About Infracritical
•Download as PPT, PDF•
0 likes•400 views
Infracritical is a non-profit organization that aims to define standards and protocols for critical infrastructure protection through open information sharing between public and private sectors. It was founded in 2001 by Tammy Olk, Bob Radvanovsky, and Jacob Brodsky. Infracritical is hosting a bi-partisan technologist conference in May 2009 to discuss securing SCADA and industrial control systems through education, information sharing, and learning from experiences. The conference will involve a hands-on testing exercise using common control system technologies.
Report
Share
Report
Share
![Who and what is “Infracritical”? ,[object Object],[object Object],[object Object],[object Object],[object Object]](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Recommended
Cybersecurity | Meta Networks: Software defined perimeter platform
In this installment of our 9-part series, we feature our portfolio company, Meta Networks, a cybersecurity startup that leverages the cloud to build a global, zero-trust network that is agile and scalable for the way business is done today. Meta Networks was recently acquired by Proofpoint for USD 120M.
Cybersecurity Critical Infrastructure Framework Course Textbook and the class...
Cybersecurity Critical Infrastructure Framework Course Textbook and the class/curriculum for Security Certification
IoT Panel, Part II: Security for Silicon, Software, and Sensors
This document summarizes an IoT panel discussion on security for hardware, software, and sensors. The panelists discussed distinguishing characteristics and security concerns for industrial versus consumer IoT applications. They addressed important components of an IoT security architecture like authentication, corruption prevention, and spoofing protection. Panelists also discussed security considerations for sensors, software, hardware, and cloud services - including verifying sensor access, preventing hacking or software corruption, and protecting data in the cloud. The audience then asked questions of the panelists from Flexera Software, Red Hat, RTI, and ThingWorx.
How to Build the Connectivity Architecture for the Industrial Internet of Thi...
How to Build the Connectivity Architecture for the Industrial Internet of Thi...Real-Time Innovations (RTI)
Originally presented on February 25, 2015.
Watch on-demand here: http://ecast.opensystemsmedia.com/528Power Grid Identity Management addressed with NIST 1-800
This document provides a 3-sentence summary of the key points:
The challenge is that identity and access management systems in the electricity subsector are often decentralized, increasing security risks. The solution demonstrated a centralized identity and access management platform using commercial products to securely manage access to IT, operational technology, and physical access systems. The benefits are reduced risk of disruption, improved efficiency of access management, and cost savings for organizations implementing standards-based security technologies.
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
This document discusses vulnerabilities in web applications and strategies for preventing attacks. It begins with an overview and survey of common vulnerabilities like injection flaws and cross-site scripting. It then examines vulnerabilities across application sub-tiers from the client level to the network level. The document provides examples of attacks at each tier and through the transport layer, compromised certificates, and DNS. It also profiles popular hacking tools and outlines primary protection steps like understanding the environment and prioritizing defenses based on risk. Finally, it discusses earning money through ethical hacking via bug bounty programs.
Cybersecurity | Very Good Security: SaaS Platform for Data Security
In this installment of our 9-part series, we feature our portfolio company, Very Good Security (VGS), a revolutionary way for companies to secure data, take it out of scope of liability and still be allowed to be used and exchanged.
Tripwire Energy Working Group: Keynote w/Patrick Miller
The document discusses the state of cybersecurity in the electric utility industry. It summarizes that infrastructure is a frequent target of cyber attacks from organized crime, nation states, and other adversaries. It also notes that new regulations and frameworks are being introduced at the national level to improve critical infrastructure security and resilience. Utilities are recommended to gap assess controls, improve monitoring, response capabilities, and conduct incident response exercises to prepare for increasing cybersecurity requirements.
Recommended
Cybersecurity | Meta Networks: Software defined perimeter platform
In this installment of our 9-part series, we feature our portfolio company, Meta Networks, a cybersecurity startup that leverages the cloud to build a global, zero-trust network that is agile and scalable for the way business is done today. Meta Networks was recently acquired by Proofpoint for USD 120M.
Cybersecurity Critical Infrastructure Framework Course Textbook and the class...
Cybersecurity Critical Infrastructure Framework Course Textbook and the class/curriculum for Security Certification
IoT Panel, Part II: Security for Silicon, Software, and Sensors
This document summarizes an IoT panel discussion on security for hardware, software, and sensors. The panelists discussed distinguishing characteristics and security concerns for industrial versus consumer IoT applications. They addressed important components of an IoT security architecture like authentication, corruption prevention, and spoofing protection. Panelists also discussed security considerations for sensors, software, hardware, and cloud services - including verifying sensor access, preventing hacking or software corruption, and protecting data in the cloud. The audience then asked questions of the panelists from Flexera Software, Red Hat, RTI, and ThingWorx.
How to Build the Connectivity Architecture for the Industrial Internet of Thi...
How to Build the Connectivity Architecture for the Industrial Internet of Thi...Real-Time Innovations (RTI)
Originally presented on February 25, 2015.
Watch on-demand here: http://ecast.opensystemsmedia.com/528Power Grid Identity Management addressed with NIST 1-800
This document provides a 3-sentence summary of the key points:
The challenge is that identity and access management systems in the electricity subsector are often decentralized, increasing security risks. The solution demonstrated a centralized identity and access management platform using commercial products to securely manage access to IT, operational technology, and physical access systems. The benefits are reduced risk of disruption, improved efficiency of access management, and cost savings for organizations implementing standards-based security technologies.
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
This document discusses vulnerabilities in web applications and strategies for preventing attacks. It begins with an overview and survey of common vulnerabilities like injection flaws and cross-site scripting. It then examines vulnerabilities across application sub-tiers from the client level to the network level. The document provides examples of attacks at each tier and through the transport layer, compromised certificates, and DNS. It also profiles popular hacking tools and outlines primary protection steps like understanding the environment and prioritizing defenses based on risk. Finally, it discusses earning money through ethical hacking via bug bounty programs.
Cybersecurity | Very Good Security: SaaS Platform for Data Security
In this installment of our 9-part series, we feature our portfolio company, Very Good Security (VGS), a revolutionary way for companies to secure data, take it out of scope of liability and still be allowed to be used and exchanged.
Tripwire Energy Working Group: Keynote w/Patrick Miller
The document discusses the state of cybersecurity in the electric utility industry. It summarizes that infrastructure is a frequent target of cyber attacks from organized crime, nation states, and other adversaries. It also notes that new regulations and frameworks are being introduced at the national level to improve critical infrastructure security and resilience. Utilities are recommended to gap assess controls, improve monitoring, response capabilities, and conduct incident response exercises to prepare for increasing cybersecurity requirements.
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
This document provides an overview of critical infrastructure protection in Europe presented by Ignacio Paredes of the Industrial Cybersecurity Center. It discusses the convergence of physical and cyber worlds and how industrial control systems have become interconnected over TCP/IP and use general purpose operating systems. This has introduced cybersecurity challenges to operational technology environments. The document reviews cyber attacks on critical infrastructure like Stuxnet and Shamoon and regulations around critical infrastructure protection in the US and EU. It argues that identifying and prioritizing critical infrastructure is important but questions who will pay for protection and whether regulations have led to minimum compliance over real protection.
Achieving Visible Security at Scale with the NIST Cybersecurity Framework
In 2011, Marc Andreessen said "software is eating the world." Today, that statement is truer than ever. Businesses in every industry - from retail, to energy, to financial - are essentially software companies, with millions of lines of custom source code being written and managed in-house. Additionally, advances in the Software Development Life Cycle (SDLC) and the emergence of DevOps have allowed some organizations to deploy new code from development to production dozens of time each day. Traditional approaches to securing such large quantities of code, especially at the speed of current development, have proven to be ineffective, as is evident by recent public data breaches of both public and private sector organizations; as well as the resulting legislation, like Presidential Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity. The only way for cybersecurity teams to keep up with their development counterparts is to automate, but where should they start?
The NIST Cybersecurity Framework provides guidance for organizations interested in establishing or improving a cybersecurity program. Today, a security automation plan is a crucial aspect of any cybersecurity program.
This talk will describe how the NIST Cybersecurity Framework can be used to establish and implement a plan for integrating security-automation activities into any security program. We'll describe the latest trends in security-automation and DevOps, including how to automatically identify security-best practices being followed, and anti-patterns that indicate a potential risk. Attendees will learn how to consolidate this data in a centralized dashboard of their choosing, and how such information can be automatically distributed to stakeholders throughout their organization.
