Browsing All Posts filed under »Observation«

Industrial Cyber Protection Levels Standardisation

February 2, 2019 by


A key challenge in cyber security (management) is meaningful metrics.This is even more challenging in areas where cyber risk management hasn’t exactly had decades of history to mature. Operational Technology (OT) is such an area. Organisations struggle to measure the as-is cyber security level of their OT domains towards the defined target levels at the […]

Industrial Cyber Vulnerability Reporting Sources 2016

December 4, 2016 by


Abstract: Industrial systems cyber vulnerability advisories repositories 2016: The main contributors are security companies and independent researchers. The system’s creators are third. ——— Detail: On November 21st Siemens Product CERT  (and a day later the US ICS-CERT)  published a security advisory on vulnerabilities affecting Siemens industrial control system products ( ICS-CERT advisory ICSA-16-327-02). Our team, […]

Machine to Human Communication via Social Networks

November 30, 2014 by


“Machines can tweet, too” – so the title of an article of a recent version of the T-Systems customer magazine “Best Practice” reporting an interesting (and innovative) example of Smart Machines and the Industrial Internet – and how social media is meeting Industry 4.0 automation. From the article: “Schildknecht AG, …, uses Twitter to let machines […]

How many things are in the Internet of Things? 6.593 billion in 2015 – says Bosch

March 10, 2014 by


The term varies a bit depending where you ask: “Web of Connected Objects” (France) ,”Industrie 4.0″ (Germany) and who you ask: “Industrial Internet” (General Electric), “Internet of Things and Services” (Bosch), “Internet of Everything” (Cisco) – but basically means the same: the transformation of life, business and production by not only connecting (traditional) computers and […]

Cyberspace meets the Plant?! So what? No Magic in SCADA Security Management.

May 6, 2013 by


Whenever a discussion is on-going about a rather complex and multi-layer subject, it is preferable that the participants agree on terms and definitions, hence meaning the same thing when using professional terms. SCADA is such a term nowadays that is frequently used in public (security) discussions – but unfortunately, not everybody seems to mean the same […]

Internet Reality 2013: 300Gbps DDoS Attack based on DNS

April 15, 2013 by


The DDoS attack on Spamhaus last month got a lot of attention not least because a) of the record-breaking traffic volume involved (300 Gbps) and b) because of the method used to generate the traffic: DNS reflection The attacks were able to flood the victim servers with 300 Gbps of traffic – DNS traffic (!). The idea behind […]

Many speak of the security issues of the cloud – (too) few of its security opportunities

February 24, 2013 by


Since quite a while I am following with interest David T.S. Fraser’s blog on legal aspects of cloud computing. Though called Canadian Cloud Law Blog – News and commentary on legal aspects of cloud computing from a Canadian perspective – his expert commentaries are definitely applicable beyond Canadian soil and jurisdiction. One of his recent posts titled ‘Note […]

No surprise: Governmental access to Cloud data does not only exist in the USA

May 31, 2012 by


A recent White Paper titled “A Global reality: Governmental Access to Data in the Cloud” examines governmental authority to access data in the cloud in Australia, Canada, Denmark, France, Germany, Ireland, Japan, Spain, United Kingdom and the United States. The paper was written by Christopher Wolf and Winston Maxwell from (US based) international law firm  Hogen Lovells  and released at the Openforum […]

Cloud-Sourced Web Security Safeguards

January 4, 2012 by


The idea is as simple as it is genius and effective: Let the DNS server decide to grant or not to grant access to a requested URL. After all, almost all requests outbound of the organization’s internal network have to be resolved by an external DNS server and many (if not most) malware bots are […]

A Look at a DDoS Mitigation Service Fine Print

October 22, 2011 by


NeuStar UltraDNS is apparently one of the leading global managed DNS providers – handling a quarter of the Internet’s authoritative DNS traffic. One of the additional services they offer is called SiteProtect – a “cloud based DDoS mitigation service” that offers “Defense against DDoS attacks before they reach your infrastructure” , ” Protection for all HTTP and HTTPS traffic, regardless […]

bother with logs

September 19, 2011 by


At most places ( that I came across so far) the sea of log files produced by usually talkative IT infrastructures was still used in just a rudimentary fashion (if at all) for diving into it and retrieving information intelligence to be used for InfoSec analysis and management. The problem The security management team is desperately looking for […]

Reality Check: Using Digital Signatures for Business Email

August 21, 2011 by


Communication is the lifeblood to do business – and email is still the lifeblood for communication. Out of the box email of even the newest software and systems is not digitally signed. When looking at  the advantages the use of digital email signatures theoretically has (sender authenticity, message integrity, communication transaction non-repudiation) one should think it should […]

Protect your Intellectual Property – with (cookie) cans

July 10, 2011 by


In the meeting rooms of Evonic Industries, a German company specialized in chemicals, one can nowadays always find empty cookie cans. Not because Evonic managers are particular affectionate about sweets, but because they are supposed to put their cell phones into the cans when discussing confidential matters. The measure is one of the many instructions […]

The Return Of The Thin (Cloud) Client

June 21, 2011 by


Is the arrival of the (Google) Chromebook  the arrival of a business class Thin-Client-for Cloud-Computing? Now, the Thin-Client concept is anything but new, and thin clients are actually an endpoint-security dream for the InfoSec Manager. Application as well as OS vulnerability based attack vectors against thin clients are minimal compared to those of a “fat” […]