Friday, August 30, 2013

Cyber Security: Foxboro and Triconex Global Client Conference September 10-13 in San Antonio, TX

Foxboro and Triconex Client Conference

San Antonio Marriot Rivercenter, TX
September 10-13, 2013




As a Foxboro and Triconex user, your plant is future-proofed. This year's conference is all about helping you get the most out of your existing assets, people and processes with an eye towards tomorrow. You'll have the opportunity to learn from a strong heritage of control and safety technologists; collaborate with industry experts on current challenges and user proven solutions and experience innovative technology designed to continuously evolve your plant and your business into the future.


Don’t miss keynote speaker Richard A. Clarke, internationally-recognized expert on security, including homeland security, national security, cyber security, and counterterrorism. He is currently an on-air consultant for ABC News and teaches at Harvard's Kennedy School of Government.

Register Today!


Wednesday, August 28, 2013

Cyber Security: Password protection made easy

Rob Dinuzzo of Siber Systems Source joins Lisa Robinson with tips for keeping the hands of hackers off your personal information. Watch this video for tips on how to protect your personal information from hackers and what to do if you are hacked:

Password protection made easy | Maryland News - WBAL Home


Tuesday, August 27, 2013

Cyber Security: Two-factor authentication - double or nothing

Whether it's referred to as "two-step verification," "login approval," or "second sign-in verification," many online services are beginning to require it. Read how two-factor authentication can keep hackers at bay.

Monday, August 26, 2013

Cyber Security: Invensys Cyber Security Conference, October 3, 2013 in The Netherlands

Invensys Cyber Security Conference


Thursday, October 3, 2013

Fortress St. Gertrudis, The Netherlands


Cyber Crime is considered a simple and low cost crime with a low conviction rate. Though the results can be as damaging as physical crime, especially when governmental agencies come into play (e.g. Stuxnet and Shamoon). Cyber Crime is becoming more relevant to your company’s management team, so in order to support you in protecting your production processes, Invensys has organized a Cyber Security Conference. This will provide you with meaningful information to take back to your management team and start securing the most valuable assets of your company: production asset and the image of your company.

Learn:
how to implement a Cyber Secure architecture
how to create a Cyber Security plan
how other companies are adopting their IT Security strategies

Participate in discussions with peers from your industry.
Address your security concerns to the Cyber Security Panel.
Enjoy the hospitality and the scenery of a fortress from the 18th century.

Click here to view the agenda and register.

Cyber Security: ICS-CERT Vulnerability Summary for Week of August 19

Click the link below to view the summary of cyber security vulnerabilities for the week of August 19 as collected and reported by ICS-CERT.

http://www.us-cert.gov/ncas/bulletins/SB13-238


Cyber Security: Security Management and Optimization

Managing and optimizing your network is key to following industry best practices and protecting your operation’s assets. Click here to read more.

Friday, August 23, 2013

Cyber Security: Foxboro and Triconex Global Client Conference September 10-13 in San Antonio, TX

Foxboro and Triconex Client Conference

San Antonio Marriot Rivercenter, TX
September 10-13, 2013




As a Foxboro and Triconex user, your plant is future-proofed. This year's conference is all about helping you get the most out of your existing assets, people and processes with an eye towards tomorrow. You'll have the opportunity to learn from a strong heritage of control and safety technologists; collaborate with industry experts on current challenges and user proven solutions and experience innovative technology designed to continuously evolve your plant and your business into the future.


Don’t miss keynote speaker Richard A. Clarke, internationally-recognized expert on security, including homeland security, national security, cyber security, and counterterrorism. He is currently an on-air consultant for ABC News and teaches at Harvard's Kennedy School of Government.

Register Today!

Thursday, August 22, 2013

Cyber Security: Baby monitoring device hacked

A hacker was able to shout abuse at a two-year-old child by exploiting a vulnerability in a camera advertised as an ideal "baby monitor." Read more here.

Wednesday, August 21, 2013

Cyber Security: "Internet of Things" phenomenon poses risks

Vulnerabilities in the Hue LED lighting system made by Philips can allow hackers to shut off lights, putting physical security at risk, as hospitals and other public venues adopt new wireless technologies. Click here to read more.

Tuesday, August 20, 2013

Cyber Security: ICS-CERT Vulnerability Summary for Week of August 12

Click the link below to view the summary of cyber security vulnerabilities for the week of August 12 as collected and reported by ICS-CERT.

http://www.us-cert.gov/ncas/bulletins/SB13-231


Cyber Security: Patch Management

Todd Wheeler, consultant for Invensys Critical Infrastructure & Security Practice, discusses the importance of patch management and what to look for in patch management solutions.

