ICS Cyber Convergence

As I reflect on my career over the past 12+ years, starting as a traditional forensic analyst, then moving to incident response, intelligence fusion, strategic consulting, and so on, I can’t help but see similarities between my own journey and that of many cybersecurity organizations we support at Leidos Cyber.  Prior to 2005, when cyberattacks against the government and defense contractor world were being waged, we didn’t have time to stop and ask ourselves what we were seeing or doing.  Once we got our bearings and operations became more stable, we began to ask and answer questions as a CND community: What just happened? How can we fix it and secure ourselves? Why does this keep occurring?

Today, 12 years later, I think we’re in a better position. Cybersecurity has grown, matured, and evolved, however, I still hear questions like these from organizations I’m working with: How do I know what’s happening? Why aren’t we secure yet? Why is this still so hard?

The reason we’re unable to answer many of these reoccurring questions is because, as a community, we’re still approaching cybersecurity as if it’s a destination and there’s a finish line to reach –as if there is a single solution to our challenges. 

Cybersecurity is a Journey, Not a Destination

When we ask a question, like “Why are we not secure yet?” it presupposes there is an end state, a final place at which we can arrive and then move on the next objective.  That may be possible in a world where threats are static, tactics remain unchanged, and our enterprises do not evolve and transform over time. Unfortunately, we know that is not the world in which we operate.  The factors that make up our equation are constantly changing, which makes cyber a forever challenge.    

This is why we need to think of cyber security as a journey, rather than a destination. While this expedition may not have a finite endpoint, there are still things you can do to make it a more successful, effective trip.

  1. You Have to Start Somewhere There is a quote widely attributed to Lao Tzu, “Do the difficult things while they are easy and do the great things while they are small. A journey of a thousand miles must begin with a single step.”  Even if you don’t know where your journey may take you, you still need to know which direction to begin.  You must start from your base, and build from the foundation up.  You cannot create a world-class network defense overnight no matter how much money you’re willing to invest.  Rather, you begin by creating roadmaps to identify what people, process, and technology you need to progress; what are the points of dependency; what areas are complimentary; what will work within your organization’s culture; and what are the possible paths to get there.  Without a plan to evolve your organization, your team will always be reacting, chasing, and cycling – never truly advancing.  
  1. You Need the Right Equipment Would you use the same gear for hiking the Himalayas and navigating the Amazon?  Never. Similarly, for network defense you have to tackle each challenge separately and with a complete toolset – there is no single “silver bullet.”  Pinning your success to a particular technology or capability leads to tunnel vision and creates a single point of failure. When (not if) the adversary shifts tactics, or succeeds in circumventing that technology, then there’s nothing else to keep them at bay – no other way to detect and respond to the activity.  The answer is not logs, or SIEMs, or perimeter, or endpoint, or A/V, or dynamic analysis, or threat intelligence, or automation, or uber-analysts…it’s all of the above, operating in parallel.  Giving your network defense analysts the right toolset to meet whatever challenges and obstacles they face (now and in the future) is the key to victory. 
  1. You Need the Best “Travel Companions” To quote the famous author Robert Louis Stevenson, “We are all travelers in the wilderness of this world, and the best we can find in our travels is an honest friend.” You can’t and shouldn’t attempt to make any challenging and difficult journey alone.  Whether it’s having someone as a sounding board for major decisions, to help with obstacles, or to watch your network while you sleep, you need an “honest friend” on your cyber security journey.  Engage the right partners and trusted advisors, hire skilled analysts and technologists, utilize the right services, and leverage expertise within your organization to make your journey a success.
  1. You Need Accurate “Guide Books” When travelling to places unknown, it helps to have references for languages, culture, local resources, and the like from someone who has already been there.  Similarly, to make your cyber security journey as effective and efficient as possible, you need to understand how to leverage all of the resources at your disposal.  In the realm of network defense, adopting and operationalizing an analytical framework, employing tailored training programs, performing and ingesting 3rd party assessments, and integrating specialized technologies are all areas where expert guidance and industry best practices and standards are readily available to you. 
  1. You Need “Operational Intelligence” Knowing a winter storm is approaching the mountain you’re climbing or that traffic on your highway comes to a screeching halt during rush hour is valuable information you can use to make adjustments to your trip. Similarly, there is no better operational intelligence on what an enterprise will face tomorrow than what it faced yesterday, what it faces today, and what your peers are simultaneously facing.

