menu

Topic:

Critical Infrastructure

National Security vs Paperwork – EPA Plan Threatens Water System Security

|
March 21, 2012

There comes a time when sharing too much information is a dangerous thing, and this is what the Environmental Protection Agency is about to do. In June, the EPA plans to establish Internet access for the public to view the non-Off-site Consequence Analysis (non-OCA) sections of the water sector’s Risk Management Plans (RMPs). The announcement from the Office of Emergency Management cites burdens associated with Freedom of Information Act requests and a need from the FBI and others for greater access to non-OCA data. Here are my two biggest problems with what EPA plans to do.

Read More

Protecting Networks – Public or Private Sector Responsible?

|
March 14, 2012

The two distinctly different Senate Cyber-Security bills currently making their way through the US Congress respond to the ever-increasing cyber assaults on the US, and particularly the CIKR sectors. It is clear that action must be taken to further harden our IT systems from these asymmetrical and often successful attacks. But remember cyber-security is a balancing act based on the risk tolerance of corporations and agencies. We have enough regulations already in place. What we need is more information sharing on a two-way street.

Read More

Critical Infrastructure Resilience – Effectively Addressing America's Achilles Heel

|
February 27, 2012

Today’s reality is the Internet is the repository of a huge and growing amount of code (including malware) whose origin and ultimate purpose are unknown. Yet, well-intentioned, repeated government calls for action have not and will not fix a problem enabled by globally deployed technologies. There has been (and continues to be) a great deal of rhetoric and staff activity on the subject, rhetoric is not results and activity is not accomplishment. The current approach to ensuring the operation of America’s critical infrastructures can only be characterized as lessons-observed because we have failed to change our behavior.

Read More

Napolitano’s Announcement Omits Cyber Threat to Global Supply Chain

|
February 3, 2012

By Michael Balboni
In an op-ed for Newsday, I examined Secretary Napolitano’s announcement of a National Strategy for Supply Chain Security, noting that it only mentioned the importance of physical security. Surprisingly, cyber threats were left completely off the table, though it is crucial to recognize that both these threats are actually inexorably intertwined.

Read More

Presidential Permit Mess

|
December 26, 2011

By Doug Doan
For anyone who needed a reminder of just how botched and dysfunctional it is to build or improve a border crossing, take a look at the toxic debate over the Keystone Pipeline. Fierce politics, nasty in-fighting, delay, distortion and misdirection all become standard fare. The Presidential Permit process was supposed to bring order and discipline to building anything across the border linking the United States, Canada and Mexico. But what a mess it has become. Every new idea must navigate an increasingly complicated bureaucratic gauntlet.

Read More

A Public/Public Partnership – Addressing Water Sector Security

|
December 2, 2011

Following the recent attention given to the water sector’s vulnerability to cyber intrusion, there’s been a lot of talk about what went wrong, whose fault it was and why changes need to be made in the sector. However, the challenge in addressing the water sector’s cyber security posture isn’t in outlining existing problems, but rather in generating realistic, affordable and timely solutions to mitigate them. My concern is that we may just keep talking about the problem without actually doing anything about it.

Read More

Water Security Expert Vance Taylor on Critical Infrastructure Hacking Incidents

|
December 1, 2011

Since news broke last week about a suspected cyber attack on an Illinois water utility, media, government and industry have probed the ramifications for U.S. critical infrastructure protection (CIP). Though DHS and FBI later found no attack had occurred, the incident does highlight vulnerabilities in the way utilities are secured against cyber threats. To understand these complex issues, reporters turned to water security expert, Catalyst Partners principal and Security Debrief contributor Vance Taylor.

Read More

Terrorists Embrace Internet Fraud to Fund Operations

|
November 29, 2011

By Rob Strayer
It is an unfortunate modern reality that cyber attacks are commonly used to steal money from businesses and individuals. Cyber attacks that disrupt or destroy physical assets, on the other hand, have been rare up to this time. The news over the weekend that a terrorist organization was able to finance its activities by hacking AT&T business customers’ telecommunications accounts represents a new and disturbing development in the use of cyber attacks by terrorists.

Read More

A Stark Reminder – Cyber Threats Are Real

|
November 23, 2011

As happy/relieved as I am to know that the Russians aren’t out to disrupt our water services, it is important to note that a water system in South Houston was the victim of a real cyber attack. (You’ll recall it occurred in direct response to DHS downplaying of the reported situation in Illinois).The would-be attack, and the actual one, are stark reminders that the threat of cyber attacks are real.

Read More

Water Plant Hack – Real Concern or Red Herring?

|
November 22, 2011

I have read several articles on the recent water plant cyber intrusion that damaged a pump in a small utility firm’s facility in Illinois. I am not a digital forensics analyst, but I do find the reactions very interesting. Frankly, I don’t know what the Water Plant incident really means, but at this point neither does anyone else. Can we afford to dismiss it, even if it turns out to be amateur hackers? I have said this before; the sky is not falling! However, we still need to up our vigilance and recognize that we have enormous vulnerabilities and competent adversaries.

Read More