Critical Infrastructure

Critical Infrastructure news, information, and how-to advice

truck 147912696
cisco industrial network director

dhs security

Cyber incident response: Who does what?

“Who in the government will help me if we face a significant cyber incident?”

wedding rings

How to make mergers and acquistions work

When tech companies "Merge and Purge" their IP, organizations on both sides of the trades can get nervous. Here's one recent deal that could actually mean a better set of solutions for everybody concerned.

04 insider threat

Combating insider threats faced by utilities

Today, grid operators face daily external threats from cyber hackers and criminals vandalizing or destroying company assets. While protections are in place to help prevent these external threats, utilities must realize that insiders...

attestation documents

A tale of two PCI attestation documents

Is your PCI service provider willing to easily share their AoC? That’s a good sign.

cso 50 sm

The modern look of a utility's chief security officer

Security has received more attention in the last several years and organizations have realized that they lack a designated individual with the appropriate authority to carry out the security responsibilities of an organization. Enter...

black hat logo

Black Hat basics: Ruminations on 19 years of Black Hat Briefings

As this is my first venture into the world of blogs for CSO, the timing coincides with one of my favorite summer activities—traveling each August to the American desert, to roast in the Nevada sun, and attend the Black Hat Briefings....

fsb federal security service russia

Spies planted malware on critical infrastructure, Russian security service says

Russian military networks and other critical infrastructure have been hit by tailor-made malware, according to government officials.

flow chart process

It's all about critical processes

Critical processes run the business and should be the targets of risk assessments, pen tests, and vulnerability management procedures.

cybersecurity

Digital security officer recruitment challenges and victories on the cyber battlefield

Veteran cybersecurity recruiter and leadership adviser S. A. Spagnuolo, of global executive search firm ZRG Partners, offers greetings to the reading audience, provides a quick primer on his background and sets his agenda going...

petrochemical plant

Stealthy cyberespionage malware targets energy companies

Security researchers have discovered a new malware threat that goes to great lengths to remain undetected while targeting energy companies.

high voltage substation electrical

Security from the outside looking in

Utilities that utilize red team exercises can benefit from the knowledge they produce, so long as you have executive buy in and are willing to take potential criticism.

insider threat

9 critical controls for today's threats

Many controls we've used for years can't effectively deal with today's threats. We must extend some and add others to prevent, detect, and respond to emerging threats to our business operations.

malware attack cyberespionage code hacker

When you isolate your industrial control systems don't forget about DNS

Many organizations that run industrial control systems, whether they're manufacturers or public utilities, strive to isolate them from the Internet, but sometimes forget to disallow Domain Name System (DNS) traffic, which provides a...

areva nuclear plant

Mysterious malware targets industrial control systems, borrows Stuxnet techniques

Researchers have found a malware program that was designed to manipulate supervisory control and data acquisition (SCADA) systems in order to hide the real readings from industrial processes.

US flag in front of government state capital

'Security Mom' talks about role of cyber in government agencies

Former assistant secretary at the U.S. Department of Homeland Security, says the government needs more skilled cyber security practitioners

power storm power lines electricity overhead power lines 000000583296

Maintaining a utility's security and reputational risk is vitally important

Building a utility's reputation may take years, but it can be damaged or destroyed very quickly from a security event. Reputational risk is regarded as the greatest threat to a company's market value and standing in the community.

gundremmingen nuclear power plant

Is this the nuclear power hack we've all feared? Hardly.

Bavarian nuclear power plant discovers malware.

refinery 109025 1920

Energy infrastructure cyber risk outlook for 2016

Risk predictions in relation to the cyber threat landscape posed by criminals, hacktivists, spies, and cyber warfare.

Load More