Monday, March 31, 2014

Friday, March 28, 2014

Cyber Security: Verizon email mistake prompts worries about private info being hacked

A suspicious email about a delinquent cellphone bill led Paul Newton to think his account information might have been hacked. Read the article here.


Thursday, March 27, 2014

Cyber Security: Hackers are now targeting your router

It's time for a router emergency call to 911. You knew about hackers stealing our credit cards from retailers, the NSA spying on anyone who picked up a cellphone or writes an email, and ad trackers watching our every move and purchase. Click here to read more.


Wednesday, March 26, 2014

Cyber Security: Cyber attack against Colorado hospital attempts to steal 5,400 patient records

The vast majority of hospitals in the United States are not adequately prepared to deal with cyber threats. Click here to read about what happened to a Colorado hospital.


Tuesday, March 25, 2014

Cyber Security: Cyber attack still a threat to Pocono power grid

Despite years of homeland security time and attention, the ability to protect and respond to a targeted cyber attack on U.S. power grids remains a major concern of government officials and utility companies. Click here to read more.


Monday, March 24, 2014

Thursday, March 20, 2014

Cyber Security: Outdated government computers vulnerable to hackers

Federal officials have known for more than six years that Microsoft would withdraw its free support for Windows XP on April 8, 2014. Read more here.

Wednesday, March 19, 2014

Cyber Security: SMEs believes they are immune to cyber attack

Most small and medium-sized enterprises believe they are not at real risk of cyber attack, a survey has revealed. Read the article here.

Tuesday, March 18, 2014

Cyber Security: ICS-CERT Vulnerability Summary for Week of March 10

Click the link below to view the summary of cyber security vulnerabilities for the week of March 10 as collected and reported by ICS-CERT.

http://www.us-cert.gov/ncas/bulletins/SB14-077


Cyber Security: 8 ways to improve wired network security

These basic security precautions on the wired side of the network work whether you're a small business or a large enterprise We sometimes focus more on the wireless side of the network when it comes to security because Wi-Fi has no physical fences. Click here to read the article.

Thursday, March 13, 2014

Cyber Security: Malware attacks, even when the computer is unplugged

Preventing your network of computers from cyber attack, the first logical step is isolating the affected computer from the network. Read more here.



Wednesday, March 12, 2014

Cyber Security: Transporting Data Securely

Charles Smith, Consultant for Critical Infrastructure & Security Practice, offers tips for transporting data securely.

Transporting Data Securely
In our January 2013 newsletter, Stephen Santee gave some excellent guidance in setting up a Mobile Media program. This was followed up in February 2013 with Carrie Straka providing statistics of the dangers of malware and mobile media. However, what is a way to securely transport data and protect it in case the medium of transport is compromised? The answer is encryption. There are many types and levels of encryption available. Once the type and level of encryption are selected, there are several ways to transport your data using encryption. They include but are not limited to:
Secured Tunnel

This method is used when you have a lot of data going back and forth over an unsecured network such as the internet. It creates a private "tunnel" of information between communicating parties. This is mainly used by people that work in a home office and have a need to connect back to a corporate network.


Example Technology: Virtual Private Networking (VPN)

Possible Drawbacks: (Depending on how it is implemented) Slows down overall communication; a limited number of connections can be made



Secured Email

This method is used when you need to send secure messages over an unsecured network. This allows the entire email, including attachments, to be protected. This is commonly used to share information securely between two companies that have a non-disclosure agreement in place or between executives within the same company.


Example Technology: PGP Email Plug-in for Microsoft Outlook

Possible Drawbacks: Both parties must be using the same software and method of encryption as solutions are not standardized well



Secured Files

This method is used when protected information is contained with files. These files, once protected, can be transported by any normal means.


Example Technologies: Microsoft Document Encryption, Adobe Document Encryption, Compressed Files Encryption (zip, rar, etc.)

Possible Drawbacks: (Depending on how it is implemented) Can be easy to break in and steal information; Parties communicating must share and keep up with encryption password



Secured Transfer

This method is used when you have bursts of data to transport over an unsecured network such as the internet. It creates a private "tunnel" of information between communicating parties. This is mainly used to upload and download files on an as-needed basis.


Example Technologies: Secure copy (SCP), FTP over SSL (FTPS), SSH file transfer protocol (SFTP), FTP over SSH

Possible Drawbacks: Both parties must be using the same software and method of encryption as solutions are not standardized well.



