Showing Blog Posts: 21–30 of 37 by Gib Sorebo

  • Better Information Sharing – Is It the Way to Better Critical Infrastructure Protection?

    by Gib Sorebo on July 24, 2012

    Last week I attended a breakfast seminar in D.C. titled “Exploring Models of Cybersecurity Threat Information Sharing for Critical Infrastructure” that was sponsored by Hunton & Williams and MITRE. While I’ve attending numerous other talks on information sharing, this one had a number of interesting insights that are worth noting. The panel first highlighted some of the challenges and then noted…

  • The Social Costs of Critical Infrastructure Failures

    by Gib Sorebo on July 16, 2012

    In his seminal work, Bowling Alone, Robert Putnam laments the growing decline in social trust in our society as evidenced by declines in social interaction, civic involvement, and nearly every kind of community activity. That had led to a wide variety of ills, from increased crime to lower economic output. More important, many of our major institutions depend upon citizen involvement for their…

  • Water Systems: Are Hackers Getting Thirsty?

    by Gib Sorebo on August 19, 2011

    In the realm of critical infrastructure security, it’s easy to get caught up in discussions about smart grid and even oil and gas pipelines. After all, they are making news on a regular basis, with reports of foreign spies infiltrating our electrical grid and smart meter hacks. Additionally, human error or natural phenomena has often been the culprit for explosions that have led to a loss of…

  • Is the oil industry due for a little cyber security attention?

    by Gib Sorebo on June 1, 2010

    The legal profession is often seen as having the rather dubious distinction of seeking to profit at the misfortunes of others or, more simply, of being ambulance chasers. As law graduate myself, I don’t dispute that many practicing lawyers get rather aggressive around accident sites. Nonetheless, much of the profession’s bad name derives instead from the highly valuable function they perform, …

  • Smart Grid Security Jitters

    by Gib Sorebo on April 21, 2010

    Over the last couple years, those in the Smart Grid security community have witnessed a number of news reports on vulnerabilities with Smart Grid technology that are not particularly flattering. For example, a widely circulated AP article called into question the security of various smart meters currently being deployed. However, the article left out some of the caveats noted during their…

  • Reflections on Physical Security and Critical Infrastructure Track at RSA

    by Gib Sorebo on March 17, 2010

    Now that the RSA Conference is a pleasant memory, I wanted to reflect on the newly renamed Physical Security and Critical Infrastructure Track. In response to growing interest in maintaining the security of power plants, chemical facilities, pipelines, transportation systems, and many other industries dominated by industrial control systems and related equipment, RSA Conference organizers added…

  • The Many Shades of Project Grey Goose

    by Gib Sorebo on February 8, 2010

    As I noted in my previous post about a recent 60 Minutes segment, we often rely on rumor and innuendo as the basis for journalism in critical infrastructure. If a current or former high-ranking public official says he heard something, then it must be true. Unfortunately, Project Grey Goose, whose stated objective was “to answer the question of whether there has been any successful hacker attacks…

  • Cracking Down on SCADA Security

    by Gib Sorebo on January 21, 2010

    Critical infrastructure encompasses a vast array of industries and their associated platforms for control and monitoring of such critical functions as the delivery of water and electricity, operation of mass transit systems, and automation of our factories. While the devices differ, many are managed by supervisory control and data acquisition (SCADA) systems that define how transformers, braking…

  • Will convergence make the problem worse?

    by Gib Sorebo on January 12, 2010

    As I had written earlier, there seems to be a resurgence in the interest in converge security. Like any resurgence, the second time around often looks different. In this case, advancements in technology and the increasing use of Internet Protocol (IP)-based components for video surveillance, motion detection, and other physical security controls has led the use of common networks for all this…

  • Converged Security on a Comeback?

    by Gib Sorebo on December 28, 2009

    After the attacks of September 11, 2001, there was a renewed interest in an area known as “converged security.” This relatively straightforward concept called for the merging of the physical security and information security domains to address multi-domain attacks and leverage the strengths of each domain. For example, physical security folks are often better at investigations due to their more…

This document was retrieved from on Tue, 23 Sep 2014 14:23:25 -0400.
© 2014 EMC Corporation. All rights reserved.