 

Patch Management

Patch management is a critical part of maintaining the security posture of your systems and network. The patches that operating system and application vendors release help mitigate the known vulnerabilities of a continuously evolving threat landscape that malicious malware exploits. Unfortunately, patching vulnerabilities is often treated in an inconsistent manner. In many networks, systems are patched once before they are brought online and are rarely updated, if at all, as new patches become available. In these environments, there is no clear patch management strategy. Systems are manually updated one at a time. Sometimes update schedules are missed or systems are ignored. As a result, systems will be at different patch levels with different threat vulnerabilities. It’s only a matter of time before one of these systems becomes compromised and shuts down a critical process, or worse, causes an entire facility to go offline. Most security breaches are the result of a vulnerability caused by a missing patch on any given system in the network. With this in mind, it is critical that a unified patch management strategy should be set in place.

Listed below are 4 key elements to look for when deciding on the application control of your patch management solution:

  • Single administrative point-of-contact for hosts: The only way to have an effective patch management program is by choosing an application that can automate as much of your required host scans and patching as possible. This application will reside on a single server that all hosts in your network will have access to and provide a single unifying interface for interactions within the network.

  • Customization: While no patch management application will cover 100% of your needs, it should provide some degree of customization to where you can make it perform the task you need it to do. You should be able to customize what type of scans you need to perform, whether it’s by OS type, systems in a particular location or function, select vulnerability scans, or only to deploy certain patches.
  • Robust reporting: An effective patch management application should provide robust reporting so you always know what your security posture is on any system or groups of systems on your network. Whether you are dealing with internal policies, or external requirements like PCI, HIPPA or NERC-CIP, a good patch management solution makes it easy to remain in compliance, making certain all systems are up-to-date.

  • Vulnerability scanning and remediation: The primary reason to have patch management is to keep up with security updates. Patch management applications should be able to scan for and report vulnerabilities. From a centralized interface, administrators should be able to remediate these vulnerabilities by quickly pushing the updates to a single system or a group of systems and receive real-time feedback whether the updates have been successfully deployed or if there were installation failures.

By having the right patch management solution in place, systems are kept up-to-date with relative ease. But as critical as patch management is to the function of any business, it should not be your only line of defense; it should be part of a layered vulnerability management framework. With this framework in place, your business is safe from most threats.
 


Monday, August 19, 2013

Cyber Security: Security Modernization & Implementation

Learn why a successful cyber security architecture requires implementation by people who know your business, your industry, and your challenges, and follow industry cyber security best practices. Click here to read more.

Friday, August 16, 2013

Cyber Security: Foxboro and Triconex Global Client Conference September 10-13 in San Antonio, TX

Foxboro and Triconex Client Conference

San Antonio Marriot Rivercenter, TX
September 10-13, 2013




As a Foxboro and Triconex user, your plant is future-proofed. This year's conference is all about helping you get the most out of your existing assets, people and processes with an eye towards tomorrow. You'll have the opportunity to learn from a strong heritage of control and safety technologists; collaborate with industry experts on current challenges and user proven solutions and experience innovative technology designed to continuously evolve your plant and your business into the future.


Don’t miss keynote speaker Richard A. Clarke, internationally-recognized expert on security, including homeland security, national security, cyber security, and counterterrorism. He is currently an on-air consultant for ABC News and teaches at Harvard's Kennedy School of Government.

Register Today!


Thursday, August 15, 2013

Cyber Security: 8 free tools for internet security

Click here for a list of free tools and programs that may help increase your internet security, including LastPass, HTTPS Everywhere, HotspotShield, and more.

Wednesday, August 14, 2013

Cyber Security: US Airways accounts breached

7,700 accounts in US Airways' Dividend Miles frequent-flier program were compromised in mid-July, giving hackers the ability to deduct mileage credits and gain access to customer information. Read the article here.


Tuesday, August 13, 2013

Cyber Security: Cyberespionage group APT 12 is back

The cyberespionage group APT 12 (Advanced Persistent Threat number 12), responsible for the January attack on The New York Times' computer network, is believed to have launched new attacks against unnamed organizations, according to researchers from security vendor FireEye. Click here to read more.

