Cyber Security: Cyber attack shuts down Israeli toll road tunnel

A month after Israel’s military chief, Benny Gantz, listed computer sabotage as a top threat, a major link in the country’s national road network was shut down by a cyber attack. The attack took down key operations for two days, causing hundreds of thousands of dollars in damage, experts told The Associated Press, according to the Washington Post. The attack indicates that cyber war is now a reality, the paper said.

Click here for the full article.

Cyber Security: The Global Cyber Advisor Newsletter - Sep. 2013 Vol. 24

Welcome to the latest Global Cyber Advisor Newsletter.

Continuously Secure:   Invensys continues to prove to the industry that we stay vigilant and help our customers develop their Cyber Strategies and secure their process environments. We have staff to help our clients on a global basis to assess, design, implement and manage their Cyber posture. Invensys has developed suites of products with complementary consulting, which are unmatched in the industry.   

This month’s Consultant’s Corner is from Charles Smith, where he discusses encryption in his article, "Transporting Data Securely."

The Invensys Critical Infrastructure and Security Practice has the skills and the resources to help our clients no matter what industry. We are structured to help with their entire Cyber Security program. We have essentially the industry’s largest vendor-based Cyber Security team that assists our clients secure their entire process environment. We understand that Cyber Security extends beyond a single system and our valued clients need assistance and advice in how to secure their entire plant infrastructure. Cyber security is so much more than firewalls and anti-virus software. 

If you’ve missed our previous editions, you can find them at this location:   http://iom.invensys.com/EN/Pages/CyberSecurity-Newsletters.aspx

Click here to open the September 2013 newsletter.

Cyber Security: UK man charged with breaching U.S. Army, NASA, and other federal government computer networks

A British man has been arrested and charged with hacking into computer systems of the U.S. Army, NASA, the Environmental Protection Agency, and other agencies at a cost of millions of dollars to the federal government. Click here to read the article.

Cyber Security: NatGeo's American Blackout imagines 10 days of a nationwide power outage due to cyber attacks

What does it mean to be powerless? That question is at the center of American Blackout, a new found-footage style suspense/horror movie from National Geographic Channel that imagines 10 days of a nationwide power outage caused by a devastating cyber attack.

Though former deputy of Homeland Security Jane Holl Lute called the movie "extreme," Michael Hayden, retired general and former director of the NSA and CIA, said we don't know how big of a risk a cyber attack is.

Robert Bristow, Medical Director of Emergency Management at New York Presbyterian Hospital, said most hospitals have a plan to sustain services for about 96 hours without needing external assistance. Lute added that there is an old saying among first responders that the "first 72 is on you," and that many people don't have the capability to withstand 72 hours in case emergency services cannot reach them.

American Blackout will air on November 13 at 9 p.m. ET.

Click here to read the full article.

Cyber Security: ICS-CERT Vulnerability Summary for Week of October 21

Click the link below to view the summary of cyber security vulnerabilities for the week of October 21 as collected and reported by ICS-CERT.

http://www.us-cert.gov/ncas/bulletins/SB13-301

Cyber Security: U.S. universities under cyber attacks originating in China

Recently, U.S. universities have found themselves under cyber attacks with "hacking attempts invading networks by the millions weekly. Many of the attacks have been traced back to China, and the theft of personal data is happening more frequently." Read what colleges are doing to in response to these attacks and how they are working to strengthen their security.

Cyber Security: Body hacking

3 million Americans have implanted medical devices, and the possibility of cyber attacks on these devices is increasing. Even Dick Cheney, who has a pacemaker, feared a "cyber assassination." Click here to read the article.

Cyber Security: Staged cyber attacks help Wall Street banks learn to survive

In a staged simulation called Quantum Dawn 2, bank executives were faced with the task of spotting a small "red flag" and then communicating with "rivals, exchanges and government authorities to conclude that markets were in the throes of a systemic crisis and needed to be shut down." Click here to read the article.

Cyber Security: ICS-CERT Vulnerability Summary for Week of October 14

Click the link below to view the summary of cyber security vulnerabilities for the week of October 14 as collected and reported by ICS-CERT.

http://www.us-cert.gov/ncas/bulletins/SB13-294

Cyber Security: Cyber Security Compliance

Compliance is the assurance that the cyber security program is in place, regulations are implemented and the plant is monitoring and tracking changes. Compliance is the assurance of preparedness. In this video, Michael Martinez discusses why a mindset change is required that not only addresses the technology but also involves personal awareness and ownership of responsibility.
 

