Blogs: Critical Infrastructure

  • A Critical Infrastructure Guide to the RSA Conference

    by Gib Sorebo on February 20, 2014

    Once again the RSA Conference is upon us, and we have a wealth of opportunities to learn, network, promote what we do, or just take a break from our normal rat race. For many of us, attending, though, next week will be a marathon of meetings, demonstrations, sessions, vendor parties, and shuttling in between. It’s an exhausting but usually beneficial endeavor. But there is a lot going on. For…

  • The “New” Cybersecurity Framework: Did They Get the Marketing Right This Time?

    by Gib Sorebo on February 17, 2014

    This last week, the Obama Administration announced the release of its Framework for Improving Critical Infrastructure Cybersecurity and instantly sought to distinguish this framework from the plethora of other government and industry-sponsored frameworks that seem to be more interested in who the guidance was intended to serve rather than the substance of the guidance. For example, the Department…

  • Another (Almost) Target Lesson: Securing Control System Networks to Protect the Enterprise Side Works Too

    by Gib Sorebo on February 10, 2014

    In this column and elsewhere, we’ve seen plenty of exhortations to make sure that control system networks are sufficiently isolated from corporate networks so as to prevent infiltrations from finding their way to the more sensitive and “more important” parts of the organization. For those delivering electricity, pumping oil, or whipping up batches of hazardous chemicals, it is critical that…

  • “Keeping Up with the Joneses” May Not Mean Keeping Up With Security

    by Gib Sorebo on February 3, 2014

    As a cybersecurity consultant, I’m often asked by customers how they compare with their peers in the industry. This can vary from requests for simply anecdotal comparisons of products used to a full-fledged benchmarking of their entire cybersecurity program. Either way, it’s clear that aligning practices and spending with peers is important to many, particularly among critical infrastructure…

  • What the Target Breach Teaches Us About Standards, Regulations, and Critical Infrastructure

    by Gib Sorebo on January 30, 2014

    The recently disclosed security breach of Target’s® point of sale terminals and related infrastructure is likely a lesson on the limitations of standards and regulations to adequately protect sensitive information and critical systems despite the political piling on that traditionally visits a high-profile data breach. However, absent some newly discovered evidence of incompetence, the Target…

  • The Perils of Audits

    by Gib Sorebo on August 31, 2013

    Among critical infrastructure asset owners, a common device for ensuring that their cybersecurity risk posture is appropriate is an audit. We'll leave aside whether the motivation is compliance or simply a desire to be as secure as possible against attacks. In essence, both motivations often lead to the disaster that is the audit whether it is driven by "best practices" or a particular compliance…

  • The Evolution of What We Value and How Much

    by Gib Sorebo on August 19, 2013

    In the current controversies involving what our intelligence community is collecting about its citizens, the issue has frequently been framed as a balance of protecting the personal safety of people versus protecting one’s privacy. While delving deeper may reveal a false dichotomy, we nonetheless must acknowledge that such tradeoffs do exist. At the very least, we’ve come to expect and accept…

  • Bring Your Own Device (BYOD) for Control Systems?

    by Gib Sorebo on June 6, 2013

    I just finished attending Interop Las Vegas where I gave a talk entitled “BYOD Security and Privacy.” In walking the show floor and attending a variety of sessions, there was little doubt that Bring Your Own Device (BYOD) is a hot topic that cybersecurity professionals are struggling to get their arms around. The challenge is further magnified by the fact that this trend is less one of technology…

  • RSA 2013: The Culmination of Cybersecurity Month

    by Gib Sorebo on March 12, 2013

    It’s not unusual for cybersecurity vendors to time new product announcements and major initiatives to coincide with the RSA Security Conference. Similarly, major threat reports, such as Mandiant’s APT1 Report, are often released to gain maximum exposure at RSA. But now it seems the White House has gotten into the act with its release of the Cybersecurity Executive Order, or so the conspiracy…

  • Is Cybersecurity Training and Education the Answer?

    by Gib Sorebo on January 22, 2013

    As politicians fight over the right approach to addressing cyber threats, the consensus seems to be that more training and education are needed, particularly in the area of critical infrastructure. Many proclaim, somewhat accurately, that many cybersecurity weaknesses are the result of users clicking on links or opening files that they should not. Logically, then, those same users should be…

This document was retrieved from http://www.rsaconference.com/blogs on Fri, 24 Oct 2014 19:06:11 -0400.
© 2014 EMC Corporation. All rights reserved.