    I like to explain “operational intelligence” as:
         1. The collection of information of value
         2. The ability to acquire and apply knowledge 

Collecting information that has no value is a waste of resources and time.  Successful intelligence operations enables your analysts to understand how a particular threat evolves over the course of weeks, months, or years.  It allows you to understand what your posture is against those threats, and what controls, detections, and mitigations you have to counter them.  And finally, successful operations enable you to look forward, to understand gaps, see the next challenge and obstacle, and start taking steps to meet it head on. It enables you to become an active defender rather than a passive observer.  

When I started my career, I knew only a small part of the puzzle. I had to continue advancing my skillsets, capabilities, and methods to meet new challenges—something I continue to do today.  I maintain my journey with confidence knowing I have the maps, gear, companions, and resources to succeed. Your organization may have some, all, or none of these elements for your own voyage—rest assured, you’re not alone. Take comfort knowing there are cyber security professionals, like Leidos, that can help you along your journey, no matter where you are on that path.


Choose the best "travel companions. Read our post on:

Read more

Arguably one of the most important aspects of cybersecurity is Threat Intelligence. Yet despite its importance, this particular discipline as part of a solid security posture is often underestimated in terms of importance.

The consulting company, Forrester, defines threat intelligence as the details of the motivations, intent and capabilities of internal and external threat actors. Forrester extends their definition of Threat Intelligence to include specifics on the tactics, techniques and procedures that hackers and Advanced Persistent Threats employ within their attacks. - Threat Intelligence Buyer’s Guide SANS CTI Summit, 10 February 2014.

At Lockheed Martin, we value Threat intelligence's primary purpose, which is to help the business better understand the risks and implications associated with threats in order to make better decisions regarding the safety of its customer, employees and intellectual property.

We also believe that by understanding the attributes of an APT, an organization can better build a proactive Security Operations Center (SOC). By proactivity we refer moving a SOC from a “set-it and forget-it mode” governed by reacting to threats to a predictive and agile infrastructure. This migration goes beyond blocking domains to using databases and intelligence gathered over years to understand attackers’ patterns of behavior. How do your attackers grow and change over time? What common tools do they use? What techniques do your attackers always employ after entering a network? An example of understanding the minutia concerning APT behavior includes knowing whether they send emails with a zip file on the bottom, or always start emails with “Dear Sir or Madam.” Do they always misspell a certain word or are they always asking for the same specific piece of information? Such intelligence makes future threats more identifiable and quickly categorized.

According to Forester and Lockheed Martin’s understanding of Threat Intelligence, another important aspect of this intelligence driven discipline is the sharing and collaboration of intelligence. Standardization within cybersecurity is a major challenge. The cybersecurity industry has reached a level where the sharing of information is readily available, however the struggle is now to determine and agree upon a set of standards as it relates to how we classify, validate and communicate intelligence.

In an ideal setting, the aggregation of valuable intelligence is filtered into a common set of standards and common nomenclatures, and fed to a group of trusted partners and sources.

With Threat Intelligence and Threat Intelligence sharing as core competencies, your organization can employ a centralized platform with Palisade®, which integrates into your present security infrastructures to deliver enterprise-wide visibility, awareness and alerting capability.

By focusing on Threat Intelligence and the collaboration behind such activities, your organization can go a long way to building a solid security posture where intelligence and actionable data is at the core of a proactive defense.

Read more

Recently, cybersecurity firm Darktrace announced an $18 million investment to hire new information security specialists in an effort to expand globally. According to Upstart Business Journal this investment represents a cash infusion in a woman-led cybersecurity company with a history of hiring female IT specialists. The result of this major infusion, according to the online journal, could “pave the way for a more equally representative industry.”

