Showing posts with label forensics. Show all posts
Showing posts with label forensics. Show all posts

Thursday, January 9, 2014

SANS gets Cyber-Physical with ICS Breach Response Guide


With apologies to Olivia Newton John, you may or may not be aware that some bad actors have been helping raise awareness about physical threats to electric infrastructure lately.  You might say, "Are we sure about this, or were they merely after some copper ... or groundnuts?"

Of course, it always pays to be skeptical, but in the age of video cameras, motion detectors and similar, it's clear that these were humans not after enrichment or nourishment, but rather, intent on destruction.

Mike Assante and Scott Swartz of security training firm SANS just released a how-to manual describing how you can help your utility proceed in the event of an attack.  In particular, they want utilities to be on the lookout for cyber security foul play as they investigate breaches of physical defenses.
Read more »
Posted by at 1:08 PM
Labels: , , ,

Saturday, October 19, 2013

Conference Alert: FIRST Energy Symposium - Energy Sector Incident Response


Sorry for the late announcement, but in the spirit of better late than never ...

In cooperation with ISC2, ICS-ISAC and EnergySec, the Forum of Incident Response and Security Teams (FIRST) brings you its first energy sector focused event.

As the FIRST folks put it:
This conference will bring together computer security incident response and security team professionals from all over the world and provide a forum for experts to promote, share, and discuss issues relating to developments in the field of Incident Response relating to the Energy Sector.
When: 28 + 29 October, 2013

Where: Lansdowne resort, Leesburg, VA (Not be be confused with Lansdowne Street in Boston)

To register: Click HERE (Save $100 using this code: Energy13)

BONUS: the agenda shows presentations by Jack Whitsitt and Chris Blask. If you don't know them, they are two of the more brilliant and idiosyncratic personalities in the business.  Worth the price of admission alone, IMHO.

Posted by at 9:44 AM
Labels: , , , ,

Wednesday, January 5, 2011

Zen and the Art of Smart Grid Security


I'm not sure how to say his last name, but there's a lot to like in  John Traenkenschuh's metaphor:
We bikers know that risk is something that can be mitigated, to a point. Risk remains, and it's our job as safety pro's to limit impact and help the organization, the rider, steer a reasonably secure, er, safe course. 
... and also this:
Nothing I can do can wash away all the security risks with all the IT systems we're paid to protect; in much the same way that no amount of training I might provide you will remove all risk from riding a motorcycle. Instead, let's focus on forcing a quick alert if, maybe WHEN the attack occurs? 
This short article is not specific to our industry, and is actually written more from a vendor's point of view than a technology user's, but because survivability is a crucial backstop to good security, and certainly adds to peace of mind, there's more HERE that applies.

Photo credit: Don DeBold on Flickr.com
Posted by at 8:05 PM
Labels: , , ,
Subscribe to: Posts (Atom)