In the coming years, with the growth of Internet of Things (IoT) and Cloud, organizations will become more and more reliant on custom software. Cybersecurity teams who fail to begin automating soon will only continue to fall further behind and put their organizations at greater risk. The NIST Cybersecurity Framework provides the foundation for such teams to establish their roadmap to security, and this talk will build on that foundation to highlight some potential paths.
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
How can IT and OT teams work together effectively to secure the entire infrastructure? We asked industry experts for their top tips. Read their full responses here: https://www.tripwire.com/state-of-security/ics-security/it-collaborate-ics-security/
A Cybersecurity Digital Twin for Critical Infrastructure Protection
A way to build a high fidelity digital twin for a industrial control system using Enterprise Architecture
Critical Infrastructure and Cyber Security: trends and challenges
The document discusses trends and challenges related to critical infrastructure and cyber security. It summarizes GCSEC's involvement in several national and international initiatives in 2013 related to critical infrastructure protection. These initiatives include projects co-funded by the EU on topics like online fraud information sharing, smart grid security, and energy sector cyber threat information sharing. The document also discusses emerging threats to critical infrastructure from trends like greater internet usage and connectivity of devices. Critical infrastructure is defined as those facilities necessary for essential service delivery. The new trend in critical infrastructure protection is to have proper knowledge of perimeter and critical services, prioritize patch management, and conduct regular risk assessments.
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010 in Orlando, FL.
What Stimulates Cyber Security Activity?
For Industrial Control Systems (ICS)
Risk Management
• Business: Safety, Environmental, Reliability, Financial …
• National: Terrorism, Rapidly emerging “Cyber Warfare”
Regulation & Compliance (Must Do)
• Government, Customers, Partners, Suppliers …
Cost Reduction
• People & Infrastructure
• Skills & Practices
Cyber Security is a National, Business and Personal Issue
How to Architect Microgrids for the Industrial Internet of Things
Originally presented on July 23, 2015.
To watch on-demand visit: http://ecast.opensystemsmedia.com/568
The Inside Story: How the IIC’s Connectivity Framework Guides IIoT Connectivi...
The Inside Story: How the IIC’s Connectivity Framework Guides IIoT Connectivi...Real-Time Innovations (RTI)
The document discusses a presentation given by Dr. Stan Schneider, CEO of RTI, and Dr. Rajive Joshi, Principal Solution Architect at RTI, on how the Industrial Internet Consortium's (IIC) Connectivity Framework guides selection of connectivity technologies for industrial internet of things (IIoT) systems. The presentation covered the goals of the IIC Connectivity Framework in providing guidance to practitioners on IIoT connectivity, the layers of the IIoT connectivity stack model, core connectivity standards, and a process for assessing and selecting the appropriate connectivity standard.Robert Carey, Principal Deputy CIO, DOD Insight session
Robert Carey joined GTSC for a session on DOD's technology priorities, cyber security and budget considerations for 2014/2015.
Security and Privacy in IoT and Cyber-physical Systems
Updated presentation on use cases, risks, challenges, best practices, tools, recommendations, and US national initiatives for securing IoT Systems
Itir oct0714-afac report-en
Architecture Framework Advisory Committee (AFAC) Update by Benoit Long of Shared Services Canada on Oct. 7th.
For Critical Infrastructure Protection
The document discusses the implementation of a Cyber Security Operations Center (CSOC) for the Port of Los Angeles. Key points:
- The Port of Los Angeles is a critical national infrastructure that handles a large volume of cargo annually.
- A CSOC was implemented with $2.2 million in funding to address issues like an understaffed security team, lack of threat intelligence, and minimal incident response capabilities.
- The CSOC included tools for threat detection/prevention, security analytics, incident management, and a new facility with a video wall and analytics dashboards. Standard operating procedures and an organizational structure with different security roles were also defined.
Introduction to Microsoft Azure IoT
This document introduces Microsoft Azure IoT services and patterns for building Internet of Things (IoT) solutions. It describes the key components of an IoT product including sensors, communication methods, devices, device management, and data processing. It outlines how Azure IoT Hub, IoT Suite, gateways, and other services can be used to ingest sensor data, apply machine learning, store and analyze data, and send commands to devices. An example scenario of a simulated car device is provided. The document encourages leveraging Azure's breadth of platform as a service offerings to build transformative IoT applications.
