News

“Shaking the Pillars of Government and Commerce: State-Sponsored Adversaries Target Public and Private Organizations in the US”

“Shaking the Pillars of Government and Commerce: State-Sponsored Adversaries Target Public and Private Organizations in the US” 2200 1464 Thomas Moore

By Thomas Moore  According to experts, cyber-attacks involving nation-states continue to increase.  In a previous blog post, the LEO team pointed out that the global pandemic has distracted attention and…

read more

“The China Syndrome: State-Sponsored Cyber Attacks are Alive and Well in the Midst of Global Upheaval”

“The China Syndrome: State-Sponsored Cyber Attacks are Alive and Well in the Midst of Global Upheaval” 2560 1760 Thomas Moore

By Thomas Moore  With the latest escalation of an already tenuous relationship, a few days ago, the United States government filed charges as part of an ongoing effort to stifle…

read more

Grid Modernization – Protecting the Nation’s Electric Grid and Our Way of Life

Grid Modernization – Protecting the Nation’s Electric Grid and Our Way of Life 590 236 Thomas Moore

By Brian Foster The US Senate recently passed SEIA, Securing Energy Infrastructure Act, (it was wrapped into the 2019 Intelligence Authorization Act) which hopes to protect the Nation’s Electric Grid.…

read more

And The ICS Cybersecurity Debate Continues On…

And The ICS Cybersecurity Debate Continues On… 1791 1007 ClintBodungen
Recently I ran across a post on Linkedin in response to DHS statements and media reports pertaining to Russian hacking against the U.S. power grid. A central theme of the post cautions readers to guard against “deliberate or recklessly misleading” and “exaggerated” statements. One of the post’s claims generated significant concern, “I see no possibility [...]read more

Business Email Compromise and the Importance of Being Earnest

Business Email Compromise and the Importance of Being Earnest 1400 893 JustinSilbert
By Justin Silbert. Business Email Compromise (BEC), along with all cyber crime, is continuing to thrive.  The FBI is now estimating that the cost of BEC has reached $12 billion since October 2013 and the losses continue to grow.  When talking about financial cyber crimes, BEC is one of the simplest and most effective scams. [...]read more

Cyber Security ROI: It may happen sooner than you think

Cyber Security ROI: It may happen sooner than you think 1280 724 SethJaffe
By Seth Jaffe. You’ve heard it before. Companies are slow to invest in cyber security because they see few returns.[1]  But that is likely to change, and it may occur sooner than we expected. Let’s first set the context. An executive recently made the comment to me that “cyber security is just another cost of [...]read more

Security Practices for IEC 61131-3 PLC Programming Languages Part 2: Ladder Logic

Security Practices for IEC 61131-3 PLC Programming Languages Part 2: Ladder Logic 900 550 BrianFoster
By Isiah Jones & Brian Foster Within the industrial control systems (ICS), automation, operational technology (OT), cyber-physical systems (CPS), industrial internet of things (IIoT) and instrumentation communities many of the devices with some form of computing and logical capabilities rely on 5 primary programming languages specific to programmable logic controllers (PLCs) that are defined in [...]read more

Alabama Requires Entities to Safeguard Sensitive Information

Alabama Requires Entities to Safeguard Sensitive Information 1280 853 SethJaffe
By Seth Jaffe. Alabama recently became the 50th state to pass a data breach notification law, but in doing so, the state upped the ante by including security obligations generally found in industry-specific cyber security laws. I’ve written about the Eight Principles of Cyber Security Laws in a prior blog post. Alabama adopted seven of [...]read more

Top 10 Universal Best Practices for Critical Infrastructure Security & Resilience

Top 10 Universal Best Practices for Critical Infrastructure Security & Resilience 1280 853 IsiahJones
By Isiah Jones, Director & Principal – ICS Cyber Security Engineering While attending the EnergySec Electric Distribution Security Forum March 22 – 23, 2018 in Washington, DC, the topic of best practices came up between trade organizations and state utility commission speakers and attendees. I informed them that in security “best practices” are already defined [...]read more

Radical Idea in ICS Cybersecurity?

Radical Idea in ICS Cybersecurity? 971 538 RobBeason
Idaho National Laboratory recently published an article, Internet Insecurity, by Andy Bochman. Many of the ideas in this article are shared by other thought leaders in the industry. The main theme from the article is that due to the inherent flawed design of the Internet, there will be a resulting lack of assurance for industrial control [...]read more

Lowering Risk By Putting Response Before Incident

Lowering Risk By Putting Response Before Incident 1920 830 JustinSilbert
Justin Silbert As individuals, some people are good at improvisation, that is, dealing with things as they come and creating the best outcome for it. But, organizations in the midst of an incident are notoriously terrible at improvising. There is no better example than Equifax, whose initial response was fraught with missteps. First, it downplayed [...]read more

When It Comes to Cyber Security, Lack of Vendor Oversight Can Lead to Legal Trouble

When It Comes to Cyber Security, Lack of Vendor Oversight Can Lead to Legal Trouble 1920 720 SethJaffe
By Seth Jaffe. Third-party cyber security programs got a shot in the arm this week in the form of two legal actions. The first, well summarized by Sue Ross over at Norton Rose Fulbright, is a proposed consent agreement by the Federal Trade Commission against mobile phone manufacturer BLU Products, Inc., alleging that BLU’s failure [...]read more