I have been a vocal advocate of increasing the presence of women and minorities within the cybersecurity industry throughout my career. Resources are scarce within this industry and the opportunity to tap within a market as robust, hard-working and well-educated as women and minorities highlights the potential to solve this huge resource challenge.

More importantly, cybersecurity is in large part about intelligence gathering and ingenuity. These two features blossom from a diverse infrastructure made up of varied backgrounds, educations, and cultures. It is my humble opinion that together as a heterogeneous workforce we are better equipped to solve the future challenges that APTs and hackers present.

In an industry like cybersecurity where only 11 percent of the information security workforce is female, there is plenty of room to grow. According to Virginia-based non-profit Women's Society of Cyberjutsu, 25 percent in the tech sector are women. The fact that only 11 percent are in cybersecurity presents a golden opportunity to grow this industry aggressively to meet the demands of future resources.

Make a Difference in Cybersecurity

One question that I commonly get asked in cybersecurity is, “how can we make a difference in cybersecurity and against cyber threats?” Supporting the education and hiring of women and minorities in cybersecurity is often my answer.

By flooding this sector with these groups of talented individuals, we can take larger strides as a society to bring better awareness of cyber-related issues such as insider threats, phishing campaigns, viruses, malware campaigns and denial of service attacks. All these issues require as much communication, awareness and training as we can provide. The dialog for supporting and advertising the education and hiring of women and minorities brings these cyber threats to the forefront in America, not only at the water coolers and coffee machines at work, but at the dinner tables at home, which is where this awareness of cybersecurity really needs to happen.

A common follow-up question to my answer is often “how can we make a difference in the education and hiring of women and minorities in cybersecurity?” The simplest answer is get involved.

Attend events like the National Women in Cybersecurity Conference (WiCyS) that took place in Atlanta, GA earlier this year. You can also become a member of their online community Women in Cybersecurity – WiCyS.

Another way to get involved is by working with your local high schools and universities to get cybersecurity further engrained with women and minorities in a STEM (Science, Technology, Engineering and Match) conversation. By vocally participating within these and other initiatives, you can make a big difference in thwarting the effects of cyber attacks while creating more opportunities for women and minorities within the cybersecurity field.

Read more

Ever get the feeling that your business-as-usual (BAU) mentality might get you into trouble? If you do and you’re in cybersecurity, you’re not alone. This feeling is not without good cause; organizations are not prepared to deal with severe and frequent cyber-attacks.

Lockheed Martin recently sponsored a Ponemon Institute survey of 678 US IT and IT security practitioners who are familiar with their organizations’ defense against cybersecurity attacks, and have responsibility in directing cybersecurity activities. When asked about the challenges to achieving a strong cyber defense, 75 percent of respondents say they see an increase in the severity of cyber attacks experienced by their organizations and 68 percent of respondents say they are more frequent. However, a smaller percentage of respondents (53 percent) say launching a strong offensive against hackers and other cyber criminals is very important to their organizations’ security strategy.

These survey results beckon the question that has evolved as the conversation has become within our organizations, are the investments we’re making in corporate America truly protecting us against today’s sophisticated adversaries? Another way to look at it is to ask “how can we be sure that the measures in place will protect us, or only provide a false sense of cybersecurity?”

In order to answer these questions, organizations need to avoid three common BAU-associated pitfalls.

#1: Alerts equal security:

“Things that go bing” is another way of phrasing this common pitfall. Security Operation Centers often seem packed with technology that are meant to alert us when bad things are happening. Traditionally organizations have bought (literally bought) into the idea that there is a mix of technologies that can be plugged into the network to find all the potential issues. So they invest heavily in tools “that go bing” to defend their network. This is what we call a vendor-driven response model.

To avoid this pitfall, understand that there’s no such thing as a silver bullet for cybersecurity, you can’t buy your way out of insecurity, and the traditional set-it-and-forget-it approach doesn’t work.

