Vertical industries are clubby. They tend to band together and create industry bodies and associations. NERC, FERC, TIA and so on. This is good and natural and, in the context of security, creates some basis for sharing threat intelligence and effective practices. But the real magic word in critical infrastructure security today is this: Interdependency.
After a year of work that included a series of workshops with private sector representatives, the National Institute of Standards and Technology released on Wednesday the final version of its cybersecurity framework for critical infrastructure.
I encourage the private sector to attend the NIST workshop next week and participate fully in the process of developing its cybersecurity framework for critical infrastructure. It will serve not only as a security guideline for critical infrastructure firms, but also as a model for all industries.
The process for fixing security holes in critical infrastructure systems is broken and needs to be fixed.
Schneider Electric, which supplies industrial control systems for critical infrastructure facilities, took nearly two years to fix critical security holes in hard-coded credentials used in a number of ICS products, according to advisory by the Department of Homeland Security.
The first half of fiscal year 2013 produced more cyberattacks against critical infrastructure facilities than all of FY 2012, according to the Homeland Security Department's ICS-CERT Monitor released last week. Of the 200 attacks, a majority were against the energy sector, followed by critical manufacturing with 17 percent of the attacks.
This isn't to make any of you feel left out if you're not handing over sensitive data to the government, but the truth is thousands of companies are.
The Boeing Company has developed a new approach for linking business IT networks with industrial-control systems, and the initiative has spurred a standards initiative that could enable a new kind of virtual private network.
With his executive order on cybersecurity, President Obama shows that he appears to have learned the lessons from his cybersecurity legislative defeat last year.
Utility companies are not very interested in securing data these days, according to James Woolsey, former director of the CIA. Nearly all of the country's critical infrastructure runs on electricity,