Blog – LEO

SethJaffe
November 1, 2018

Canada’s Breach Notification Regulation Goes into Effect Today

Canada’s Breach Notification Regulation Goes into Effect Today https://leocybersecurity.com/wp-content/uploads/2018/11/Canadian-Flag-1.jpg 848 476 SethJaffe SethJaffe https://secure.gravatar.com/avatar/?s=96&d=mm&r=g November 1, 2018 March 12, 2019

Back in April, Canada adopted additional regulations related to its cyber security law, the Personal Information Protection and Electronic Documents Act (“PIPEDA”). The new regulations dictate requirements for reporting a data breach and they go into effect November 1, 2018. Specifically, a report to Canada’s Office of the Privacy Commissioner must contain: a description of [...]read more

SethJaffe
October 10, 2018

Speed Warp – The Data Breach Notification Hustle

Speed Warp – The Data Breach Notification Hustle https://leocybersecurity.com/wp-content/uploads/2019/03/Star-Trek-Warp-Drive.jpg 1920 1080 SethJaffe SethJaffe https://secure.gravatar.com/avatar/?s=96&d=mm&r=g October 10, 2018 March 12, 2019

By Seth Jaffe. Companies are starting to feel the squeeze of compressed data breach notification time frames. Facebook is a prime example. Going by the wayside are the loose timelines for notifying agencies or data subjects, only to be replaced by concrete notification windows. At present, just under 20 states have injected specific time frame [...]read more

SethJaffe
October 9, 2018

Is Your Cybersecurity Program Protecting Against Hardware Threats?

Is Your Cybersecurity Program Protecting Against Hardware Threats? https://leocybersecurity.com/wp-content/uploads/2019/03/20160123-TRON-4.0-Bank-01-43-of-270.jpg 1224 816 SethJaffe SethJaffe https://secure.gravatar.com/avatar/?s=96&d=mm&r=g October 9, 2018 March 12, 2019

By Seth Jaffe. Last week, Bloomberg exposed a hardware backdoor surreptitiously placed on circuit boards by operatives from a unit of the China People’s Liberation Army. This tactic is not new. Indeed, the article claimed that U.S. officials had caught China attempting this in the past. Edward Snowden, back in 2014, famously accused the NSA [...]read more

IsiahJones
October 3, 2018

Security Practices for IEC 61131-3 PLC Programming Languages Part 5: ST

Security Practices for IEC 61131-3 PLC Programming Languages Part 5: ST https://leocybersecurity.com/wp-content/uploads/2018/10/Structured-Text.jpg 1024 576 IsiahJones IsiahJones https://secure.gravatar.com/avatar/?s=96&d=mm&r=g October 3, 2018 March 12, 2019

By Isiah Jones VP, Global ICS Security Service Delivery & Brian Foster Sr ICS Cybersecurity Engineer Within the industrial control systems (ICS), automation, operational technology (OT), cyber-physical systems (CPS), industrial internet of things (IIoT) and instrumentation communities many of the devices with some form of computing and logical capabilities rely on 5 primary programming languages [...]read more

BrianFoster
September 13, 2018

Security Practices for IEC 61131-3 PLC Programming Languages Part 4: IL

Security Practices for IEC 61131-3 PLC Programming Languages Part 4: IL https://leocybersecurity.com/wp-content/uploads/2019/03/IL.png 752 435 BrianFoster BrianFoster https://secure.gravatar.com/avatar/?s=96&d=mm&r=g September 13, 2018 March 12, 2019

By Isiah Jones & Brian Foster Within the industrial control systems (ICS), automation, operational technology (OT), cyber-physical systems (CPS), industrial internet of things (IIoT) and instrumentation communities many of the devices with some form of computing and logical capabilities rely on 5 primary programming languages specific to programmable logic controllers (PLCs) that are defined in [...]read more

ClintBodungen
September 11, 2018

And The ICS Cybersecurity Debate Continues On…

And The ICS Cybersecurity Debate Continues On… https://leocybersecurity.com/wp-content/uploads/2019/03/image002-1.jpg 1791 1007 ClintBodungen ClintBodungen https://secure.gravatar.com/avatar/?s=96&d=mm&r=g September 11, 2018 March 12, 2019