#2: Nightlight equals security

A short disclaimer: your staffing plan is up to you, and we’re not saying that you need 24x7 staffing. In fact, 24x7 staffing doesn’t always mean you’re covered. Often paying a person to stare at glass overnight can cause an organization to overestimate their security maturity. In avoiding this pitfall, ask yourself:

a) Do we have enough skilled cyber analysts to fill a 24x7 staffing plan?
b) Is the staff manning each shift equipped and qualified to react and mitigate threats, or are they serving as a manual escalation trigger to alert key staff?
c) Can technology be tuned and customized to alert and escalate when key events are detected?

#3: The pre-existing framework equals security

Some organizations believe that the process of reacting to alerts is a framework. Essentially they wait for something bad to happen and then react. So whether this is a planned strategy or just the reality of your current operations – not having an evolved, sustainable and scalable framework is a pitfall that plagues many organizations.

In mitigating this process, make sure you flesh out the processes behind how the technology and people aspect of your security will function. Map your tech environment, document roles and relationships, research and mirror other frameworks, and educate and train your staff to follow and understand your framework.

Most importantly, acknowledge that a framework in and of itself does not equate to security. It should be merely seen as a map that leads to a more secure posture. Your job should be to ensure that you’re map is as detailed and robust as possible so that you’re cybersecurity approach doesn’t get lost in the woods.

In many ways we can never fully avoid the feelings associated with a business-as-usual (BAU) mentality. But by following these tips, we can avoid three common pitfalls associated with BAU thinking and remove much of the threat of cyber-insecurity.

Read more

Advanced Persistent Threat (APT), as a term, is perhaps over-used in cybersecurity. Like the Boogie-Man that strikes fear into the minds and hearts of children at night, APTs work just as hard to ensure that CISOs and CIOs never rest easily. But just like the Boogie-Man, the trick to not being afraid of APTs is to understand them. Unfortunately, understanding APTs isn’t as simple as a bed time story.

The first signs of APTs came from targeted, socially-engineered emails dropping Trojans designed for exfiltration of sensitive information. They were identified by UK and US CIRT organizations in 2005. Although the name "APT" was not used, the attackers met the criteria that determines an APT. The term "advanced persistent threat" is cited as originating from the Air Force in 2006 with Colonel Greg Rattray.

Another complexity to understanding APTs are their definition and identifiable characteristics. The internet is filled with different definitions and varying character-traits that can often make this step confusing and ambiguous. One popular definition on the Internet of an APT sums up the definition of an APT nicely is:

“An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltration of information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat: (i) pursues its objectives repeatedly over an extended period of time; (ii) adapts to defenders’ efforts to resist it; and (iii) is determined to maintain the level of interaction needed to execute its objectives.” –National Institute of Standards and Technology

Within the computer security community, and increasingly within the media, the term is almost always used in reference to a long-term pattern of sophisticated hacking attacks aimed at governments, companies and political activists. The use of the term APT seems to be growing with the rising number of APT-related attacks, which according to a PC World story from a couple of years ago, noted 81 percent increase from 2010 to 2011 of APT attacks.

In a book released a couple of years ago called Reverse Deception: Organized Cyber Threat Counter-Exploitation, the authors define the following APT criteria:

  • Objectives – The end goal of the threat, your adversary
  • Timeliness – The time spent probing and accessing your system 
  • Resources – The level of knowledge and tools used in the event (skills and methods will weigh on this point) 
  • Risk tolerance – The extent the threat will go to remain undetected 
  • Skills and methods – The tools and techniques used throughout the event 
  • Actions – The precise actions of a threat or numerous threats 
  • Attack origination points – The number of points where the event originated
  • Numbers involved in the attack – How many internal and external systems were involved in the event, and how many people's systems have different influence/importance weights
  • Knowledge source – The ability to discern any information regarding any of the specific threats through online information gathering (you might be surprised by what you can find by being a little proactive)

Even though Advanced Persistent Threats play a strong role in cybersecurity planning, especially for large organizations, a lot of the fear and feeling of uncertainty about them can be eliminated by a simple understanding of what they are and what their pattern of attack typically looks like. Although the solution to removing the fear is never as simple as checking your closet, or server, at night before leaving, understanding the threat and partnering with an organization like Leidos can make your networks more secure.

