Securitybeat Advisors LLC

Category: Uncategorized

  • Don’t Be Denied – Counter Threat Before It’s Too Late

    Investors learnt years ago that automation can keep costs down.  Factories and other process control applications have been retooled time and again.  SCADA now rules.  But what if an attacker denied you such services?

    History shows that Supervisory Control and Data Acquisition (SCADA) was introduced nearly 75 years ago.  Generations later, implementations creped onto our networks by way of an open systems architecture.  Such innovations may lead to it’s downfall unless investments are made in the rising threat landscape.

    A recent article in CSO states that “Attacks against industrial control systems double” when analyzing traffic between 2013 and 2014.  Malware has been developed for the SCADA technology with all new exploit kits including it.

    Note:

    References to articles used in this post are no longer accessible.

  • Assessing Security Controls

    This post is second in a series on Cyber Security Preparedness, and follows step 1: Cyber Security Awareness.  Today we look at the establishment of Critical Security Controls.

    As security professionals, we all know that assurances come through the process of establishing and measuring controls.  Cyber security is no different. 

    The Council on Cybersecurity, Center of Internet Security, SANS, and others have compiled a list of Critical Security Controls – now in their 5th revision.  The document provides a roadmap for implementing the 20 critical security controls (CSC) and many associated sub controls.  Has CSC been added to your control framework?  Start your assessment now before the next incident or audit.

    Five key sub-controls are your starting point:

    1. CSC 2.1 – Deploying application white-listing technology
    2. CSC 3.1 – Implementing a configuration standard operating systems
    3. CSC 3.2 – Automating the patching of the OS and Applications
    4. CSC 3.3 – Limiting administrative privileges
    5. CSC 4.1 – Perform automated vulnerability scans at least weekly

    The foundation is established through numerous other Quick Wins.  Further refinement is offered through sub-controls to add Visibility and improve Configurations.  

    Note:

    Critical Security Controls have been considerably advanced since this post. Version 5 is no longer accessible. For the latest control set, see: https://www.cisecurity.org/controls/v8

  • No Muscle in Cyber Defense

    We all have a distant memory of a bully at school that we chose to avoid during recess or after school.  We were no match for them.  Why end up in a fight for no good reason?

    The bully is back, but this time they are challenging our cyber defenses. 

    Researchers claim that 99% of us are vulnerable.  Today’s capability of our adversaries are no match for us.  The bullies are in the thousands and we have no place to hide.  Any of us could be the next Sony.

    The path forward is clear,  Each of us must hit the gym and gain a little muscle against today’s cyber threats.  At the same time, we must actively collaborate, creating strength in our numbers.

    References:

    1. https://www.cnet.com/news/privacy/thousands-could-launch-sony-style-cyber-attack-says-ex-hacker/