Tag Archives: infrastructure

My latest Gartner research: Vendor Rating: Huawei

Huawei has established itself as a solid provider of ICT infrastructure technologies across consumer, carrier and enterprise markets worldwide. CIOs and IT leaders should utilize this research to familiarize themselves with Huawei’s “all-cloud” strategy and ecosystem development….

Gartner subscribers can access this research by clicking here.




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hacking Critical Infrastructure: A How-To Guide

http://www.defenseone.com/technology/2015/07/hack-critical-infrastructure/118756/ By Patrick Tucker Defense One July 31, 2015 Cyber-aided physical attacks on power plants and the like are a growing concern. A pair of experts is set to reveal how to pull them off — and how to defend against them. How easy would it be to pull off a catastrophic cyber attack on, say, a nuclear power plant? At next week’s Black Hat and Def Con cybersecurity conferences, two security consultants will describe how bits might be used to disrupt physical infrastructure. U.S. Cyber Command officials say this is the threat that most deeply concerns them, according to a recent Government Accountability Office report. “This is because a cyber-physical incident could result in a loss of utility service or the catastrophic destruction of utility infrastructure, such as an explosion,” the report said. The most famous such attack is the 2010 Stuxnet worm, which damaged centrifuges at Iran’s Natanz nuclear enrichment plant. (It’s never been positively attributed to anyone, but common suspicion holds that it was the United States, possibly with Israel.) Scheduled to speak at the Las Vegas conferences are Jason Larsen, a principal security consultant with the firm IOActive, and Marina Krotofil, a security consultant at the European Network for Cyber Security. Larsen and Krotofil didn’t necessarily hack power plants to prove the exploits work; instead Krotofil has developed a model that can be used to simulate power plant attacks. It’s so credible that NIST uses it to find weakness in systems. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] GAO: Defense installation utilities at risk of cyber attack

http://www.militarytimes.com/story/military/2015/07/24/utility-cyber-attack/30615033/ By Andrew Tilghman Staff writer Military Times July 25, 2015 The utility systems that provide water, electricity and other essential services to military installations worldwide have limited defenses against cyber-attacks, putting many bases at risk for a “serious mission-disabling event,” a new Government Accountability Office report says. A recent GAO investigation identified a disturbing vulnerability in the military’s network of “industrial control systems,” the computers that monitor or operate physical utility infrastructure. For example, “most” Navy and Marine Corps industrial control systems (ICS) “have very little in the way of security controls and cybersecurity measures in place,” according to government documents identified by the GAO. That leaves many installations exposed to a “cyber-physical effect” attack that could cause the “physical destruction of utility infrastructure controlled by an ICS,” the GAO said. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] GAO: Defense installation utilities at risk of cyber attack

http://www.militarytimes.com/story/military/2015/07/24/utility-cyber-attack/30615033/ By Andrew Tilghman Staff writer Military Times July 25, 2015 The utility systems that provide water, electricity and other essential services to military installations worldwide have limited defenses against cyber-attacks, putting many bases at risk for a “serious mission-disabling event,” a new Government Accountability Office report says. A recent GAO investigation identified a disturbing vulnerability in the military’s network of “industrial control systems,” the computers that monitor or operate physical utility infrastructure. For example, “most” Navy and Marine Corps industrial control systems (ICS) “have very little in the way of security controls and cybersecurity measures in place,” according to government documents identified by the GAO. That leaves many installations exposed to a “cyber-physical effect” attack that could cause the “physical destruction of utility infrastructure controlled by an ICS,” the GAO said. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Evident.io encourages startups to boost AWS security

http://www.cloudpro.co.uk/cloud-essentials/cloud-security/5177/evidentio-encourages-startups-to-boost-aws-security By Clare Hopping Cloud Pro June 25, 2015 Evident.io has announced a startup and small business AWS Cloud Security platform to help those without a dedicated security resource ensure their Amazon cloud infrastructure is protected. Adrian Sanabria, an analyst with 451 Research, commented: “The rise of cloud computing has enabled small businesses to grow and thrive with affordable cloud infrastructure and powerful cloud-based tools, but it’s also created unprecedented security threats.” He explained that startups often set up multiple severs in the cloud before even thinking about the security implications this has, employing a security expert or buying even basic equipment for the office. It’s this ‘cloud-first’ attitude that can get organisations into trouble when it comes to securing their systems. “The biggest risk with cloud infrastructure, especially for ‘cloud-first’ businesses, is the management plane,” he commented. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] {Moderators Note} Infrequent Postings of InfoSec News

As you have probably noticed, postings to InfoSec News have been rather infrequent in the last few months, and the reason is relatively straightforward, I have been happily employed for the last six months with Evident.io. Subsequently after staring at a laptop for 8-10+ hours a day, staring at it for another couple to find all the security news everyone craves is some nights pretty tiring. I am in the process of bringing on a few interns to work in the background, so keep an eye on the website and mailing list as some cool things are in the works here. Likewise, if you have Amazon Web Services in your infrastructure and are curious where your risks lay, please visit https://evident.io and if you would like a demo, please drop me an email to: my first name AT evident.io Thank you for your time and support! Sincerely, William Knowles http://www.linkedin.com/in/williamknowles


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] How can SCADA security be improved for oil and gas companies

http://www.energyglobal.com/downstream/special-reports/29052015/How-can-SCADA-security-be-improved-for-oil-and-gas-companies-089/ By Deborah Galea Manager, OPSWAT. 29/05/2015 According to the recently released 2015 Dell Security Annual Threat Report, SCADA attacks are on the rise. The report found that in 2014 the number of attacks on Supervisory Control and Data Acquisition (SCADA) systems doubled compared to the previous year. Most of these attacks occurred in Finland, the UK, and the US, probably due to the fact that in these countries SCADA systems are more likely to be connected to the internet. The Dell Report came on the heels of findings from the US Industrial Controls Systems Cyber Emergency Response Team (ICS-CERT) showing that energy was the most targeted sector for attack among all critical infrastructure providers. “Since companies are only required to report data breaches that involve personal or payment information, SCADA attacks often go unreported,” said Patrick Sweeney, Executive Director of Dell Security. “This lack of information sharing combined with an aging industrial machinery infrastructure presents huge security challenges that will continue to grow in the coming months and years.” This does not come as a surprise to those in hydrocarbons. Many SCADA and industrial control systems (ICS) were built decades ago when cyber security was not yet an issue for the industry. There has been an inevitable collision as operational technology (OT) systems like SCADA come into closer contact with IT management modalities, introducing risks as systems not designed for outside connectivity are exposed to the internet. In addition to their importance for hydrocarbons, SCADA systems control key functions for other critical infrastructure providers, such as utilities, airports and nuclear plants. Successful attacks on SCADA systems could potentially cause disruptions in services that we all depend on every day. For this reason, SCADA attacks are often politically motivated and backed by foreign state actors with motives such as industrial espionage and major supply chain disruption. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] North Korean hackers ‘could kill’, warns key defector

http://www.bbc.com/news/technology-32925495 By Dave Lee and Nick Kwek BBC News 29 May 2015 North Korean hackers are capable of attacks that could destroy critical infrastructure and even kill people, a high-profile defector has warned. Speaking exclusively to BBC Click, Prof Kim Heung-Kwang said the country had around 6,000 trained military hackers. The warning follows last year’s Sony Pictures hack – an attack attributed to North Korea. Korean technology expert Martyn Williams stressed the threat was only “theoretical”. Prof Kim has called for international organisations to step in to prevent North Korea launching more severe attacks. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail