen major U.S. weapons systems. Read the full story here.

Thursday, May 23, 2013

Cyber Security: Government-mandated software vulnerabilities

A coalition of computer security experts claims that government-mandated software vulnerabilities would make computers and the Internet a lot less safe. Read the full story here.




Wednesday, May 22, 2013

Cyber Security: Lincolnshire hacker facing jail time

One of the hackers responsible for breaking into the computer systems belonging to the CIA, Pentagon, and NHS is facing jail time. Read the full story here.



Want to win a Dell Tablet? Read the rules below and take the survey for this post here

**Remember, if you take the survey, please leave a comment with your name and let us know you took it!**

Dell Tablet Giveaway

We want to hear from you, so we're giving away a Dell tablet! Keep up to date with the Invensys cyber security team through a pre-loaded Android app and have easy access to The Cyber Advisor Newsletters as well as datasheets and service profiles about our solutions.

During the month of May, there will be 2 blog entries a week that contain a link to a survey related to that post. The rules are simple. To qualify, you must take the survey and leave a comment saying you completed the survey.  The more blogs you read, the more surveys you take, the greater your chances of winning. The winner will be announced on the blog May 31, so please remember to check back!

Tuesday, May 21, 2013

Cyber Security: Nuclear Incident Response

Bill Owen, consultant for Invensys Critical Infrastructure & Security Practice, discusses the rules, requirements, and standard methods for preparing for incidents and provides methods for responding to actual events.

All nuclear power plants in the United States are regulated by the Nuclear Regulatory Commission (NRC) and are required to implement certain security controls. Any systems considered Safety, Security, Emergency Preparedness, and/or Support Systems (SSEP) are required by law (NRC 10.CFR.73.54) to have certain controls in place.

Cyber security programs at U.S. nuclear facilities are subject to 10.CFR.73.54, Protection of Digital Computer and Communication Systems and Networks, and must consider following Regulatory Guide (RG) 5.71, Cyber Security Programs for Nuclear Facilities, or an approved alternate method when implementing these programs. Accordingly, the Nuclear Energy Institute (NEI) developed an approved alternative to satisfy the rule, NEI 08-09 Revision 6: Operational, Management, and Security Controls. RG 5.71 and NEI 08-09 were both built on NIST 800-53 standards.

Cyber Security Plans (CSP) for all United States nuclear plants have been developed and the NRC has approved these plans. Section 4.6 of these Cyber Security Plans requires licensees to put in place a comprehensive Incident Response Plan (IRP). These plans are required to include processes to detect, deter, and respond to cyber attacks while mitigating the effects of the attacks and documenting forensic information (records) pertaining to the attacks if kept.

A cyber incident response capability must include several elements that are proactive in nature to prevent an incident or better allow the organization to respond when one occurs. These elements are green in Figure 1 and include planning, incident prevention, and post-incident analysis/forensics. Other elements center on detecting and managing an incident once it occurs. These are reactive in nature and are typically carried out under severe time constraints and great visibility. These elements, shown in red in Figure 1, include detection, containment, remediation, recovery, and restoration.


The figure above is from an excerpt of the Homeland Security October 2009 Recommended Practice, Developing an Industrial Control Systems Cyber Security Incident Response Capability document. Future articles will go more into detail in each of the areas identified above and provide details on how CISP can support the effort to put comprehensive Incident Response Plans in place and maintain them during the lifecycle of the Cyber Security Programs.



Want to win a Dell Tablet? Read the rules below and take the survey for this post here

**Remember, if you take the survey, please leave a comment with your name and let us know you took it!**

Dell Tablet Giveaway

We want to hear from you, so we're giving away a Dell tablet! Keep up to date with the Invensys cyber security team through a pre-loaded Android app and have easy access to The Cyber Advisor Newsletters as well as datasheets and service profiles about our solutions.

During the month of May, there will be 2 blog entries a week that contain a link to a survey related to that post. The rules are simple. To qualify, you must take the survey and leave a comment saying you completed the survey.  The more blogs you read, the more surveys you take, the greater your chances of winning. The winner will be announced on the blog May 31, so please remember to check back!


