Critical Infrastructure

Critical Infrastructure news, information, and how-to advice

scream wheelbarrow nightmare
eu civil protection exercise

electrical substation grid power lines

Grid security insights for 2017: Pressure mounts to prevent physical attacks

The new year will bring security challenges and its share of opportunities.

nuclear power plant

Is critical infrastructure the next DDoS target?

DDoS attacks are vastly bigger now, thanks to botnets composed of Internet of Things devices. A recent attack that took down a portion of the internet has led to questions about whether something similar could shut down critical...

twitter broken

BGP errors are to blame for Monday’s Twitter outage, not DDoS attacks

Early Monday morning, for about thirty minutes, Twitter went dark. Almost immediately, once service was returned, people started speculating about a massive attack. However, Monday’s outage wasn’t anything malicious, by all accounts...

power lines electric grid

Above the lines: Addressing grid security in the press

The electricity industry continues to improve its security posture, yet we are drowning in a sea of negative press.

hunting orange

It’s hunting season but who’s the prey?

There’s a trend in security operations to work to close the gap between discovering a breach after the damage has been inflicted, and delving deeper into the infrastructure to evaluate the “What/Where/When/How” in an effort to advance...

bullseye hospital healhcare

Unencrypted pagers a security risk for hospitals, power plants

For most of us, pagers went out when cell phones came in, but some companies are still using them and when the messages sent without encryption, attackers can listen in and even interfere with the communications

electrical grid powerline

Defending the grid

The vulnerabilities that allow hackers to infiltrate protocol and DDoS attack

power plant railroad tracks

Security convergence in a utility environment

It used to be that physical, operational and IT security were managed in isolation. However, criminals, activists and competitors don’t think that way and will use any vulnerability to gain access to your sensitive systems or...

fireworks dc washington

Lighting up a changing world

Everything from water and energy utilities to medical devices to food and drug production systems benefit from lightning fast operations that can be managed remotely or automatically. That provides exponential advances in speed, cost,...

truck 147912696

Meteors, disasters and the diesel generators

In August of 2003 it was just after 4 pm and I was leaving a vendor event where I was watching a professional tennis match. I was looking forward to the weekend ahead with a light Friday on the schedule. I could not have known how...

cisco industrial network director

ICS vulnerabilities are still rampant

Industrial control systems are part of the nation’s critical infrastructure. But according to a panel of security experts, they remain catastrophically vulnerable to cyber attacks.

security group team circuitry

Cyber incident response: Who does what?

“Who in the government will help me if we face a significant cyber incident?”

wedding rings

How to make mergers and acquistions work

When tech companies "Merge and Purge" their IP, organizations on both sides of the trades can get nervous. Here's one recent deal that could actually mean a better set of solutions for everybody concerned.

04 insider threat

Combating insider threats faced by utilities

Today, grid operators face daily external threats from cyber hackers and criminals vandalizing or destroying company assets. While protections are in place to help prevent these external threats, utilities must realize that insiders...

attestation documents

A tale of two PCI attestation documents

Is your PCI service provider willing to easily share their AoC? That’s a good sign.

cso 50 sm

The modern look of a utility's chief security officer

Security has received more attention in the last several years and organizations have realized that they lack a designated individual with the appropriate authority to carry out the security responsibilities of an organization. Enter...

black hat logo

Black Hat basics: Ruminations on 19 years of Black Hat Briefings

As this is my first venture into the world of blogs for CSO, the timing coincides with one of my favorite summer activities—traveling each August to the American desert, to roast in the Nevada sun, and attend the Black Hat Briefings....

fsb federal security service russia

Spies planted malware on critical infrastructure, Russian security service says

Russian military networks and other critical infrastructure have been hit by tailor-made malware, according to government officials.

Load More