The Insecurity of Industrial Things
This talk summarizes the state of IoT security, specifically as it relates to Industrial Control and Energy. When hearing the buzz-word “Internet of Things,” we typically think of the consumer world: smart toasters and connected fridges. However, there is a staggering number of networked embedded devices that perform life- and mission-critical tasks that our daily lives depend on. Industrial Control Systems (ICS) are not unique snowflakes anymore but use the same ubiquitous technology as found in consumer IoT Devices. This presentation summarizes our experiences at Senrio exploiting embedded system and discusses the reasons why these insecure design patterns exist; including business drivers and technology factors. We will share stories and anecdotes based on 10 years of research, training and consulting (including real vulnerabilities and how they work).
Open source IoT
Presentation by Ian Skerrett, VP Marketing at Eclipse Foundation given at IoT613 on Friday, September 30, 2016.
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster ProjectsSecureIoT H2020 funded project
Presentation of the risk assessment solutions designed and implemented in projects participating in the H2020 IoT Security/Privacy cluster. Presentation from John Soldatos of SecureIoT H2020 project.Internet of things security challenges
The document discusses security challenges with internet of things (IOT) networks. It defines IOT as the networking of everyday objects through the internet to send and receive data. Key IOT security issues include uncontrolled environments, mobility, and constrained resources. The document outlines various IOT security solutions such as centralized, protocol-based, delegation-based, and hardware-based approaches to provide confidentiality, integrity, and availability against attacks.
Response to Commerce Dept's IoT RFC
The document discusses challenges and opportunities for government involvement in fostering advancement of the Internet of Things (IoT). It categorizes IoT applications and recommends different levels of government involvement for each category. For public governmental applications like Smart Cities, it recommends the government play a lead role. It identifies several technological challenges for these large-scale systems and recommends the Department of Commerce focus on contributing to Smart X applications through initiatives such as funding research, developing standards, and supporting collaboration.
Ics2016 scidmark-27oct2016
This is a proof-of-concept about creating a creditable, publicly-available, freely-available, and openly-available ICS and SCADA event and incident database.
Achieving Interoperability Through IHE
Invited talk, Special Session on IEEE/UL P2933.
How to avoid the standard lock-in e vendor lock-in using enterprise architectures
RCMP 2010
Provided a demonstration about current information sharing and collaboration issues within the SCADA/control systems community, and some of the challenges (and advantages) encountered since its inception back in 2008.
American Bar Assoc. ISC 2009
This document summarizes a presentation given to the American Bar Association on securing critical infrastructures. It defines critical infrastructures as physical and digital systems essential to the economy and government. It notes that advances in IT have increased interdependence between infrastructures, creating new vulnerabilities. The presentation discusses issues like lack of cooperation between infrastructure owners, need for regular vulnerability assessments, and taking a holistic approach. It introduces SCADA and control systems, noting differences from conventional IT systems in prioritizing availability over security. The presentation covers legal and practical considerations for securing control systems and standards for control system security.
More Related Content
What's hot
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
This document provides an overview of critical infrastructure protection in Europe presented by Ignacio Paredes of the Industrial Cybersecurity Center. It discusses the convergence of physical and cyber worlds and how industrial control systems have become interconnected over TCP/IP and use general purpose operating systems. This has introduced cybersecurity challenges to operational technology environments. The document reviews cyber attacks on critical infrastructure like Stuxnet and Shamoon and regulations around critical infrastructure protection in the US and EU. It argues that identifying and prioritizing critical infrastructure is important but questions who will pay for protection and whether regulations have led to minimum compliance over real protection.
Achieving Visible Security at Scale with the NIST Cybersecurity Framework
In 2011, Marc Andreessen said "software is eating the world." Today, that statement is truer than ever. Businesses in every industry - from retail, to energy, to financial - are essentially software companies, with millions of lines of custom source code being written and managed in-house. Additionally, advances in the Software Development Life Cycle (SDLC) and the emergence of DevOps have allowed some organizations to deploy new code from development to production dozens of time each day. Traditional approaches to securing such large quantities of code, especially at the speed of current development, have proven to be ineffective, as is evident by recent public data breaches of both public and private sector organizations; as well as the resulting legislation, like Presidential Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity. The only way for cybersecurity teams to keep up with their development counterparts is to automate, but where should they start?
