Cyber Security round-up

Sector’s cyber worries. Hacking back! Scada monitoring. Cyber information sharing. SEI emerging tech risk survey. EU CERT. Frankenstack! Siemens/Tenable. Crystal’s Rugged firewall. Accenture’s cyber blooper. Lamentable results from Honeywell cyber survey. Oildex advice on Spectre bug.

The EY 20th survey of Global Information Security (2017–18) finds that the oil and gas sector is ‘more worried than ever about the breadth and complexity of the threat landscape.’

Cyber deception specialist Cymmetria’s MazeHunter is legal ‘Hack Back’ technology that counters and contains advanced threats as they happen. The tool is compliant with the US Computer Fraud & Abuse Act.

Leidos has partnered with Nozomi Networks, Claroty and Security Matters to add passive monitoring of scada systems to its Industrial Defender portfolio.

The Canadian Gas Association has joined the Downstream Natural Gas Information Sharing and Analysis Centre. The Centre provides physical and cyber-threat information and monitors industry-affecting events.

The Carnegie Mellon Software Engineering Institute has produced its 2017 Emerging Technology Domains Risk Survey, a 28 page investigation into the security aspects of blockchain, IoT, AI/ML and robotics.

CGI has opened a security operations center in Germany to provide commercial and public sector clients with IT security services.

The EU has established a Computer Emergency Response Team (CERT-EU) to protect against cyber attacks on EU institutions.

The NATO Cooperative Cyber Defense Centre of Excellence has published ‘Frankenstack: toward real-time Red Team feedback.’ Also of note is the CCDCIE’s 2017 Tallinn Manual 2.0 on the international law covering cyber operations.

Siemens has teamed with Tenable to offer utilities and oil and gas companies a new solution for industrial asset discovery and vulnerability management.

Crystal Group’s RCS5516FW Rugged network firewall for harsh environments provides a 1.8 Gbps bandwidth and 250,000 concurrent sessions.

Tanker, provider of encryption and key management as a service reports that thousands of passwords and security codes in plain text were discovered on Amazon S3 servers, including Accenture’s and its client’s keys. The incident ‘illustrates the importance of end to end encryption.’

A Honeywell-sponsored survey of industrial cybersecurity by LNS Research found that a lamentable two-thirds of the respondents did not monitor for suspicious cyber behavior, and this, despite the fact that over half already have been breached.

Schneider Electric has partnered with Cylance on AI-powered protection for industrial control systems.

Oildex has provide useful advice on response to the Spectre and Meltdown CPU security flaws.

Click here to comment on this article

Click here to view this article in context on a desktop

© Oil IT Journal - all rights reserved.