Infosec Haiku

Anata no joho sekyuritei konshu no haiku

Cyberattacks on
Physical Plants Are Scary!
Iron Works Knocked Out


### Notes ###
* Thanks to Ms. Etsuko vdH for the translation.
* Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published.

> Read More

Test of our Bulk Power System, GridExII, Kicks Off Tomorrow

On November 13-14, the North American Electric Reliability Corporation (NERC) will host a Grid Security Exercise, called GridExII, with Electricity Sub-sector entities across the U.S., Canada and Mexico. The goal is to simulate both a cyber-incident and physical attack for the purposes of testing organizational readiness and response.

Some pretty good movies have been made about the notion of a cut in on our nation’s power supply – which is what could happen in the event of a serious breach of our electrical grid.

> Read More

The Danger of Open Access to University IP

When I saw last week’s New York Times story about the problems universities are experiencing with cyber attacks, my first thought was one of surprise. Wasn’t this kind of story published years ago? Hackers are opportunistic and universities pride themselves on providing free and open access to materials. Cyber attacks on research universities have been happening for some time.

> Read More

Changeup Information Sharing

We were talking with the CIO of a major healthcare company the other day who told us that his day had gone sideways because of the re-emergence of the ChangeUp worm / Trojan. This was news to me. I mean, yes, I’m a little behind in my reading, but I’d not heard much about ChangeUp since it flared up again at the end of 2012.

> Read More

The New York Times Breach: Why AV Failed, What They Should Have Done and What We Accomplish by Letting Them Stay Inside

In yet another example in the saga of personalized malware from foreign nations, specifically China, The New York Times reported Wednesday that the Chinese had carried out an extensive malware campaign against the newspaper giant for the past four months. With this news, we see once again stand alone, signature-based defenses are completely ineffective,

> Read More

November Podcast: State of Security Awards

Welcome to the November edition of the state of cyber security awards. We’ve got a few well-done’s to hand out as well as a lesson learned. As is always the case here, cyber security is an on-the-job learning process for most.

Download the podcast.

 Government Action Impacting Our Industry

> Read More

3 Reasons Flame is a Game Changer

Back in the late ’90s, the president of a prominent U.S. anti-virus company was approached by a delegation from India. Their request? Weapons-grade malware. In the same month, he was also approached by representatives from Pakistan with the same request. As he explains it: “Two nuclear armed nations with a common border and a history of armed conflict have only one interest.

> Read More

Application Whitelisting: Key Protection Against Targeted Cyber Attacks

The Australian Department of Defence recently updated their Strategies to Mitigate Targeted Cyber Intrusions guidelines, and I think it warrants a little discussion.

The relatively short (only two pages!) document from the Cyber Security Operation Centre (CSOC) – part of the Defence Signals Directorate (DSD) – is based on their experience in operational cyber security,

> Read More

U.S. Cybersecurity Proposal – A Plan about Plans: We Need More Action and Talent If We’re Serious about Securing Our Nation’s Data

My mother use to always say, actions speak louder than words and in reading the recent cybersecurity proposed plan, I can’t help but think of that age-old phrase. To date, there has been very little meaning behind our nation’s efforts to secure the American people, industry and critical infrastructure from cyber criminals. In fact, according to Whitehouse Representative James Langevin,

> Read More

Sony Playstation Megabreach – Now What?

The original attack against Sony was a massive Distributed Denial of Service Attack that quickly changed vectors and became a penetration of their environment.

Federal Cyber Security Outlook for 2010

Steve Antone, Vice President of Federal Solutions Group provides insights into the Federal Cyber Security Outlook for 2010 survey.

Why Compliance and Security Need to Play Nice

In this video interview, Matt Mosher, SVP of the Americas, Lumension, takes an in-depth look at how organizations can make compliance a continuous process by correlating compliance with security posture.

Cybersecurity: Moving Beyond the Chatter and Noise!

As both a guest speaker and attendee at the Security Innovation Network’s fourth annual IT Security Entrepreneur’s Forum, I found the conference provided a great deal of insight on important cybersecurity issues. Two panels I found particularly relevant were: “An Industry and Government Perspective on the Emerging Cyber Threats, Risks and Vulnerabilities” and “Moving Forward with a Roadmap for the IT,

> Read More