The NIST Cybersecurity Framework provides guidance for organizations interested in establishing or improving a cybersecurity program. Today, a security automation plan is a crucial aspect of any cybersecurity program.
This talk will describe how the NIST Cybersecurity Framework can be used to establish and implement a plan for integrating security-automation activities into any security program. We'll describe the latest trends in security-automation and DevOps, including how to automatically identify security-best practices being followed, and anti-patterns that indicate a potential risk. Attendees will learn how to consolidate this data in a centralized dashboard of their choosing, and how such information can be automatically distributed to stakeholders throughout their organization.
In the coming years, with the growth of Internet of Things (IoT) and Cloud, organizations will become more and more reliant on custom software. Cybersecurity teams who fail to begin automating soon will only continue to fall further behind and put their organizations at greater risk. The NIST Cybersecurity Framework provides the foundation for such teams to establish their roadmap to security, and this talk will build on that foundation to highlight some potential paths.
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
How can IT and OT teams work together effectively to secure the entire infrastructure? We asked industry experts for their top tips. Read their full responses here: https://www.tripwire.com/state-of-security/ics-security/it-collaborate-ics-security/
A Cybersecurity Digital Twin for Critical Infrastructure Protection
A way to build a high fidelity digital twin for a industrial control system using Enterprise Architecture
Critical Infrastructure and Cyber Security: trends and challenges
The document discusses trends and challenges related to critical infrastructure and cyber security. It summarizes GCSEC's involvement in several national and international initiatives in 2013 related to critical infrastructure protection. These initiatives include projects co-funded by the EU on topics like online fraud information sharing, smart grid security, and energy sector cyber threat information sharing. The document also discusses emerging threats to critical infrastructure from trends like greater internet usage and connectivity of devices. Critical infrastructure is defined as those facilities necessary for essential service delivery. The new trend in critical infrastructure protection is to have proper knowledge of perimeter and critical services, prioritize patch management, and conduct regular risk assessments.
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010 in Orlando, FL.
What Stimulates Cyber Security Activity?
For Industrial Control Systems (ICS)
Risk Management
• Business: Safety, Environmental, Reliability, Financial …
• National: Terrorism, Rapidly emerging “Cyber Warfare”
Regulation & Compliance (Must Do)
• Government, Customers, Partners, Suppliers …
Cost Reduction
• People & Infrastructure
• Skills & Practices
Cyber Security is a National, Business and Personal Issue
How to Architect Microgrids for the Industrial Internet of Things
Originally presented on July 23, 2015.
To watch on-demand visit: http://ecast.opensystemsmedia.com/568
The Inside Story: How the IIC’s Connectivity Framework Guides IIoT Connectivi...
The Inside Story: How the IIC’s Connectivity Framework Guides IIoT Connectivi...Real-Time Innovations (RTI)
The document discusses a presentation given by Dr. Stan Schneider, CEO of RTI, and Dr. Rajive Joshi, Principal Solution Architect at RTI, on how the Industrial Internet Consortium's (IIC) Connectivity Framework guides selection of connectivity technologies for industrial internet of things (IIoT) systems. The presentation covered the goals of the IIC Connectivity Framework in providing guidance to practitioners on IIoT connectivity, the layers of the IIoT connectivity stack model, core connectivity standards, and a process for assessing and selecting the appropriate connectivity standard.Robert Carey, Principal Deputy CIO, DOD Insight session
Robert Carey joined GTSC for a session on DOD's technology priorities, cyber security and budget considerations for 2014/2015.
Security and Privacy in IoT and Cyber-physical Systems
Updated presentation on use cases, risks, challenges, best practices, tools, recommendations, and US national initiatives for securing IoT Systems
Itir oct0714-afac report-en
Architecture Framework Advisory Committee (AFAC) Update by Benoit Long of Shared Services Canada on Oct. 7th.
For Critical Infrastructure Protection
The document discusses the implementation of a Cyber Security Operations Center (CSOC) for the Port of Los Angeles. Key points:
- The Port of Los Angeles is a critical national infrastructure that handles a large volume of cargo annually.