Read more

Cybersecurity is arguably the biggest challenge facing most companies today. We are undergoing a change in IT Security where it seems like every company is subjected to endless cyber-attacks. With the increase in Advanced Persistent Threats to traditionally consumer-oriented organizations, the adoption of cyber regulations within private companies is more prevalent than ever. Although compliance does not in itself guarantee security, it’s a good starting point, especially when combined with best practices and guidelines that regulate the industry.

Seeking to avoid having government regulations imposed on them to force IT security, a number of companies are moving towards adopting and complying to a general IT security regulation like the Federal Information Security Management Act of 2002 (FISMA). Their hope is that self-regulation will prevent government mandates.

According to David Lawson, Director, Risk Management and Compliance at Acumen Solutions, "More and more companies are getting requests for FISMA control assessments." FISMA, a regulation built for federal agencies, holds executives at those agencies responsible for the security of their data and accountable for implanting security controls that meet minimum security requirements.

A discussion on the virtues of FISMA couldn’t be more appropriate. It’s clear that businesses need to do more to fight cyber attacks and to better protect their businesses and customers, preventing huge losses in the process. A recent survey by the Ponemon Institute showed the average cost of cyber crime for U.S. retail, for example, more than doubled from 2013 to an annual average of $8.6 million in 2014.

The Top Three Things to learn from FISMA

By following general FISMA guidelines, organizations can help bolster the security of their enterprise within the following areas:

Policies and Procedures:
FISMA can help organizations establish the policies and procedures designed to reduce information security risks in a cost-effective manner. This can often include building routines toward assessing cybersecurity that often bolsters an organization’s information security health throughout the year. Part of this proper regulatory planning includes periodic risk assessments that evaluate the potential damage and disruption caused by unauthorized access and procedures for detecting, reporting and responding to security incidents.

Training and Awareness:
Security awareness training for employees is a crucial element of proper enterprise security planning. Such topics covered should include security risks associated with day to day activities, and start with the basics such as the definition of the security roles and responsibilities, and users’ responsibility for complying with policies and procedures.

Testing and Evaluation:
FISMA does a good job at singling-out the need for an organization to perform effective analysis on information security policies, procedures, practices and controls. The frequency of these tests is up to the risk level of the organization, but most commonly are conducted annually.

Another best practice is to use technology for process automation and threat monitoring. Automation and centralized reporting tracking tools can increase the efficiency and quality of an organization's cybersecurity platform, not to mention the compliance efforts. This viewpoint on automation helps eliminate several manual reporting steps and leads to a reduction of redundancy.

Regulations are rapidly becoming an important part of cyber planning for organizations not traditionally impacted by compliancy, but which are very interested in becoming more secure. When used and understood properly, cyber regulations can help an organization new to cybersecurity build the foundation of a sound IT security platform that can help avoid headaches now and in the future.

Reference Links:

http://deloitte.wsj.com/cio/2013/06/03/fisma-takes-private-sector-by-surprise/

http://en.wikipedia.org/wiki/Federal_Information_Security_Management_Act_of_2002

http://www.bly.com/newsite/Pages/WP_FISMACompliance_062206.pdf

Read more

A necessary but relentless focus on regulatory compliance in the cybersecurity community may be shifting resources away from more complex threats. Although organizations focused on checking the compliance box are more likely to address the foundational solutions necessary in building a cybersecurity framework, this approach can also lead to a false sense of security.

The Ponemon Institute and Lockheed Martin recently surveyed 678 IT security leaders within the United States. The surveyed respondents were security practitioners familiar with their organizations’ defense against cybersecurity attacks and responsible for directing cybersecurity activities. (Download the Intelligence Driven Cyber Defense survey results.)

When asked about cybersecurity business priorities, compliance was rated the number one cybersecurity business priority (above confidentiality, interoperability, integrity and availability). The challenge with this common response is that compliance does not necessarily equal security. 