Cyber Security: Invensys Cyber Security Team Helps Customers Comply with Cyber Security

Did you know that Invensys has a well-established Cyber Security team? Listen to this interview with Doug Clifton to hear more.

Cyber Security: Top 7 tactics of hack attacks

Click here to read the top 7 tactics of hackers and malware, including fake wireless access points, cookie theft, and waterhole attacks.

Cyber Security: UK banks to face simulated cyber attacks

UK banks will face simulated cyber attacks in an effort to see if these financial systems are prepared for a sustained online attack. Operation Waking Shark 2 begins in mid-November. Click here to read the article.

Cyber Security: Track a hack

Read this article to find out how you can track hackers on your server by setting up denyhosts. Click here for more information.

Cyber Security: ICS-CERT Vulnerability Summary for Week of October 7

Click the link below to view the summary of cyber security vulnerabilities for the week of October 7 as collected and reported by ICS-CERT.

http://www.us-cert.gov/ncas/bulletins/SB13-287

Cyber Security: 5 wi-fi security myths

Wi-Fi has evolved over the years, and so have the techniques for securing your wireless network. An Internet search could unearth information that's outdated and no longer secure or relevant, or that's simply a myth. Read this article for information on the most current and effective means of securing your Wi-Fi network.

Cyber Security: Silk Road taken down by FBI, ZeroAccess taken down by Symantec

Last week was a big week in cyber crime, as the FBI captured Ross William Ulbricht (the man behind Silk Road, an online drug marketplace) and Symantec took down ZeroAccess, one of the largest botnets in existence. Click here to read the article.

Cyber Security: Adobe gets hacked

Last Thursday, Adobe admitted that hackers broke into its network and stole personal information, including an estimated 2.9 million credit card numbers. Click here to read the article.

Cyber Security: ICS-CERT Vulnerability Summary for Week of September 30

Click the link below to view the summary of cyber security vulnerabilities for the week of September 30 as collected and reported by ICS-CERT.

http://www.us-cert.gov/ncas/bulletins/SB13-280

Cyber Security: SQL Server Hardening

Tom Jackson, consultant for Invensys Critical Infrastructure & Security Practice, discusses why SQL Server Hardening is important in preventing cyber attacks.

SQL Server Hardening

Server Hardening is one of the most important tasks to be done on your servers, once you understand just how vulnerable servers are “out of the box.” The default configuration of most operating systems are not designed with security as the primary focus. Instead, default setups focus more on usability, communications, and functionality. To protect your servers, you must establish solid and sophisticated server hardening policies for all servers in your system’s network.

One best practice solution is SQL Server Hardening, and as with all servers, once connected to the Internet, they are vulnerable to cyber attacks. What sets the SQL server apart from other servers is the function it performs. SQL servers are a relational database management system. These databases and the information contained are what make SQL servers a target for hackers and the reason that all SQL servers should be hardened at install and continually monitored for updates and changes.

Hardening the SQL servers is a fundamental first step in a cyber security program. SQL servers are ICS critical assets, and any compromise to one of these servers can have a devastating impact on business. Most successful SQL server cyber attacks can be tracked back to a basic lack of best practices: badly configured user accounts, missing patches, and weak passwords resulting from lack of password policies.

The main threats to a SQL server are:

•  Indirect attack—SQL injection
•  Direct—exploit attack
•  Cracking SA Password
•  Google hacks

Understanding the nature of these threats is critical in developing a SQL Server Hardening solution. Developing a best practice SQL hardening solution must first address the required remediation steps, ensuring that common threat vectors are addressed and mitigated. The CISP hardening solution addresses these issues:

•  Remote access policies
•  Server authentication mode(s)
•  Server account policies
•  System privileges policies
•  SA account policies
•  Server services accounts
•  Patch management
•  Security logging

SQL Server Hardening is critical to any cyber security initiative and is part of many regulatory compliance program. Server hardening not only provides security, but also establishes a baseline for all server platforms assisting with maintenance, patching, and planning.

Cyber Security: Protecting routers from hackers

Learn how to prevent hackers from accessing your router by following some key guidelines in this article.

Cyber Security: Anti-virus software often fails to deter hackers

Studies show that anti-virus software often fails to deter hackers. Read this article to find out why.