- A CSOC was implemented with $2.2 million in funding to address issues like an understaffed security team, lack of threat intelligence, and minimal incident response capabilities.
- The CSOC included tools for threat detection/prevention, security analytics, incident management, and a new facility with a video wall and analytics dashboards. Standard operating procedures and an organizational structure with different security roles were also defined.
Introduction to Microsoft Azure IoT
This document introduces Microsoft Azure IoT services and patterns for building Internet of Things (IoT) solutions. It describes the key components of an IoT product including sensors, communication methods, devices, device management, and data processing. It outlines how Azure IoT Hub, IoT Suite, gateways, and other services can be used to ingest sensor data, apply machine learning, store and analyze data, and send commands to devices. An example scenario of a simulated car device is provided. The document encourages leveraging Azure's breadth of platform as a service offerings to build transformative IoT applications.
The Insecurity of Industrial Things
This talk summarizes the state of IoT security, specifically as it relates to Industrial Control and Energy. When hearing the buzz-word “Internet of Things,” we typically think of the consumer world: smart toasters and connected fridges. However, there is a staggering number of networked embedded devices that perform life- and mission-critical tasks that our daily lives depend on. Industrial Control Systems (ICS) are not unique snowflakes anymore but use the same ubiquitous technology as found in consumer IoT Devices. This presentation summarizes our experiences at Senrio exploiting embedded system and discusses the reasons why these insecure design patterns exist; including business drivers and technology factors. We will share stories and anecdotes based on 10 years of research, training and consulting (including real vulnerabilities and how they work).
Open source IoT
Presentation by Ian Skerrett, VP Marketing at Eclipse Foundation given at IoT613 on Friday, September 30, 2016.
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster ProjectsSecureIoT H2020 funded project
Presentation of the risk assessment solutions designed and implemented in projects participating in the H2020 IoT Security/Privacy cluster. Presentation from John Soldatos of SecureIoT H2020 project.Internet of things security challenges
The document discusses security challenges with internet of things (IOT) networks. It defines IOT as the networking of everyday objects through the internet to send and receive data. Key IOT security issues include uncontrolled environments, mobility, and constrained resources. The document outlines various IOT security solutions such as centralized, protocol-based, delegation-based, and hardware-based approaches to provide confidentiality, integrity, and availability against attacks.
Response to Commerce Dept's IoT RFC
The document discusses challenges and opportunities for government involvement in fostering advancement of the Internet of Things (IoT). It categorizes IoT applications and recommends different levels of government involvement for each category. For public governmental applications like Smart Cities, it recommends the government play a lead role. It identifies several technological challenges for these large-scale systems and recommends the Department of Commerce focus on contributing to Smart X applications through initiatives such as funding research, developing standards, and supporting collaboration.
Ics2016 scidmark-27oct2016
This is a proof-of-concept about creating a creditable, publicly-available, freely-available, and openly-available ICS and SCADA event and incident database.
Achieving Interoperability Through IHE
Invited talk, Special Session on IEEE/UL P2933.
How to avoid the standard lock-in e vendor lock-in using enterprise architectures
What's hot (20)
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Achieving Visible Security at Scale with the NIST Cybersecurity Framework
Achieving Visible Security at Scale with the NIST Cybersecurity Framework
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
A Cybersecurity Digital Twin for Critical Infrastructure Protection
A Cybersecurity Digital Twin for Critical Infrastructure Protection
Critical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challenges
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
How to Architect Microgrids for the Industrial Internet of Things
How to Architect Microgrids for the Industrial Internet of Things
The Inside Story: How the IIC’s Connectivity Framework Guides IIoT Connectivi...
The Inside Story: How the IIC’s Connectivity Framework Guides IIoT Connectivi...
Robert Carey, Principal Deputy CIO, DOD Insight session
Robert Carey, Principal Deputy CIO, DOD Insight session
Security and Privacy in IoT and Cyber-physical Systems
Security and Privacy in IoT and Cyber-physical Systems
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
Viewers also liked
RCMP 2010
Provided a demonstration about current information sharing and collaboration issues within the SCADA/control systems community, and some of the challenges (and advantages) encountered since its inception back in 2008.
