As the summer enjoyed its last hurrah, industrial
cybersecurity became a hot topic in the news. In August, we saw the U.S.
Department of Homeland Security working to increase security measures with a
new committee, and the National Institute of Standards and Technology’s put out
a new proposal to improve international standards in cyberspace. Underlying
these developments are the ever-present myths and real threats against our
critical infrastructure. For details on these stories and more, check out our
monthly snapshot of important industrial cybersecurity news below.
Five
myths of industrial control system security (SC Magazine, Aug. 20, 2015)
Despite widespread concern about cyberattacks on industrial
control systems, IT security models continue to use outdated methods of
cybersecurity based on several unfortunate myths. The belief that firewalls
provide adequate protection of our critical infrastructure is one myth that
perpetuates despite proof to the contrary. The fact is, firewalls offer only a
small amount of protection, but not enough to protect our irreplaceable power
grids or the many lives that could be affected by an industrial cyberattack.
Five
Reasons The U.S. Power Grid Is Overdue For A Cyber Catastrophe (Forbes,
Aug. 19, 2015)
The U.S. power grid is long overdue for a cyberattack,
according to Forbes contributor and CEO of think tank Lexington Institute, Loren Thompson.
The security community has noticed an increase in the number of attacks on
industrial control systems used to operate the power grid, a majority of which
were cyber-related. Thompson noted several reasons for this increase including
the grid’s numerous vulnerabilities, consistent oversights in its regulatory
structure and a lack of financial incentives to encourage security investments in
the industry.
Homeland
Security moves to prevent attack on power grid (The Hill, Aug. 14, 2015)
The U.S. Department of Homeland Security is creating a new
committee to boost digital defenses for the industrial sector. The reason
behind this decision is the increasing risk of cyberattacks to critical
infrastructure sites, especially as electric grids are getting smarter. Homeland
Security Secretary Jeh Johnson called for the panel to identify how well the
department’s “lifeline sectors” are prepared to deal with threats and recover
from a cyberattack. The committee is also tasked with providing recommendations
for a more unified approach to state and local cybersecurity.
A
Critical Time for Critical Infrastructure (Light Reading, Aug. 13, 2015)
According to a recent Intel Security and Aspen Homeland
Security Program report, operators of critical infrastructure are
over-confident in their ability to defend against attacks and misunderstand the
scale of the current threat environment. In North America, this reality is one
of the forces behind the North American Electric Reliability Corporation's
(NERC) Critical Infrastructure Protection (CIP) requirements. NERC CIP Version
5 calls for utilities of all sizes to meet new cyber security protection
requirements and has a compliance deadline of April 2016.
NIST identifies
objectives for cyber standards (FCW, Aug. 11, 2015)
The National Institute of Standards and Technology recently
drafting a new proposal, which includes four broad objectives for the
government’s pursuit of international standards in cyberspace: improve national
and economic security, ensure standards are technically sound, support
standards that promote international trade, and develop standards in tandem
with industry to boost innovation. If fully implemented, NIST declares the
guidance will “enable a comprehensive United States cybersecurity
standardization strategy.”
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.