Monday, August 12, 2013

Cyber Security: ICS-CERT Vulnerability Summary for Week of August 5

Click the link below to view the summary of cyber security vulnerabilities for the week of August 5 as collected and reported by ICS-CERT.

http://www.us-cert.gov/ncas/bulletins/SB13-224


Cyber Security: Security Architecture & Policy Development

A successful and reliable security environment starts with industry cyber security best practices and a solid architecture, powerful system design, and integrated policies. Click here to read more.

Thursday, August 8, 2013

Cyber Security: The Global Cyber Advisor Newsletter - July 2013 Vol. 22

Welcome to the latest Global Cyber Advisor Newsletter,

We felt it was worthwhile defining cyber security again in this month’s newsletter.    The reason is that, as a product company, we focus on our products and the security features of those products.   As a consulting group, we find our clients need much more than products with secure features--they need to understand how to comply with industry standards for their operations and need help to leverage our products.    How your clients define cyber security is ultimately more important than how we do.

Continuously Secure:   Invensys continues to prove to the industry that we stay vigilant and help our customers develop their Cyber Strategies and secure their process environments. We have staff to help our clients on a global basis to assess, design, implement and manage their Cyber posture. Invensys has developed suites of products with complementary consulting, which are unmatched in the industry.   

This month’s Consultant’s Corner is from David Milne as he discusses network management.

Also, if you’ve missed our previous editions, you can find them at this location:   http://iom.invensys.com/EN/Pages/CyberSecurity-Newsletters.aspx

Click here to open the July 2013 newsletter.
 


 

Cyber Security: Meet the Invensys Cyber Security Team

Cyber Security Consulting Advantage

Assessing cyber assets requires adequate resources and a thorough understanding of the industry-specific regulatory requirements.

In this video, the Invensys cyber security consultant team sums up the areas where many sites look for guidance to augment their current capabilities.
  • Working Across Company Boundaries
  • Exposing Unknown Risks
  • Control System and IT Expertise
  • Providing a Consistent Approach to Cyber Security
Security and compliance take a tremendous amount of effort. Help is available to become secure and compliant… and stay that way.
 
 

Wednesday, August 7, 2013

Cyber Security: "Forever day" bugs

"Forever-day" bugs, or vulnerabilities that never get fixed, often remain ignored by the software manufacturers responsible for patching the infected product. However, instead of giving users advice on how to uninstall or work around the bug, Invensys recognizes the importance of patching all vulnerabilities as well as understanding these threats, as described in this article.

Cyber Security: "Smart homes" vulnerable to hacking

Learn how hackers can take control of "smart homes" by opening front door locks and hijacking power outlets, to name a few. Read the article here.



Tuesday, August 6, 2013

Cyber Security: Can your "Smart TV" watch you?

New research suggests that hackers may be able to access your smart TV's camera, allowing them to stream live video or take photos of you and remain undetected. Read more here.

Monday, August 5, 2013

Cyber Security: ICS-CERT Vulnerability Summary for Week of July 29

Click the link below to view the summary of cyber security vulnerabilities for the week of July 29 as collected and reported by ICS-CERT.


http://www.us-cert.gov/ncas/bulletins/SB13-217



Cyber Security: Security Assessment

An Invensys site security assessment is the first step to following industry cyber security best practices and understanding the risks that may impact a control system’s safe and reliable operation. Click here to read more.


Thursday, August 1, 2013

Cyber Security: Foxboro and Triconex Global Client Conference September 10-13 in San Antonio, TX

Foxboro and Triconex Client Conference

San Antonio Marriot Rivercenter, TX
September 10-13, 2013




As a Foxboro and Triconex user, your plant is future-proofed. This year's conference is all about helping you get the most out of your existing assets, people and processes with an eye towards tomorrow. You'll have the opportunity to learn from a strong heritage of control and safety technologists; collaborate with industry experts on current challenges and user proven solutions and experience innovative technology designed to continuously evolve your plant and your business into the future.


Don’t miss keynote speaker Richard A. Clarke, internationally-recognized expert on security, including homeland security, national security, cyber security, and counterterrorism. He is currently an on-air consultant for ABC News and teaches at Harvard's Kennedy School of Government.

Register Today!

 
 



 
 


 
 
 


Cyber Security: Email "phishing" attacks on the rise

Read about how email "phishing" attacks are not only increasing, but also becoming more lethal, as 2 million people discovered last May during the "fake-Wal-Mart" attack when they clicked on a link in an email that installed malicious software on their machines.