Secured Media

This method is used when you cannot transport data over a network and it must be physically transported. The media is protected so that if it is lost, no data can be recovered without the appropriate passcode or key.


Example Technologies: IronKey, McAfee Encrypted Drive, Encrypted USB Flash Key with PIN access

Possible Drawbacks: Most solutions require software to either be installed or temporarily executed to encrypt and decrypt data; this software may not work on all platforms (ex. Windows, Linux, Mac, etc.). Other solutions that have a physical keypad overcome this limitation but require the user to remember and transport a PIN safely.



The Invensys Critical Infrastructure and Security Practice has the skills and the resources to help our clients no matter what industry. We are structured to help with the selection of appropriate encryption and transport method for all your Critical Infrastructure data needs.

Cyber Security: Microsoft to end Windows XP support April 8

The end is near. No, that doesn't mean computers using the 12-year-old operating system will suddenly crash and spread calamity throughout the Internet. Read the article here.


Tuesday, March 11, 2014

Cyber Security: Visa and MasterCard Take a Stand Against Hackers

Visa and MasterCard are now teaming up with retailers in a new cross-industry effort to improve credit card security. Click here to read the article.


Monday, March 10, 2014

Cyber Security: The Global Cyber Advisor Newsletter - Feb. 2014 Vol. 29


Welcome to the latest Global Cyber Advisor Newsletter!

In the US, this winter has been unusually brutal.   Hopefully where ever you are, this newsletter finds you well. We have many discussions with the industry and the issue of Cyber Security is becoming more visible and better funded every year. Hopefully soon we’ll be able to help all of our clients secure their intellectual property, secure the stability of their process networks and maintain the safety levels they expect from their industrial process systems. We must all move away from the “Silver Bullet” theory and realize that clear and concise plans are the most economical ways to pursue Cyber Security. We know a solid Cyber program leverages system features, cyber security products/controls/services  and a solid documented cyber program that keeps it all maintained and managed.

Continuously Secure: Invensys continues to prove to the industry that we stay vigilant and help our customers develop their Cyber Strategies and secure their process environments. We have staff to help our clients on a global basis to assess, design, implement and manage their Cyber posture. Invensys has developed suites of products with complementary consulting, which are unmatched in the industry.  

This month’s Consultants Corner article is from Roy Solis. He discusses the tremendous amount of data we collect on Security solutions and the ways to best manage that data. A good read for all.
The Invensys Critical Infrastructure and Security Practice has the skills and the resources to help our clients no matter what industry. We are structured to help with their entire Cyber Security program.   We have essentially the industry’s largest vendor-based Cyber Security team that assists our clients secure their entire process environment. We understand that Cyber Security extends beyond a single system and our valued clients need assistance and advice in how to secure their entire plant infrastructure. Cyber security is so much more than product features, firewalls and anti-virus software. 


If you’ve missed our previous editions, you can find them at this location:   http://iom.invensys.com/EN/Pages/CyberSecurity-Newsletters.aspx

Click here to open the February 2014 newsletter.




Cyber Security: ICS-CERT Vulnerability Summary for Week of March 3

Click the link below to view the summary of cyber security vulnerabilities for the week of March 3 as collected and reported by ICS-CERT.

http://www.us-cert.gov/ncas/bulletins/SB14-069


Friday, March 7, 2014

Cyber Security: Las Vegas Sands customer data stolen during recent attack

The data of thousands of customers has been stolen from Las Vegas Sands' (LVS) Bethlehem property in Pennsylvania during a cyber attack last month. Read the article here.


Thursday, March 6, 2014

Cyber Security: Industry needs to step up to protect the power grid from cyber attack

Energy companies should create a new industry-led body to deflect cyber threats to the electric grid -- from large generators to local distribution utilities, according to a new report co-authored by Ret. Read the article here.


Wednesday, March 5, 2014

Cyber Security: Wi-fi networks vulnerable to virus attacks, study shows

A group of talented individuals over at the University of Liverpool, spearheaded by Network Security Professor Allan Marshall, has developed a virus called Chameleon which not only can infiltrate "poorly managed" Routers and Access Points, but also effectively spread to other wireless devices. Click here to read the article.


Tuesday, March 4, 2014

Monday, March 3, 2014

Cyber Security: Sears looks for possible breach as Secret Service said to assist

Sears, the retailer run by hedge fund manager Edward Lampert, is investigating a possible security breach after a series of cyber attacks on other retailers have exposed the data of millions of consumers. Click here to read more.