Recently I ran across a post on Linkedin in response to DHS statements and media reports pertaining to Russian hacking against the U.S. power grid. A central theme of the post cautions readers to guard against “deliberate or recklessly misleading” and “exaggerated” statements. One of the post’s claims generated significant concern, “I see no possibility [...]read more

IsiahJones
August 21, 2018

Security Practices for IEC 61131-3 PLC Programming Languages Part 3: FBD

Security Practices for IEC 61131-3 PLC Programming Languages Part 3: FBD https://leocybersecurity.com/wp-content/uploads/2019/03/fbdex.png 721 298 IsiahJones IsiahJones https://secure.gravatar.com/avatar/?s=96&d=mm&r=g August 21, 2018 March 12, 2019

JustinSilbert
July 30, 2018

Business Email Compromise and the Importance of Being Earnest

Business Email Compromise and the Importance of Being Earnest https://leocybersecurity.com/wp-content/uploads/2019/03/BEC_image.jpg 1400 893 JustinSilbert JustinSilbert https://secure.gravatar.com/avatar/?s=96&d=mm&r=g July 30, 2018 March 12, 2019

By Justin Silbert. Business Email Compromise (BEC), along with all cyber crime, is continuing to thrive. The FBI is now estimating that the cost of BEC has reached $12 billion since October 2013 and the losses continue to grow. When talking about financial cyber crimes, BEC is one of the simplest and most effective scams. [...]read more

SethJaffe
July 12, 2018

Cyber Security ROI: It may happen sooner than you think

Cyber Security ROI: It may happen sooner than you think https://leocybersecurity.com/wp-content/uploads/2019/03/NYC-upside-down.jpg 1280 724 SethJaffe SethJaffe https://secure.gravatar.com/avatar/?s=96&d=mm&r=g July 12, 2018 March 12, 2019

By Seth Jaffe. You’ve heard it before. Companies are slow to invest in cyber security because they see few returns.[1] But that is likely to change, and it may occur sooner than we expected. Let’s first set the context. An executive recently made the comment to me that “cyber security is just another cost of [...]read more

BrianFoster
July 10, 2018

Security Practices for IEC 61131-3 PLC Programming Languages Part 2: Ladder Logic

Security Practices for IEC 61131-3 PLC Programming Languages Part 2: Ladder Logic https://leocybersecurity.com/wp-content/uploads/2019/03/ladder-logic-examples.png 900 550 BrianFoster BrianFoster https://secure.gravatar.com/avatar/?s=96&d=mm&r=g July 10, 2018 March 12, 2019

IsiahJones
June 19, 2018

Security Practices for IEC 61131-3 PLC Programming Languages Part 1: SFC

Security Practices for IEC 61131-3 PLC Programming Languages Part 1: SFC https://leocybersecurity.com/wp-content/uploads/2019/03/sfc.png 808 324 IsiahJones IsiahJones https://secure.gravatar.com/avatar/?s=96&d=mm&r=g June 19, 2018 March 12, 2019

By Isiah Jones, Director & Principal ICS Cyber Security Engineering & Brian Foster, Senior ICS Cyber Security Engineer Within the industrial control systems (ICS), automation, operational technology (OT), cyber-physical systems (CPS), industrial internet of things (IIoT) and instrumentation communities many of the devices with some form of computing and logical capabilities rely on 5 primary [...]read more

SethJaffe
June 7, 2018

Alabama Requires Entities to Safeguard Sensitive Information

Alabama Requires Entities to Safeguard Sensitive Information https://leocybersecurity.com/wp-content/uploads/2019/03/computer-statute-826323_1280.jpg 1280 853 SethJaffe SethJaffe https://secure.gravatar.com/avatar/?s=96&d=mm&r=g June 7, 2018 March 12, 2019

By Seth Jaffe. Alabama recently became the 50th state to pass a data breach notification law, but in doing so, the state upped the ante by including security obligations generally found in industry-specific cyber security laws. I’ve written about the Eight Principles of Cyber Security Laws in a prior blog post. Alabama adopted seven of [...]read more

LEO