Monday, May 20, 2013

Thursday, May 16, 2013

Cyber Security: ICS-CERT Vulnerability Summary for Week of May 6


Click the link below to view the summary of cyber security vulnerabilities for the week of May 6 as collected and reported by ICS-CERT.

http://www.us-cert.gov/ncas/bulletins/SB13-133





Want to win a Dell Tablet? Read the rules below and take the survey for this post here

**Remember, if you take the survey, please leave a comment with your name and let us know you took it!**

Dell Tablet Giveaway

We want to hear from you, so we're giving away a Dell tablet! Keep up to date with the Invensys cyber security team through a pre-loaded Android app and have easy access to The Cyber Advisor Newsletters as well as datasheets and service profiles about our solutions.

During the month of May, there will be 2 blog entries a week that contain a link to a survey related to that post. The rules are simple. To qualify, you must take the survey and leave a comment saying you completed the survey.  The more blogs you read, the more surveys you take, the greater your chances of winning. The winner will be announced on the blog May 31, so please remember to check back!

Wednesday, May 15, 2013

Cyber security: Internet Explorer 8 users at risk of 'watering hole' attack

IE 8 users are at risk of 'watering hole' attacks. Read this article to understand how this attack operates and how to prevent the attack by enabling an important security measure.


Tuesday, May 14, 2013

Cyber Security: Cyber criminals responsible for world's largest bank heist

Cyber criminals stole over $45 million from banks worldwide in what may prove to be the world's largest bank heist, which targeted ATMs and several major corporations in the attack. Read the article here.


Want to win a Dell Tablet? Read the rules below and take the survey for this post here

**Remember, if you take the survey, please leave a comment with your name and let us know you took it!**

Dell Tablet Giveaway

We want to hear from you, so we're giving away a Dell tablet! Keep up to date with the Invensys cyber security team through a pre-loaded Android app and have easy access to The Cyber Advisor Newsletters as well as datasheets and service profiles about our solutions.

During the month of May, there will be 2 blog entries a week that contain a link to a survey related to that post. The rules are simple. To qualify, you must take the survey and leave a comment saying you completed the survey.  The more blogs you read, the more surveys you take, the greater your chances of winning. The winner will be announced on the blog May 31, so please remember to check back!

Thursday, May 9, 2013

Cyber Security: Nuclear Cyber Security Compliance

Being cyber compliant does not necessarily mean being cyber secure. Identify the keys common to both.



Want to win a Dell Tablet? Read the rules below and take the survey for this post here


Dell Tablet Giveaway

We want to hear from you, so we're giving away a Dell tablet! Keep up to date with the Invensys cyber security team through a pre-loaded Android app and have easy access to The Cyber Advisor Newsletters as well as datasheets and service profiles about our solutions.

During the month of May, there will be 2 blog entries a week that contain a link to a survey related to that post. The rules are simple. To qualify, you must take the survey and leave a comment saying you completed the survey.  The more blogs you read, the more surveys you take, the greater your chances of winning. The winner will be announced on the blog May 31, so please remember to check back!

Wednesday, May 8, 2013

Cyber Security: NCSC to offer course on how to respond to cyber attacks

The National Cyber Security Centre (NCSC), with the CERT Program of Carnegie Mellon University’s Software Engineering Institute (SEI), is offering spaces on a one-day course for Government departments and critical infrastructure operators on how to respond to cyber attacks. Read more here.


Tuesday, May 7, 2013

Cyber Security: ICS-CERT Vulnerability Summary for Week of April 30

Click the link below to view the summary of cyber security vulnerabilities for the week of April 30 as collected and reported by ICS-CERT.

http://www.us-cert.gov/ncas/bulletins/SB13-126


Cyber Security: The Global Cyber Advisor Newsletter – April 2013 Vol. 19


Welcome to the latest Global Cyber Advisor Newsletter,

Continuously Secure: Invensys continues to prove to the industry that we stay vigilant and help our customers develop their Cyber Strategies and secure their process environments. We have been helping our clients specifically with Cyber Security since Ernie Rakaczky established a team in 2001. Invensys has developed suites of products with complementary consulting, which are unmatched in the industry.

This month's Consultant's Corner is from Stephen Santee as he discusses staying continuously secure with network switches.

The Invensys Critical Infrastructure and Security Practice team has the skills and the resources to help our clients no matter what industry. We are structured to help with their entire cyber security program.We have essentially the world's largest vendor-based cyber security team that assists our clients in securing their entire environment. We understand that cyber security extends beyond a single system and our valued clients need assistance and advice for how to secure their entire plant infrastructure. Cyber security is so much more than firewalls and anti-virus software.  

