Menu

Blogs: Critical Infrastructure

  • Critical Infrastructure at RSAC 2017

    by Gib Sorebo on February 9, 2017

    With this year’s RSA Conference almost upon us, it might be helpful to take a look at how critical infrastructure is playing out this year. While we’ve seen a few cyber attacks in the news targeting critical infrastructure, things have been quiet for the past year. In some ways, we’re starting to see the market mature beyond answering the mail for North American Electric Reliability Corporation…

  • Building an Internet of Things Risk Model in the Wake of Mirai

    by Gib Sorebo on December 30, 2016

    For many of us, Internet of Things (IoT) security has been nothing more than a cocktail party conversation. It sounds interesting but doesn’t necessarily affect our work or personal lives even if our job includes cybersecurity. While it is clearly a concern for operators of medical devices or industrial control systems, it seems less relevant for the typical enterprise or consumer. After all, …

  • Why Study Cybersecurity?

    by Gib Sorebo on September 4, 2016

    Recently, I started exploring ways I could be a stronger advocate for a course of study and a career in cybersecurity to students at the University of Chicago, my alma mater. For many attending elite schools, careers in anything information technology strike many as too vocational. In fact, for years, the University of Chicago didn’t even offer an undergraduate degree in Computer Science. …

  • There is Such a Thing as Security Return on Investment: Well, Sort of

    by Gib Sorebo on March 1, 2016

    Having spent a fair amount of time with critical infrastructure operators, I’ve gotten used to the groans and eye rolls I receive when I try to explain why they need to spend more money on cybersecurity. Whether it’s to satisfy a compliance requirement or to reduce the risk of a cyber attack by some incalculable amount, the common perception is that we’re getting in the way of a profitable…

  • Why Threat Matters for Critical Infrastructure

    by Gib Sorebo on December 15, 2015

    As the drumbeat of cybersecurity breaches seems ever-present in the media, we’re starting to see some real attention being paid to this function in a number of verticals, and a willingness to go beyond their regulatory compliance obligations. For example, large retailers have reorganized their security teams and made significant investments in personnel and technology. Healthcare organizations, …

  • Getting “Eyes on the Glass” for Critical Infrastructure

    by Gib Sorebo on January 29, 2015

    It’s sort of ironic that the sector with the most 24x7 control rooms, still struggles with monitoring for cyber attacks. However, the critical infrastructure sectors, for the most part, change slowly. And while they have always appreciated the need to monitor operations around the clock, those operations had been largely self-contained with limited exposure to outside networks. Consequently, …

  • The Sorry State of Cybersecurity Threat Intelligence

    by Gib Sorebo on January 21, 2015

    During the opening montage of every Law and Order episode is the statement (by now probably burned into all our collective consciousness): “In the criminal justice systems there are two separate yet equally important groups, the police who investigate crimes and the district attorney who prosecutes the offenders. These are their stories.” What is typically left out of both the TV show and the real…

  • Are You Building a Cybersecurity Ecosystem or Just a Bunch of Controls?

    by Gib Sorebo on January 14, 2015

    With all the emphasis on cybersecurity frameworks over the last couple years, it probably shouldn’t surprise anyone that a lot of organizations find themselves working off checklists of cybersecurity controls that they assume will give them better security. What is often missed is that these controls need to work together as an integrated system. For thousands of years, we’ve understood this in…

  • What the Sony Hack Means for Critical Infrastructure

    by Gib Sorebo on January 8, 2015

    Given the number of major breaches making the news, not only do they begin to blur together, but it also becomes easy to underappreciate the significance of each one. The Sony hack may have gotten lost in the crowd if it weren’t for the way Sony responded, by cancelling or postponing the release of “The Interview.” Moreover, the source of the attack was not some garden variety criminal hacker or…

  • No ROI Means No Priority: The Fallacy of Why Cybersecurity Doesn’t Get the Attention It Deserves

    by Gib Sorebo on October 13, 2014

    For years, cybersecurity professionals and many IT specialties have lamented that our concerns don’t get enough attention and (more importantly) funding from senior management. We complain that we’re relegated to one of many back office functions like procurement, human resources, or facilities, functions that we, ironically, treat with the same level of boredom and disdain that we feel are…

Are you interested in contributing to the RSA Conference blog?  Download our 2017 Editorial Calendar for more info. 

This document was retrieved from http://www.rsaconference.com/blogs on Tue, 28 Mar 2017 17:47:39 -0400.
© 2017 EMC Corporation. All rights reserved.