Thursday, January 3, 2008
The 5 Coolest Hacks of 2007
Hackers are creative folk, for sure. But some researchers are more imaginative and crafty than others. We're talking the kind of guys who aren't content with finding the next bug in Windows or a Cisco router. Instead, they go after the everyday things we take for granted even more than our PCs -- our cars, our wireless connections, and (gulp) the electronic financial trading systems that record our stock purchases and other online transactions. >> More ..
CISCO's 2007 Annual Security Report
CISCO has released its 2007 Annual Security Report which provides an overview of the combined security intelligence of the entire CISCO organisation. The report encompasses threat information and trends collected between January and September 2007, and provides a snapshot of the state of security for that period. The report provides recommendations from CISCO security experts and predictions of how identified trends will continue to unfold in 2008.
Security trends and recommendations are organized into seven major risk categories:
- Vulnerability
- Physical
- Legal
- Trust
- Identity
- Human
- Geopolitical
The report also provides a high-level perspective on the issues currently shaping the security space, as well as insights into how security professionals and businesses can expect the industry to change over the next several years. The report can be downloaded here.
Security trends and recommendations are organized into seven major risk categories:
- Vulnerability
- Physical
- Legal
- Trust
- Identity
- Human
- Geopolitical
The report also provides a high-level perspective on the issues currently shaping the security space, as well as insights into how security professionals and businesses can expect the industry to change over the next several years. The report can be downloaded here.
Antivirus Protection Worse Than a Year Ago
The effectiveness of antivirus software has fallen off, and more and more pests can now slip past these barriers. This is the sobering conclusion the german computer magazine c't comes to in issue 1/08 with a test on 17 antivirus solutions. For the first time, c't also tested the behavioural blocking system they use. >> More ..
LOGIIC – Linking the Oil and Gas Industry to Improve Cyber Security
LOGIIC is a unique collaborative forum (initiated by the US Department of Homeland Security) where government and industry are focusing on cyber security issues for the oil and gas industry that are best addressed collaboratively. The needs of the infrastructure owners and operators are driving the formation of projects, supported by government and independent experts. The forms for future collaboration are currently being established, and new projects will be forthcoming.
One such project was the the LOGIIC 2005-2006 Correlation Project.
The LOGIIC Correlation Project was a 12-month technology integration and demonstration project jointly supported by industry partners and the U.S. Department of Homeland Security Science and Technology Directorate (DHS S&T). The project demonstrated an opportunity to reduce vulnerabilities of oil and gas process control environments by sensing, correlating and analyzing abnormal events to identify and prevent cyber security threats.
A detailed description of the LOGIIC Correlation Project can be downloaded from here.
This collaboration model between Government and industry can be similarly applied to other industry sectors.
One such project was the the LOGIIC 2005-2006 Correlation Project.
The LOGIIC Correlation Project was a 12-month technology integration and demonstration project jointly supported by industry partners and the U.S. Department of Homeland Security Science and Technology Directorate (DHS S&T). The project demonstrated an opportunity to reduce vulnerabilities of oil and gas process control environments by sensing, correlating and analyzing abnormal events to identify and prevent cyber security threats.
A detailed description of the LOGIIC Correlation Project can be downloaded from here.
This collaboration model between Government and industry can be similarly applied to other industry sectors.
SCADA Security and CNII - Digital Bond
This Digital Bond site is a site that has articles and blogs on SCADA security with a focus on CNII issues. There are several blog categories that discusses a wide range of related topics. Have a look at the site to get some key information and knowlegde about SCADA security. >> More ..
Wednesday, January 2, 2008
SCADA and Control System Security - Views From An Expert
Joseph Weiss is one of the leading experts in control system security. He provides some interesting insights about control systems and including SCADA, DCS and PLC and the security issues surrounding these in an interview found here.
He explains among other things that "A control system has several unique attributes. Number one, a control system must be absolutely highly reliable. It can't shut down very often. So, unlike a business system where you can shut it down over the weekend, the system that controls the power plant must have almost 100 percent reliability or some form of backup to maintain the 100 percent reliability. It is extremely important." This characteristic brings in itself a very unique perspective about security implementation related to control systems.
In a later part of the interview he has this to say about control systems getting hit: "My very, very, very strong feeling is, if and when we get hit, we will never know why we were hit. All we will know is breakers are opening, valves are closing, certain things are happening. But we won't have a clue as to why."
The interview contains a lot of other interesting insights and examples of incidents and lessons learnt that would be useful for anybody interested in CNII and control systems in particular. >> More ..
He explains among other things that "A control system has several unique attributes. Number one, a control system must be absolutely highly reliable. It can't shut down very often. So, unlike a business system where you can shut it down over the weekend, the system that controls the power plant must have almost 100 percent reliability or some form of backup to maintain the 100 percent reliability. It is extremely important." This characteristic brings in itself a very unique perspective about security implementation related to control systems.
In a later part of the interview he has this to say about control systems getting hit: "My very, very, very strong feeling is, if and when we get hit, we will never know why we were hit. All we will know is breakers are opening, valves are closing, certain things are happening. But we won't have a clue as to why."
The interview contains a lot of other interesting insights and examples of incidents and lessons learnt that would be useful for anybody interested in CNII and control systems in particular. >> More ..
ICT Security Education and Awareness for Students
Learning to use the Internet safely should begin at a young age in school so that the generation of youth has the basic knowledge to practice and infuse or inculcate safe Internet use when they join the workforce. Some students have the ability to explore and find out the best practices themselves while yet the majority of others need to be taught or guided. The Hacker Highschool site is one of several websites that provides easy to follow materials on safe Internet use for school children.
The Hacker Highschool project is the development of license-free, security and privacy awareness teaching materials and back-end support for teachers.
Today's kids and teens are in a world with major communication and productivity channels open to them and they don't have the knowledge to defend themselves against the fraud, identity theft, privacy leaks and other attacks made against them just for using the Internet. This is the reason for Hacker Highschool.
In HHS, you will find lessons on utilizing Internet resources safely such as web privacy, chat protection, viruses and trojans (malware), and the over-all focus on how to recognize security problems on your computer. HHS is a great supplement to student course work or as part of after-school and club activities.The HHS program is developed by ISECOM, a non-profit, open-source research group focused on security awareness and professional security development and accreditation. >> More ..
The Hacker Highschool project is the development of license-free, security and privacy awareness teaching materials and back-end support for teachers.
Today's kids and teens are in a world with major communication and productivity channels open to them and they don't have the knowledge to defend themselves against the fraud, identity theft, privacy leaks and other attacks made against them just for using the Internet. This is the reason for Hacker Highschool.
In HHS, you will find lessons on utilizing Internet resources safely such as web privacy, chat protection, viruses and trojans (malware), and the over-all focus on how to recognize security problems on your computer. HHS is a great supplement to student course work or as part of after-school and club activities.The HHS program is developed by ISECOM, a non-profit, open-source research group focused on security awareness and professional security development and accreditation. >> More ..
Subscribe to:
Comments (Atom)
Posts
