Doug Bedell — September 29, 2014, 10:22 am

Electric Utilities Experiencing a ‘Watershed Year’ for Security


U.S. electric utilities are becoming more realistic about risks to the nation’s power grid from cyber attacks – hackers turning off the lights and much else – Security magazine reports.  “From a cyber-attack perspective,” it notes, “this year has been a watershed year for the electric and critical infrastructure industry.

“After generally resisting the notion of vulnerabilities because of the stated traditional controls of ‘air gaps’ between the internet and power generation equipment and heavy use of ‘proprietary SCADA IP protocols,’  Security reports, “the industry has finally had to acknowledge the increased threats and risks to normal service delivery.”

And that’s a good thing, says Carl Herberger, writer of the post. There are cyber threats to any industry these days, he notes. “However, I believe that the power generation industry in particular needs to rise above the normal corporate culture of security controls and become obsessive about removing risks and compulsive about action…”

Doug Bedell — September 26, 2014, 2:48 pm

FBI Advisory: Disgruntled ‘Insiders’ Plaguing Employers


Human resources departments have a new challenge reports Disenchanted employees are harassing current and former employers “using e-tools such as cloud storage sites or remote access to a company’s computer network,”  says the FBI.

“Such workers,” the report has it, “are using cloud storage tools such as Dropbox to steal trade secrets or proprietary software.

“Beyond that, the FBI says it’s conducting a growing number of ‘significant’ investigations into disgruntled and/or former employees who’ve used their network access to destroy data, obtain customer information, purchase unauthorized goods and services using customer accounts, or gain a competitive edge at a new company.”

Insuring that employees got to work on time used to be a prime challenge. These new challenges sound actually dire.


Doug Bedell — September 21, 2014, 5:35 pm

Updated U.S. ‘National Intelligence Strategy’ Released

United States Solution Concept Piggy Concept

James R. Clapper, Director of National Intelligence, has issued “the third iteration” of the National Intelligence Strategy for the United States over the next four years.

“We have seen a great deal of success in integrating intelligence in the five years since our most recent NIS,” Clapper writes, “with both high-profile operational achievements and significant enterprise improvements. Together, we must build on our successes and mitigate risks, guided by this updated strategy. We must continue to evolve as an integrated Community, advance our capabilities in technology and tradecraft, and push for improvements in both mission and enterprise management, through initiatives such as the IC Information Technology Enterprise.”

Security, of course, begins with sound strategy.

Doug Bedell — September 19, 2014, 11:40 am

Surveillance Over Security: A Fateful Choice

Bruce Schneier is tired of electronic surveillance – he’s a security guy, and bemoans the fact that the NSA and its like have opened the world to pervasive eavesdropping.

“We have one infrastructure,” Schneier writes. “We can’t choose a world where the US gets to spy and the Chinese don’t. We get to choose a world where everyone can spy, or a world where no one can spy. We can be secure from everyone, or vulnerable to anyone. And I’m tired of us choosing surveillance over security.” He likely has lots of company.

Doug Bedell — September 16, 2014, 12:06 pm

Social Theory Behind Security

businessman finger pressing enter button

Time to get a little sociological in security terms. Want to get a sharper idea of who might be approaching your entry points? Maybe not, but maybe some methodology is worth considering. Like Social Identity Theory, as explained and promoted in this post on Homeland Security Watch.

Christopher Bellavita writes that “Two of my colleagues – David Brannan and Anders Strindberg – argue in their book A Practitioner’s Way Forward: Terrorism Analysis that terrorism research has been conducted without much attention to analytical rigor. They believe SIT can help provide that rigor.” So add some “rigor” to the protection of your gates.

Doug Bedell — September 11, 2014, 9:12 am

Keeping the Internet on the Same Basis for All


Yesterday, you may have noticed, was “Internet Slowdown Day,” a day when prime Internet companies banded together to show what a slowed down Internet might be like if proposals to have different classes of Internet use – the end of “net neutrality” – prevail. May they not. Among its functions, the Internet is a key security tool and ought to remain available to users on the same “classless” basis that has brought it, and us all, this far.

Naked Security has an informative post on yesterday’s slowdown demonstration. We don’t need any more of them. The benefits of an equal access Internet are, as they say, self-evident.

Another, less enamored, view of net neutrality is presented by Joshua Steimle on Forbes.

Doug Bedell — September 8, 2014, 11:03 am

Strong Passwords a Security Must


The strength of Internet passwords is getting renewed attention, Bruce Schneier notes, because of the hacking of celebrity accounts on Apple’s iCloud servers. “The attack didn’t exploit a flaw in iCloud,” he writes, “the attack exploited weak passwords.”

Schneier, thereby, reenforces his longstanding advice to computer users: Rely on a well-regarded password manager to create and store your passwords. He’s been developing one himself, but there are others out there. Here, for instance, is Information Week’s listing of “10 Top Password Managers.” You can find more by Googling “password manager”. (The illustration shown above is from Information Week.)

Doug Bedell — September 5, 2014, 11:06 am

Our Vulnerable World’s Not a ‘PlayStation’


A barrier world friend of ours thinks there’s “Sure a lot of doom and gloom” in our posts and suggests, “Every now and then post a cute kitty photo for a little psychic relief.”  Well, there aren’t enough kitties to ward off the gloom when you see a post reporting that “Sony’s PlayStation Network was disabled by an online attack…”

“What often surfaces from the Internet’s underbelly,” says Yuri Kageyama of the Associated Press on In Homeland Security, “are acts that verge on pranks, and the culprits who get caught are the amateurs, such as a teenager in the Netherlands who tweeted a threat to an airline, saying she was part of al-Qaida and was planning to do ‘something really big.'” Sadly, there are those with bigger aims and capacities who may not get caught, at least in time.

Doug Bedell — September 3, 2014, 8:31 am

‘Electromagnetic’ Security Risks at Hand


Time to start getting – and staying – jittery over the security of electronic networks. IEEE Spectrum advises that “a briefcase-size radio weapon could wreak havoc in our networked world.” “Electromagnetic (EM) attacks, it adds, “are not only possible – they are happening.”

“Our infrastructure increasingly depends on closely integrated, high-speed electronic systems operating at low internal voltages. That means they can be laid low by short, sharp pulses high in voltage but low in energy – output that can now be generated by a machine the size of a suitcase, batteries included.”

Doug Bedell — September 2, 2014, 3:31 pm

Possibly Hacked: Now It’s Home Depot

Another day, another hacking story. Krebs on Security reports that “Multiple banks say they are seeing evidence that Home Depot stores may be the source of a massive new batch of stolen credit and debit carts that went on sale this morning in the cybercrime underground.” Would that it isn’t so. But the current IT security scene, with all its good and bad guys, makes it all too possible.