Search Results for "third party software"

Biggest Threat to Critical Infrastructure? Lack of Imagination

The threats to critical infrastructure in the U.S. and elsewhere are so plentiful that even trying to enumerate them is futile (and not a bit depressing). But – if we were to rank them in order of importance – what would be at the top of that list? Clearly, as this blog has noted, software security is a major concern. Recently, the Industrial Control System CERT (ICS-CERT) warned about a sophisticated malware campaign targeting users of HMI (human-machine-interface) technology from leading vendors.  In at least some cases, the systems targeted were exposed directly to the Internet, making compromise simple. In other cases, industrial control system software is deployed with default administrator credentials, or easy to guess passwords. In other words: while some attackers are persistent and clever, many critical infrastructure owners make their job pretty easy. So, perhaps, its not software insecurity that belongs at the top of the list, […]

Continue Reading

Supply Chain Risk Escapes Notice At Many Firms

Online attacks that come by way of suppliers and other third party business partners are one of the biggest threats that modern organizations face. But too few firms are giving supply chain security the attention it deserves, a panel of legal and information security experts told attendees at a cyber security forum in Boston on Wednesday. Companies need to protect their exposure through third parties better, according to the panel: beefing up auditing of internal- and partner assets and including contractual protections that will indemnify them in the event that a breach at a supplier or business partner exposes data that materially affects their firm. The panel, “Fortifying the Supply Chain,” was part of a day long event at The Federal Reserve in Boston and sponsored by the Advanced Cyber Security Center, a technology industry consortium. It brought together top legal and information security experts, including FireEye researcher Alex Lanstein and Jim Halpert, the […]

Continue Reading

Essentials for Visibility-Driven Security

Visibility is surprisingly tricky. The security industry offers many disparate tools to provide customers “visibility” into what is happening on their networks. Among them are tools that track what applications are on the network, tools for enumerating and tracking software vulnerabilities, tools for determining when sensitive data has left a network, tools that indicate when attacks are underway and tools that identify and analyze network data flows – to name just a few. Of course, layered on top of all this “visibility” are further systems that correlate and analyze what the mission-specific tools are seeing. Promises of a “single pane of glass” aside, the result is often a mishmash of data and events that require skilled security practitioners to analyze and interpret. The mishmash, in turn, leads to errors in analysis and prioritization. Albert Einstein famously said  “Any fool can know. The point is to understand.” So it is in the information security industry, where a common refrain is “you can’t protect […]

Continue Reading

AllSeen Alliance Announces Smart Lighting Framework

Smart lightbulbs aren’t anything new. In fact, products like the Philips Hue bulb have been in the market for years. The devices, which typically couple a standard incandescent or CF bulb with a wireless transmitter, allow lights to be managed via mobile device and also respond to environmental changes monitored by other sensors. But – as with much of the Internet of Things – each family of smart bulbs is something of an island: interacting- and communicating mostly with other smart home products from the same manufacturer. That’s good for the lightbulb maker, but bad for smart home advocates, see out-of-the box connectivity across product silos as a precursor to broad adoption of smart home technologies.   It’s also been the case that the products that have been released have often fallen short in areas like security. In August, 2013, security researcher Nitesh Dhanjani disclosed a proof of concept hack […]

Continue Reading

The Key to Security in the Internet of Things – IEEE Spectrum

IEEE Spectrum has an article that provides a nice overview of security and privacy issues on the Internet of Things. The article by Mark Anderson highlights a number of the issues that have cropped up on these pages as well, namely: the rush to market in the consumer IoT space (much of it driven by crowd funding sites like IndieGoGo and Kickstarter) the lack of a strong business case for (consumer) manufacturers to build security into IoT products the tendency of large manufacturers to pursue siloed security standards that thwart efforts to build  devices interconnect with other IoT infrastructure (other devices, routers, etc.) So far efforts to coordinate IoT development around a single platform or set of standards have been reduced to predictable turf battles: Google’s Thread versus multi-vendor efforts like TheAllSeen Alliance,  The Open Interconnect Consortium, The Industrial Internet Consortium versus Apple HomeKit and HealthKit and others. In the […]

Continue Reading
1 24 25 26 27 28 34