Was busy at a resilience workshop in Germany last week when the buzz started to peak about the release of the latest version of the U.S. National Cybersecurity Strategy[1]. As someone who headed task forces to prepare the first Military Defence Strategy (2000) and first National Defense System Cybersecurity Strategy (2009) of Lithuania and served […]
Tag: APT
Time to start thinking of your operations as a target
“Whenever you do a thing, act as if all the world were watching”[1] – Thomas Jefferson Jake Brodsky shared an article about another water utility incident and went on to write a blog about it ( https://scadamag.infracritical.com/index.php/2021/06/17/yet-another-water-plant-at-risk/ ). Both of these got me thinking. Assuming there is a desire for achieving excellence is there something […]
Perhaps we are missing a lesson from Stuxnet?
This summer some of us noted the 10th anniversary of the discovery of Stuxnet. That is when it became known to the public. Since 2010 we have learned that earlier forms of Stuxnet were being developed and tested on the target several years earlier.[1] To commemorate this anniversary several articles and presentations have been published. […]
That “Something wicked this way comes” is back again.
“Really knowing is good. Not knowing, or refusing to know, is bad, or amoral, at least. You can’t act if you don’t know. Acting without knowing takes you right off the cliff.” ― Ray Bradbury, Something Wicked This Way Comes Read an article about recent evidence that Triton/Trisis or something similar to it may have […]
Attribution: An impossible/inconvenient task or a way to get an APT off one’s back?
“Pay no attention to that man behind the curtain!” – From the film Wizard of Oz, 1939 Recently on the SCADASEC list there have been discussions of reports of cyber attacks on the critical infrastructures of other states with the naming of the state that is responsible. Some say attribution of responsibility is far less […]
Spanish Civil War 1930’s Déjà vu and today’s cyber experiments on critical infrastructure.
Had a very productive training and tabletop exercise during my Center’s organized week-long event in Kiev, Ukraine. For more info on what we did in Kiev see ( https://enseccoe.org/en/events/268/tabletop-exercise-coherent-resilience-2017-core-4/details ) (1) I will share some of the “take-aways” from this week long event which included the participation of Ukrainian government, energy sector operators and private […]