Achieving compliance provides organizations with a foundation to start becoming secure with. But there are ways they can be both compliant and remain vulnerable. For example, you can have a solid maintenance log to comply with a regulation or policy. However, how will that log be used to proactively defend infrastructure? Within the Utilities industry it’s one thing to comply with the NERC CIP requirement to map all networkable operational technology. However, what good does that do when protecting IP if you don’t actively monitor those devices for potential breaches?

A focus on compliance as a top priority may cause an unbalanced view of the controls and the vulnerabilities of a cybersecurity model. This, in turn, can prevent organizations from combating the most critical facet in risk management: the threats.

This unbalanced condition often results in a focus on incident response versus threat intelligence within the analyst realm. Threat intelligence is a critical element to an effective cybersecurity platform because attacks are ultimately caused by people, who are often unpredictable, non-constant and creative in their tactics. 

5 Tips on How to Achieve Compliance and Security

Compliance is an important aspect of cybersecurity and it should be a priority. The focus on protection, however, should be to measure compliance’s effectiveness rather than mere achievement of compliance. Below are five tips for achieving compliancy and security: 

  1. Map your environment Situational awareness is important, both inside and outside of the network. A common tenant for a majority of regulations is asset mapping. How much Operational Technology do you have? How much IT? Which assets are networked?

  2. Perform Due Diligence The comprehensive security analysis of many companies often ends at the door of the vendors and partners they work with. Yet vendors are often softer targets that attackers can exploit to gain access to your intellectual property (IP). Close this gap by working with your vendors to ensure that they remain not only compliant but also secure.

  3. Share, share and share Vigilance is the key to thwarting the most common threat to your network: the insider threat. A disgruntled employee or unauthorized person with some level of credentials looking to get behind the firewall and access your IP can be devastating. The key to stopping this is by sharing information outside the IT department and training employees on how they can help spot and stop cyberattacks.

  4. Eliminate redundancies Proper cybersecurity involves a lot of analysis. It’s easy to fall victim to analysis paralysis to generate redundant analytic results. Stop this by inventorying your reports, flagging redundancies and removing reports that take up space and add little value.

  5. Use compliance as a guide Compliance is a way to start building your cybersecurity footprint. It’s also a guide for maintaining a proactive cybersecurity approach. By adding the elements above with Intelligence Driven Defense®, your cybersecurity platform will grow beyond compliant and into the realm of the truly secure.

A functionally integrated cybersecurity platform places threats at the forefront. Architects, engineers and analysts adhere to a common methodology that incorporates threat analysis and threat intelligence across systems and processes. A threat-driven cybersecurity platform, tailored to fit with a compliant infrastructure is the combination that best ensures security in a strategic, tactical and operational manner.


Just In: Results of the Intelligence Driven Cyber Defense Survey

survey-ponemon-stylized
 

Get the survey >

 

Read more

Each year, the Internet of Things (IoT) makes strides towards transforming industries. IoT, or as it’s sometimes known as the Internet of Everything (IoE), are physical devices that placed on the Internet by installing wireless sensors on them. You see a lot of IoT in the consumer world, most commonly in home devices such as alarm systems, thermostats and electrical sockets to control lights remotely. Most of these devices are accessed by apps on your mobile device.

Within the last couple of years, IoT has slowly started to enter other markets. Sectors like healthcare and manufacturing are quickly learning about their potential value, particularly when combining IoT with business process management (BPM) programs. At face value, the benefits of this integration seem limitless. Real-time data analytics, immediate social and mobile capabilities to otherwise static and often hard to reach devices, and the ability to pair business-facing operations like inventory control and automated supply-chain capabilities with real-time consumer demand, creates a list of desired capabilities that is almost too appealing for any C level executive to resist.

But how safe are these devices? What can your organization do to protect itself from the danger associated with IoT? In past blogs you’ve heard us talk about the potential challenges between integrating Information Technology and Operational Technology. In many ways, this is very similar. On one hand you have a physical device, like an alarm system, which was built to interface with a live person, and therefore the device was designed from the ground up with accessibility as its core, data integrity as its next most important component, and confidentiality of data as the third priority. By integrating a sensor for wireless access, you’re now effectively opening the door to hackers by providing accessibility to a device that was not built primarily to protect the confidentiality of its data.

