ICS Purdue Model in Industrial Internet of Things (IIoT) & Cloud

OT Cybersecurity teams have been working within the Purdue Enterprise Reference Architecture since it was created in the mid-1990s. Although not developed as a security model, by mapping the interconnections and interdependencies of the high-level… Continue reading ICS Purdue Model in Industrial Internet of Things (IIoT) & Cloud

Defending Against State and State-Sponsored Threat Actors

State and state-sponsored threat actors are the apex predators of the cybersecurity world.   Continue reading Defending Against State and State-Sponsored Threat Actors

After years of work, Congress passes ‘internet of things’ cybersecurity bill — and it’s kind of a big deal

Congress last week did something that it rarely does: It passed a meaningful cybersecurity bill. The legislation is aimed at enhancing the safeguards of internet-connected devices — also known as the internet of things (IoT) — such as smart sensors that monitor water quality or control ships in waterway locks. The bill is also a major step toward the federal government encouraging vulnerability disclosure policies that implement programs for organizations to work with security researchers to fix software flaws. “It is arguably the most significant U.S. IoT-specific cybersecurity law to date, as well as the most significant law promoting coordinated vulnerability disclosure in the private sector to date,” said Harley Geiger, director of public policy at Rapid7, a cybersecurity company. All it took to get across the finish line was more than three years of bipartisan work, encroaching state and foreign government IoT rules, a ticking legislative clock, goodwill toward […]

The post After years of work, Congress passes ‘internet of things’ cybersecurity bill — and it’s kind of a big deal appeared first on CyberScoop.

Continue reading After years of work, Congress passes ‘internet of things’ cybersecurity bill — and it’s kind of a big deal

Does "Security By Obfuscation" have any place in good security practices? [duplicate]

One thing I’ve had hammered into me by pretty much every security expert I’ve talked to is that security by obfuscation is not a substitute for actual security measures. However, it has me wondering; are there any valid cases for security … Continue reading Does "Security By Obfuscation" have any place in good security practices? [duplicate]

Prevent users from easily changing the backend API URL of a desktop application

Is it considered a good security practice to prevent users from easily changing the backend URL of a desktop application that connects to a backend server with an SSL protected HTTP API?
One concern is that malicious users could just point… Continue reading Prevent users from easily changing the backend API URL of a desktop application

Chinese cyber power is neck-and-neck with U.S., Harvard research finds

As conventional wisdom goes, experts tend to rank the U.S ahead of China, U.K., Iran, North Korea, Russia, in terms of how strong it is when it comes to cyberspace. But a new study from Harvard University’s Belfer Center shows that China has closed the gap on the U.S. in three key categories: surveillance, cyber defense, and its efforts to build up its commercial cyber sector. “A lot of people, Americans in particular, will think that the U.S., the U.K., France, Israel are more advanced than China when it comes to cyber power,” Eric Rosenbach, the Co-Director of Harvard’s Belfer Center, told CyberScoop. “Our study shows it’s just not the case and that China is very sophisticated and almost at a peer level with the U.S.” Overall, China’s cyber power is only second to the U.S., according to the research, which was shared exclusively with CyberScoop. But the study also found […]

The post Chinese cyber power is neck-and-neck with U.S., Harvard research finds appeared first on CyberScoop.

Continue reading Chinese cyber power is neck-and-neck with U.S., Harvard research finds