Industrial Cyber Protection Levels Standardisation

February 2, 2019
by

0

A key challenge in cyber security (management) is meaningful metrics.This is even more challenging in areas where cyber risk management hasn’t exactly had decades of history to mature. Operational Technology (OT) is such an area. Organisations struggle to measure the as-is cyber security level of their OT domains towards the defined target levels at the […]

Posted in: Observation

Industrial IT Security Field Report (public conference presentation)

April 20, 2017
by

0

A few weeks ago I had the pleasure to present at the IT Security Strategy Days , a leading national IT Security conference in Germany, about our experiences (so far) at Airbus ICT approaching Industrial IT Security in our industrial manufacturing context for the last 3 years. I am sharing the main slides here. Of course […]

Posted in: Open Knowledge

Industrial Cyber Vulnerability Reporting Sources 2016

December 4, 2016
by

0

Abstract: Industrial systems cyber vulnerability advisories repositories 2016: The main contributors are security companies and independent researchers. The system’s creators are third. ——— Detail: On November 21st Siemens Product CERT  (and a day later the US ICS-CERT)  published a security advisory on vulnerabilities affecting Siemens industrial control system products ( ICS-CERT advisory ICSA-16-327-02). Our team, […]

Posted in: Observation

Digitalization in Manufacturing and the Industrial Internet of Tools and Machines. Risks and Opportunities for ICT Security Organizations

November 22, 2015
by

0

A blog post with food for thoughts I like to share, based on work I’ve done recently: reviewing/analyzing key IT characteristics of digitalisation in shop floor environments and its impact on ICT security organizations. Understanding the Development This blog post is not undertaking (another) attempt to debate in detail what terms such as Industrial Internet, Internet of Things, […]

Posted in: Uncategorized

Machine to Human Communication via Social Networks

November 30, 2014
by

0

“Machines can tweet, too” – so the title of an article of a recent version of the T-Systems customer magazine “Best Practice” reporting an interesting (and innovative) example of Smart Machines and the Industrial Internet – and how social media is meeting Industry 4.0 automation. From the article: “Schildknecht AG, …, uses Twitter to let machines […]

Posted in: Observation

How many things are in the Internet of Things? 6.593 billion in 2015 – says Bosch

March 10, 2014
by

0

The term varies a bit depending where you ask: “Web of Connected Objects” (France) ,”Industrie 4.0″ (Germany) and who you ask: “Industrial Internet” (General Electric), “Internet of Things and Services” (Bosch), “Internet of Everything” (Cisco) – but basically means the same: the transformation of life, business and production by not only connecting (traditional) computers and […]

Cyberspace meets the Plant?! So what? No Magic in SCADA Security Management.

May 6, 2013
by

0

Whenever a discussion is on-going about a rather complex and multi-layer subject, it is preferable that the participants agree on terms and definitions, hence meaning the same thing when using professional terms. SCADA is such a term nowadays that is frequently used in public (security) discussions – but unfortunately, not everybody seems to mean the same […]

Posted in: Observation, Opinion

Internet Reality 2013: 300Gbps DDoS Attack based on DNS

April 15, 2013
by

0

The DDoS attack on Spamhaus last month got a lot of attention not least because a) of the record-breaking traffic volume involved (300 Gbps) and b) because of the method used to generate the traffic: DNS reflection The attacks were able to flood the victim servers with 300 Gbps of traffic – DNS traffic (!). The idea behind […]

Posted in: Observation

Many speak of the security issues of the cloud – (too) few of its security opportunities

February 24, 2013
by

0

Since quite a while I am following with interest David T.S. Fraser’s blog on legal aspects of cloud computing. Though called Canadian Cloud Law Blog – News and commentary on legal aspects of cloud computing from a Canadian perspective – his expert commentaries are definitely applicable beyond Canadian soil and jurisdiction. One of his recent posts titled ‘Note […]

Dealing With (Thousands of) Personally Owned Devices – Observations at Intel’s IT Center Experts Tour

June 12, 2012
by

0

Last week I had the opportunity to attend a presentation of the Intel IT Center Experts Tour held in Ottawa. I expected the usual product and services marketing roadshow kind of thing – and this expectation was fulfilled to some extent.  Having said this, I was quite (positively) surprised when I encountered something I had […]

Posted in: Uncategorized

No surprise: Governmental access to Cloud data does not only exist in the USA

May 31, 2012
by

0

A recent White Paper titled “A Global reality: Governmental Access to Data in the Cloud” examines governmental authority to access data in the cloud in Australia, Canada, Denmark, France, Germany, Ireland, Japan, Spain, United Kingdom and the United States. The paper was written by Christopher Wolf and Winston Maxwell from (US based) international law firm  Hogen Lovells  and released at the Openforum […]

Posted in: Observation

A Brief Introduction (not only) for UN Folks on Information Security Classification

March 26, 2012
by

0

I recently needed a convenient method of introducing a very mixed audience (comprised of ladies and gentlemen from Finance, Legal, HR, Audit and several business lines) to the subject of information classification – information security classification, to be precise. While all of them are certainly experts in their specific area, only few of them were […]

Posted in: Open Knowledge

Cloud-Sourced Web Security Safeguards

January 4, 2012
by

0

The idea is as simple as it is genius and effective: Let the DNS server decide to grant or not to grant access to a requested URL. After all, almost all requests outbound of the organization’s internal network have to be resolved by an external DNS server and many (if not most) malware bots are […]

Posted in: Observation, Opinion

Top Controls That Work

November 6, 2011
by

0

There are some (not so many)  pragmatic InfoSec control “charts” around  – and one of the most well known is probably the SANS’s (Top) 20 Critical Security Controls list. Another one definitely worth your attention  is the Australian Department of Defence’s (Cyber Security Operations Centre’s) list of  the Top 35 Mitigation Strategies to Mitigate Targeted Cyber Intrusions. For […]

Posted in: Open Knowledge