According to Earl Perkins, research vice president at Gartner,

The power of an Internet of Things device to change the state of environments and of itself will cause chief information security officers (CISOs) to redefine the scope of their security efforts beyond present responsibilities. IoT security needs will be driven by specific business use cases that are resistant to categorization, compelling CISOs to prioritize initial implementations of IoT scenarios by tactical risk. The requirements for securing the IoT will be complex, forcing CISOs to use a blend of approaches from mobile and cloud architectures, combined with industrial control, automation and physical security.” Gartner

 The Gartner article continues to state a prediction that by 2020 the installed base of "things" that make up IoT, excluding PCs, tablets and smartphones, will grow to 26 billion. That’s a huge leap from the estimated 0.9 billion units in 2009.

Despite the prospective issues associated with IoT from a security standpoint, there are two major steps that your organization can take to mitigate the cyber threat of the technology.

1. Map and know your environment

One of the dangers with IoT is the idea that they will proliferate on networks to a great degree, which will make it difficult for organizations to keep track of them, even as they take on increasing responsibilities. Once you lose track of how many you have, then you have an issue. This is a similar problem with IT and OT integration, especially within the utilities industry, because organizations lose track of how many IT-OT enabled devices they have and spend a lot of time just mapping their environment and trying to catch up. Industrial Defender not only offers the capability for your organization to better map these technologies, but also provides a snapshot from a centralized dashboard and portal. You can't fix what you don't know about, so this mapping is a vital first step, as well as an ongoing one, before anything else can be accomplished.

2. Assess and Plug vulnerabilities

Once your environment is mapped, assessing which set of IoT devices are specifically dangerous and building an approach to plugging their vulnerability can go a long way in defending from potential future attacks.

IoT is here to stay, and its implication to business and CISCOs that are both good and bad are still being determined. What is known, however, is that by mapping, assessing and addressing known vulnerabilities, you can go a long way to protecting your network.

Read more

A discussion with Mel Greer, Senior Fellow and Chief Strategist at Lockheed Martin

In the last two years, IT security breaches have hit the White House, the State Department, the top federal intelligence agency, the largest American bank, the top hospital operator, energy companies, retailers and even the Postal Service. With the New Year upon us it seems fitting to take a moment and assess the state of the cyber challenges ahead and potential strategies to surmount them.

For this post I turned to Lockheed Martin’s Senior Fellow and Chief Strategist, Melvin Greer (M) to discuss the high level statistics every CISO should be considering:


C: Describe the overall state of cyber security in the US.

M: This year has brought big news, significant changes and increased awareness of the evolving cyber-threat landscape. From a threat landscape perspective, we have seen some important developments.

Let’s start with the stark realities:

  • Credit and debit cards are among the most commonly breached credentials, together representing 62% of all information breaches
  • In healthcare industry, there were almost 2 million people affected by medical identity theft in 2012. They incurred about $12B in out of pocket cost due to these thefts.
  • In higher education, 50% of colleges and universities allow for the unencrypted transmission of sensitive information over email. 25% of these institutions actually advise applicants to send personal information via unencrypted email to admissions and financial offices
  • In the communications industry, less than half of all mobile device owners use security software on their devices. There are over 1M malicious and high risk apps on the market today that target the Android platform
  • Retail websites are the #1 target for hackers

C: What are the biggest threats?

M: Multiple new digital battlefields have emerged including critical infrastructures, Cloud Computing, Social Networks, Big Data and the Internet of Things.

9 out of 10 intrusions involve the following patterns:

  • POS Intrusions
  • Web App Attacks
  • Insider misuse
  • Physical Theft/Loss
  • Miscellaneous Errors
  • Crimeware
  • Card Skimmers
  • DoS Attacks
  • Cyber-espionage
(Also see Verizon 2014 Data Breach Investigations Report)

C: How can the enterprise protect themselves?

