02-26-18 – News This Past Week

Anatomy of an Attack on the Industrial IoT
We like to think that cyberattacks are focused primarily on stealing credit card numbers and that attackers don’t know much about the control systems that run critical infrastructure. Unfortunately, that’s just wishful thinking. In 2017, we saw an increasing number of threat actors bypass existing network perimeter security controls to perform sophisticated reconnaissance of industrial process control networks

Arm Reveals More Details About Its IoT Platform Security Architecture
When it announced its Platform Security Architecture for IoT devices last year, Arm said that “security can no longer be optional.” Now, shortly after it announced the iSim SoC that’s supposed to connect more devices to the IoT, the company revealed more about the PSA framework

The Rise of ICS Malware: How Industrial Security Threats Are Becoming More Surgical
Last December, a malware variant specifically designed to attack industrial safety systems was discovered. It was apparently used to cause an operational outage at a critical infrastructure facility in The Middle East

During my onstage interview with Dan Geer at S4x18, we discussed what is the best course of action when vulnerabilities are dense (listen beginning at 28:15). I suggested that medical device and software were a great example of dense vulnerabilities, so is the current approach to find and fix vulnerabilities a good approach when a single exploitable bug can take out a hospital for a week


Protecting safety instrumented systems from malware attacks
Trisis malware targets safety instrumented systems and puts industrial control systems at risk. Expert Ernie Hayden reviews what to know about SIS and its security measures

Is the IoT backlash finally here?
After years of worry, the long-anticipated backlash to the changes wrought by the Internet of Things may finally be arriving. That could be a good thing.

Getting Started with IoT Security in Healthcare
It’s estimated that by 2025, more than 30 percent of all Internet of Things (IoT) devices will be dedicated to the realm of healthcare – more than in retail, transportation and the personal security sectors combined. Already today, practitioners are using IoT tech to conduct portable monitoring, enact electronic record keeping initiatives, and to apply drug safeguards – all efforts that are streamlining operations and delivering safer, more comprehensive care to patients

NIST Working on Global IoT Cybersecurity Standards
The Internet of Things (IoT) is here and growing. It has the potential to facilitate or obstruct the further evolution of the Fourth Industrial Revolution; largely depending upon whether it is used or abused. Its abusers will be the same criminal and aggressor state actors that currently abuse information systems

Expected changes in IT/OT convergence and industrial security
Ten years ago, I was brought into the industrial security arena by a top company executive in who was convinced that we needed traditional endpoint protection on smart meters. I had spent fifteen years before that in enterprise security, so it took a while to shape my focus around the nature of the problem of IT/OT convergence and industrial security

Expected changes in IT/OT convergence and industrial security

Posted in Uncategorized.