Software Integrity Blog

Archive for the 'Critical Infrastructure Security' Category

 

Throwback Thursday: Whatever happened to Stuxnet?

Whatever happened to Stuxnet? Since it destroyed hundreds of centrifuges at a nuclear enrichment facility in Iran in 2010, the worm’s been quiet—but not idle.

Continue Reading...

Posted in Critical Infrastructure Security, Featured

 

President’s ‘cybersecurity moonshot’: Transformational or pie in the sky?

Making the internet safe and secure in 10 years isn’t going to be easy, if it’s even possible. And that’s why NSTAC’s new proposal is a cyber security moonshot.

Continue Reading...

Posted in Critical Infrastructure Security, Government Security

 

Hard questions raised when a software ‘glitch’ takes down an airliner

The parts and systems on an airplane don’t have to fail in a big way to have big consequences. A flaw in airline software could be a matter of life or death.

Continue Reading...

Posted in Critical Infrastructure Security

 

Air gaps in ICS going, going … and so is security

As smart shipping and other network-connected industrial control systems (ICS) grow, the air gap loses value as a barrier against cyber attacks. What’s next?

Continue Reading...

Posted in Critical Infrastructure Security

 

Threats obvious, but electronic voting systems remain insecure

Election security requires that voters trust the results. But many U.S. electronic voting systems are clearly insecure, and untrustworthy. What are we doing about it?

Continue Reading...

Posted in Critical Infrastructure Security, Government Security

 

‘Cyber Pearl Harbor’ unlikely, but critical infrastructure needs a major upgrade | NCSAM at Synopsys

Officials have warned for decades of a “cyber Pearl Harbor” or “cyber 9/11” kind of attack on the nation’s critical infrastructure. Yet no attack has come. It’s either because our attackers can’t do it or haven’t really wanted to so far—and “can’t” seems less likely every day. Are we prepared for what’s next? The original version of […]

Continue Reading...

Posted in Critical Infrastructure Security

 

How to protect our critical infrastructure | NCSAM at Synopsys

The 2018 Verizon Data Breach Investigations Report (DBIR) reported and analyzed 649 breaches in utilities, transportation, healthcare, and other verticals that employ operational technology (OT) systems in addition to traditional IT for their main operations. In total, that represents 29.2% of reported breaches (not incidents) in industries considered part of infrastructure verticals—and that doesn’t even […]

Continue Reading...

Posted in Critical Infrastructure Security

 

US vows to go on cyber offense

The original version of this article was published in Forbes. We’re all familiar with saber rattling. But this is the digital age. Welcome to the world of cyber rattling. This version of it comes in two policy papers from the U.S. government: the White House Cyber Policy and the Department of Defense (DoD) Cyber Strategy. One of […]

Continue Reading...

Posted in Critical Infrastructure Security, Government Security

 

Ukraine dodges attack, but VPNFilter threat remains

Ukraine had been warned. So it was prepared. And the result, according to the government’s intelligence branch, the Security Service of Ukraine (SBU), is that it was able to detect and thwart a cyber attack that used the now notorious VPNFilter malware against the Auly Chlorine Distillation Station, which supplies chlorine to 23 provinces of […]

Continue Reading...

Posted in Critical Infrastructure Security, Internet of Things

 

TRITON attack: A failure this time, but still ominous

Yet another cyber attack on a critical infrastructure installation ought to send yet another warning to operators of industrial control systems (ICS) that it is long past time to, as they say, harden their defenses. The attack, reportedly on a facility somewhere in the Middle East, was reported in early December by the Mandiant division […]

Continue Reading...

Posted in Critical Infrastructure Security, Data Breach