OT security: Helping under-resourced critical infrastructure organizations

In this Help Net Security interview, Dawn Cappelly, Director of OT-CERT at the industrial cybersecurity company Dragos, talks about the OT security risks critical infrastructure organizations are facing, offers advice on how they can overcome obstacles… Continue reading OT security: Helping under-resourced critical infrastructure organizations

The Establishment of a Cyber Safety Review Board

In 2013, the Obama Administration began asking what government could do to improve cybersecurity. By February 2014, Farnam Jahanian, Assistant Director for Computer and Information Science and Engineering at the National Science Foundation, convened a… Continue reading The Establishment of a Cyber Safety Review Board

EU investigating ‘IT security incident’ involving multiple agencies

Cybersecurity experts at the European Union are investigating an “IT security incident” involving multiple institutions, though “no major information breach” has been detected, EU officials said Tuesday. The scope and nature of the incident were not immediately clear, but a spokesperson for the European Commission, the EU’s executive branch, said the commission had set up a “24/7 monitoring service” in response to the incident. “The European Commission and other EU institutions, bodies or agencies have experienced an IT security incident in their IT infrastructure,” the commission spokesperson said in an email. A spokesperson for the European Parliament said the parliament and other EU bodies had “received an alert on [a] possible vulnerability in its IT infrastructure.” The parliament “took immediate measures to check and protect its servers against this vulnerability,” the spokesperson said. As a 27-country bloc that affects trade and foreign policy on the continent, EU institutions are natural […]

The post EU investigating ‘IT security incident’ involving multiple agencies appeared first on CyberScoop.

Continue reading EU investigating ‘IT security incident’ involving multiple agencies

Who Watches the Watchers, Italian Style – Insider IP Theft at Leonardo

Two infosec team members are accused of attacking Leonardo’s systems to perpetrate IP theft, highlighting the real issue of insider threats One question often asked in security is whether an event is really a cyberattack when insiders are the on… Continue reading Who Watches the Watchers, Italian Style – Insider IP Theft at Leonardo

Intel pushes for hardware-specific additions to vulnerability taxonomy

The professionals who work to uncover security vulnerabilities in hardware must find a “common language” for categorizing them in order to make important strides in securing those systems, according to chipmaking giant Intel Corp. Hardware researchers “do not have the same standard taxonomy that would enable them to share information and techniques with one another,” Intel researchers Arun Kanuparthi and Hareesh Khattri argued in an op-ed published this week on Help Net Security, an information security website. “If we expect hardware vendors and their partners to collectively deliver more secure solutions, we must have a common language for discussing hardware security vulnerabilities,” Kanuparthi and Khattri wrote. At issue is the Common Weakness Enumeration (CWE) system, a list that is used as a yardstick on which to map Common Vulnerabilities and Exposures (CVE). CVEs are more familiar to security researchers as signposts for potential threats, and they’re a notch in the belt […]

The post Intel pushes for hardware-specific additions to vulnerability taxonomy appeared first on CyberScoop.

Continue reading Intel pushes for hardware-specific additions to vulnerability taxonomy

Marc Rogers: Success of Anonymous Bug Submission Program ‘Takes A Village’

Marc Rogers discusses the logistics behind a recently-proposed anonymous bug submission program, meant to encourage ethical hackers to submit high-level bugs anonymously. Continue reading Marc Rogers: Success of Anonymous Bug Submission Program ‘Takes A Village’

Are Cyber-Ontologies the Future of Cybersecurity?

The science of cybersecurity is starting to permeate the discussions of thought leaders in the cyber realm. After all, attacks based on APTs (advanced persistent threats), phishing and ransomware are on a growth trajectory, and seem to be getting more… Continue reading Are Cyber-Ontologies the Future of Cybersecurity?

Randall Trzeciak, CERT – Enterprise Security Weekly #125

    Randall Trzeciak, the Director of the CERT Insider Threat Center at Carnegie Mellon University’s Software Engineering Institute! Randall will be speaking at InfoSec World 2019 about “An Effective Insider Threat Program” on Saturda… Continue reading Randall Trzeciak, CERT – Enterprise Security Weekly #125