M: The evolution of cyber threats requires a new leadership approach, given that no matter what the security solution is to an existing problem, the problem itself will evolve and the leadership strategy driving the security solution must evolve with it.

Key first steps include:

C: What should individuals do to protect themselves?

M: Individuals actions and their subsequent education is directly tied to the strategy of the enterprise they are aligned with.  We know that threat sophistication has significantly changed; attack vectors, propagation methods, and even the ultimate objectives of the attacker have evolved.

It’s imperative that individuals become actively engaged in protecting their data.

  • Use personal anti-virus and firewall security on all personal devices
  • Always use strong passwords (greater than 8 characters, upper & lower case, number & symbol)
  • Do not click on links embedded in emails regarding financial transactions from banks, merchants or other sensitive parties.
  • Always go to the respective party's site by directly entering the URL in the browser in order to avoid phishing scams.
  • Employee awareness and training programs

In our experience most organizations find themselves woefully behind in implementing what they arguably know to be best practices. Perhaps the first step to take is collaboration. Talk with your peers and leading vendors in the space to get a more accurate picture of the threat facing your industry.

For more cyber security insights from Mel Greer register for his upcoming webinar on cloud security:

Understanding the Cloud Computing Threat Landscape

New Call-to-action

Read more

The “consumerization” of business technology is a relatively recent trend that continues to pick-up speed. Defined as the introduction of consumer technology within the corporate environment and for the use of work activities, the consumerization of business technology is best reflected in policies such as Bring Your Own Device (BYOD), which have become prevalent in most corporate environments.

mobile-devices-lowAs this trend continues to grow, the need to plan and deal with BYOD from the level of Chief Information Security Officer (CISO) and even Chief Information Officer (CIO) has been augmented to include home or personalized applications. Now, Bring Your Own Application (BYOA) is becoming a focal point in the IT security planning of many organizations.

These trends are natural. In many ways, our place of work is much like our home. We personalize our office spaces and socialize with our colleagues, and in recent years the corporate infrastructure has been changing to reflect this consumerization. BYOD and BYOA have become natural parts of the consumerization ecosystem, from the introduction of social media within organizations to improve collaboration to the migration toward cloud for business services—including an emphasis on accessible and consumer-like product and service tracking.

At the end of the day, all of these services and all of this consumer integration are focused around one greater need—the ability to provide end-users with mobility. Tech-agnostic computing, or the ability to work from any device at any time, is here today and not going away any time soon. So how should organizations react?

If your company is going to permit BYOD and BYOA, and allow teams of employees to integrate their own personal applications with corporate data, it becomes important to set expectations, produce procedures and rules, and explain those policies and regulations to your employees. This approach to protecting your enterprise must start with answering some basic questions:

  • How do we detect when people are conducting nefarious activities?
  • Do we have the proper monitoring currently on our network?
  • Do I have the controls in place?
  • Do my employees have proper authentication and application protection around BYOD?

These questions are important to answer before addressing the Mobile Device Management policies of your organization. Whether you have smartphones, tablets, or laptops in the workplace, you have an organized approach toward deploying, securing, monitoring, integrating and managing these mobile devices.

It’s also critical to answer these and other questions when addressing information management policies around the use and protection of intellectual property. This includes examining application security and control.

When these policies and procedures are established, it then becomes important to address user and device authentication. At this point, you begin to ask additional questions: How will a user authenticate on premise versus remotely? Can we track when they’re local versus remote? How will mobility impact the security?

Finally, data loss prevention becomes a crucial element in determining if sensitive data is on a mobile device. Once that capability is determined, you can begin to explore how to continue to protect it.

Mobility and the disruptive technologies fueling this trend, such as BYOD and BYOA, can be daunting from a CISO and CIO level. We know it’s here to stay. We also know that new mobile technologies continue to proliferate at alarming rates. Answering these seemingly basic “block and tackle” questions first can give your company a solid footing that will enable you to weather any BYOD or mobility-related storm.

Read more