We hope that each edition provides some valuable content to keep you up-to-date with cyber security and our clients' infrastructure needs. If you've missed our previous editions, you can find them at this location:   http://iom.invensys.com/EN/Pages/CyberSecurity-Newsletters.aspx
  

Click here to open the April 2013 newsletter.


Want to win a Dell Tablet? Read the rules below and take the survey for this post here


Dell Tablet Giveaway

We want to hear from you, so we're giving away a Dell tablet! Keep up to date with the Invensys cyber security team through a pre-loaded Android app and have easy access to The Cyber Advisor Newsletters as well as datasheets and service profiles about our solutions.

During the month of May, there will be 2 blog entries a week that contain a link to a survey related to that post. The rules are simple. To qualify, you must take the survey and leave a comment saying you completed the survey.  The more blogs you read, the more surveys you take, the greater your chances of winning. The winner will be announced on the blog May 31, so please remember to check back!

Thursday, May 2, 2013

Cyber Security: "White hat" hackers

Read about Seattle's "white hat" hackers who are working to protect your digital safety.



Want to win a Dell Tablet? Read the rules below and take the survey for this post here


Dell Tablet Giveaway

We want to hear from you, so we're giving away a Dell tablet! Keep up to date with the Invensys cyber security team through a pre-loaded Android app and have easy access to The Cyber Advisor Newsletters as well as datasheets and service profiles about our solutions.

During the month of May, there will be 2 blog entries a week that contain a link to a survey related to that post. The rules are simple. To qualify, you must take the survey and leave a comment saying you completed the survey.  The more blogs you read, the more surveys you take, the greater your chances of winning. The winner will be announced on the blog May 31, so please remember to check back!

Wednesday, May 1, 2013

Cyber Security: Cyber Security Defense-in-Depth -- Mobile Media

Stephen Santee, consultant for Invensys Critical Infrastructure & Security Practice, discusses multiple defense mechanisms that can be implemented to prevent or detect cyber attacks.

 
Cyber security defense in-depth is a concept of protecting digital assets from cyber attacks by placing multiple defensive mechanisms in a series to prevent or detect a cyber attack. Common defense in-depth practices include using multiple brands of firewalls to protect network layers. This example deals with vulnerabilities within a certain brand or type of firewall. If the first firewall, brand X, has a vendor-specific vulnerability, then the second firewall, brand Y, should not contain the same vulnerability. But what if the attack originates on the inside of the network? What if a mobile media device such as a flash drive is used to launch an attack knowingly or unknowingly?

The Nuclear Regulatory Commission (NRC) recognizes the need for defense in-depth as it pertains to mobile media. Part of NRC Regulations Title 10, Code of Federal Regulations (CFR) 73.54 is to address mobile media. As this type of attack has become more prevalent in recent years with malware launching from flash drives behind defensive layers, multiple defensive mechanisms should be put in place to prevent or detect these types of attacks. Let us look at the multiple defense mechanisms that can be put place:

 
Policies and Procedures
Organizations should provide policies to their employees, vendors, and contractors that provide detailed information that governs the proper use of mobile media. In addition to use, policies and procedures should also direct procurement of mobile media.

 
Training
Job-specific training concerning the use of mobile media will bring awareness and understanding of the risks associated with mobile media use.

 
Scanning
Dedicated scanning workstations to scan and detect malware. These workstations should run malware software that is different from malware software in use on the business network or Distributed Control System (DCS) network.

 
Whitelisting
Whitelisting software is a last line of defense that prevents unauthorized software to execute on a workstation or server.

These types of defensive mechanisms can prevent or detect a cyber attack from a mobile media device, and it is important to implement both administrative and technical controls to have the most robust defense. However, even with multiple types of controls implemented, the most important part of these defensive mechanisms is user compliance. Without user compliance, most types of defensive mechanisms will fail.

 


Want to win a Dell Tablet? Read the rules below and take the survey for this post here


Dell Tablet Giveaway

We want to hear from you, so we're giving away a Dell tablet! Keep up to date with the Invensys cyber security team through a pre-loaded Android app and have easy access to The Cyber Advisor Newsletters as well as datasheets and service profiles about our solutions.

During the month of May, there will be 2 blog entries a week that contain a link to a survey related to that post. The rules are simple. To qualify, you must take the survey and leave a comment saying you completed the survey.  The more blogs you read, the more surveys you take, the greater your chances of winning. The winner will be announced on the blog May 31, so please remember to check back!