Showing Blog Posts: 11–20 of 43 by Gib Sorebo

Gib Sorebo


  • The FTC v. Wyndham Decision: A New Era or More of the Same?

    by Gib Sorebo on April 14, 2014

    The recent decision of the Federal Trade Commission v. Wyndham Worldwide Corporation reflected, for the first time, a court’s view on the Federal Trade Commission’s (FTC’s) authority to regulate cybersecurity under the Federal Trade Commission Act. The court concluded that (1) the FTC does have the authority to regulate cybersecurity under its authority in Section 5 of the FTC Act to address…

  • Manufacturing: The Frequently Forgotten Part of Critical Infrastructure

    by Gib Sorebo on April 7, 2014

    With all the different sectors listed as critical by the Department of Homeland Security, it’s easy to understand how some fail to get the attention they deserve. After all, losing power, water, or medical care may seem a lot more serious than not getting the latest tablet or smart phone. However, our economic sectors do not operate in isolation. Instead, they are an intricate set of dependencies…

  • The Oil and Gas Industry: A Surge in Cybersecurity Vigilance?

    by Gib Sorebo on March 31, 2014

    Last week I chaired a cybersecurity summit in Houston, Texas, one of many cybersecurity conferences focused on this sector. While the American Petroleum Institute (API) has sponsored such conferences for nearly a decade, the proliferation of these conferences along with the resurrection of an Information Sharing and Analysis Center (ISAC) for the oil and gas industry is a reflection of greater…

  • The Industrial Defender Acquisition: A Merging of National Security with Critical Infrastructure?

    by Gib Sorebo on March 17, 2014

    This last week, Industrial Defender announced that it had been acquired by Lockheed Martin for an unspecified amount. Brian Ahern and his team are to be congratulated on this apparently successful exit that they had been working towards for the last 12 years. Industrial Defender has long been the largest of the cybersecurity firms specializing in industrial control systems. It is a very fractured…

  • A Critical Infrastructure Guide to the RSA Conference

    by Gib Sorebo on February 20, 2014

    Once again the RSA Conference is upon us, and we have a wealth of opportunities to learn, network, promote what we do, or just take a break from our normal rat race. For many of us, attending, though, next week will be a marathon of meetings, demonstrations, sessions, vendor parties, and shuttling in between. It’s an exhausting but usually beneficial endeavor. But there is a lot going on. For…

  • The “New” Cybersecurity Framework: Did They Get the Marketing Right This Time?

    by Gib Sorebo on February 17, 2014

    This last week, the Obama Administration announced the release of its Framework for Improving Critical Infrastructure Cybersecurity and instantly sought to distinguish this framework from the plethora of other government and industry-sponsored frameworks that seem to be more interested in who the guidance was intended to serve rather than the substance of the guidance. For example, the Department…

  • Another (Almost) Target Lesson: Securing Control System Networks to Protect the Enterprise Side Works Too

    by Gib Sorebo on February 10, 2014

    In this column and elsewhere, we’ve seen plenty of exhortations to make sure that control system networks are sufficiently isolated from corporate networks so as to prevent infiltrations from finding their way to the more sensitive and “more important” parts of the organization. For those delivering electricity, pumping oil, or whipping up batches of hazardous chemicals, it is critical that…

  • “Keeping Up with the Joneses” May Not Mean Keeping Up With Security

    by Gib Sorebo on February 3, 2014

    As a cybersecurity consultant, I’m often asked by customers how they compare with their peers in the industry. This can vary from requests for simply anecdotal comparisons of products used to a full-fledged benchmarking of their entire cybersecurity program. Either way, it’s clear that aligning practices and spending with peers is important to many, particularly among critical infrastructure…

  • What the Target Breach Teaches Us About Standards, Regulations, and Critical Infrastructure

    by Gib Sorebo on January 30, 2014

    The recently disclosed security breach of Target’s® point of sale terminals and related infrastructure is likely a lesson on the limitations of standards and regulations to adequately protect sensitive information and critical systems despite the political piling on that traditionally visits a high-profile data breach. However, absent some newly discovered evidence of incompetence, the Target…

  • The Perils of Audits

    by Gib Sorebo on August 31, 2013

    Among critical infrastructure asset owners, a common device for ensuring that their cybersecurity risk posture is appropriate is an audit. We'll leave aside whether the motivation is compliance or simply a desire to be as secure as possible against attacks. In essence, both motivations often lead to the disaster that is the audit whether it is driven by "best practices" or a particular compliance…

This document was retrieved from on Sun, 26 Apr 2015 04:13:54 -0400.
© 2015 EMC Corporation. All rights reserved.