A lot has been written about Stuxnet, one of the big revelations was the malware had jumped an air-gap. The on-going debate is whether air-gaps work, or would joining the networks in a controlled way REDUCE the vulnerability.
A recent article in the NY Times claims:
The vast majority of targeted computer attacks now start with a malicious e-mail sent to a company employee. Now evidence suggests that the same technique could be used to attack watersheds, power grids, oil refineries and nuclear plants.
This cannot be allowed to happen, here I explore the issue in a little more detail.
Is it viable to build a Data Diode for $1612?
Due to recent security incidents, there is now a significant debate with regard to what is the best way to protect Industrial Control Systems (ICS).
At a recent Industry event discussing security, a question was rasised as to who needs to take ownership of security issues, the comment was made that it needs to be
“someone senior enough to care, but junior enough to know what they are talking about”
This summarises a major issue in the cyber security industry.
Continue reading “Whose Role is Security?”
This is an insightful debate in the Economist, the full title being
This house believes that a hyper-connected world is more rather than less secure.
Sadly I missed the online comment period, so was not able to offer my thoughts in the debate itself. I would have voted less secure.
Continue reading “Economist Debate: “…a hyperconnected world is more rather than less secure.””