American Bar Assoc. ISC 2009
This document summarizes a presentation given to the American Bar Association on securing critical infrastructures. It defines critical infrastructures as physical and digital systems essential to the economy and government. It notes that advances in IT have increased interdependence between infrastructures, creating new vulnerabilities. The presentation discusses issues like lack of cooperation between infrastructure owners, need for regular vulnerability assessments, and taking a holistic approach. It introduces SCADA and control systems, noting differences from conventional IT systems in prioritizing availability over security. The presentation covers legal and practical considerations for securing control systems and standards for control system security.
Lessons Learned for a Behavior-Based IDS in the Energy Sector
This presentation will review lessons learned from a deployment of behavior-based intrusion detection system (IDS) on a SCADA network that was part of a large-scale energy management system. The IDS architecture, sensor features, and sensor placement within the target SCADA environment proved to be key for successful detection of malicious activity. Challenges included simultaneous monitoring of multiple SCADA protocols (DNP3 and ICCP) across multiple network segments; monitoring of both encrypted and unencrypted network traffic; adapting to slow environment changes to minimize false positive output; and integration of the behavior-based IDS output into an existing monitoring system/SIEM
Designing Teams for Emerging Challenges
The document discusses designing teams and processes to adapt to changing needs. It recommends structuring teams so members can work within their competencies and across projects fluidly with clear roles and expectations. The design process should support the team and their work, and be flexible enough to change with team, organization, and project needs. An effective team culture builds an environment where members feel free to be themselves, voice opinions, and feel supported.
Visual Design with Data
An immersive workshop at General Assembly, SF. I typically teach this workshop at General Assembly, San Francisco. To see a list of my upcoming classes, visit https://generalassemb.ly/instructors/seth-familian/4813
I also teach this workshop as a private lunch-and-learn or half-day immersive session for corporate clients. To learn more about pricing and availability, please contact me at http://familian1.com
3 Things Every Sales Team Needs to Be Thinking About in 2017
Thinking about your sales team's goals for 2017? Drift's VP of Sales shares 3 things you can do to improve conversion rates and drive more revenue.
Read the full story on the Drift blog here: http://blog.drift.com/sales-team-tips
How to Become a Thought Leader in Your Niche
Are bloggers thought leaders? Here are some tips on how you can become one. Provide great value, put awesome content out there on a regular basis, and help others.
Viewers also liked (7)
Lessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy Sector
3 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 2017
Similar to About Infracritical
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
This document provides an overview of Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS), including fundamentals, evolution over time, vulnerabilities, security frameworks, good practices, and resources. It defines SCADA/ICS, describes how they have become more interconnected, lists vulnerabilities like outdated systems and remote access, outlines security standards like NIST and NERC, recommends practices like segmentation and patching, and provides example frameworks and resources.
NIS.docx
This document is a project report on automated color detection system submitted by Prem Vijay Borse to fulfill the requirements of a diploma in computer engineering. The report includes an introduction outlining the need for computerized network security. It also includes chapters on literature review, existing system analysis, proposed new system design, implementation details, and conclusions. The overall aim is to design a computerized network security system to replace the existing manual process and address issues like fraudulent activities and unauthorized access of data in banks.
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
This document summarizes the cybersecurity research agenda of the U.S. Department of Homeland Security Science and Technology Directorate. It discusses how DHS is focusing on areas like critical infrastructure security, open source software, cyber-physical systems, and new technology programs. The research aims to drive innovation in cybersecurity solutions through collaboration with academia, industry and open source communities to address evolving threats and transition technologies for real-world use.
BrownResearch_CV
This document provides a summary of Abby Brown's technical experience including book reviews and editor roles, software patents submitted and issued, research projects and presentations conducted, and technical memberships. Key details include serving as technical editor for two books on Tibco software, submitting several patents around automated tools for services, metadata, and network alarms, presenting on topics such as cloud computing and SOA, and holding memberships in technical organizations like IEEE, The Open Group, and OASIS.
Generic Security Framework for Multiple Heterogeneous Virtual Infrastructures
Virtualization continues to take center stage at IT industry, yet many organizations are finding it difficult to secure virtualized environments. Security is a critical component in the growing IT system surrounding virtualization. Many organizations find the security challenges associated with virtualization to be a major hurdle, companies of all kinds across all industries are looking towards addressing business and security needs in the virtual infrastructure. There are many research work done before about how to check the compliance status of the cloud platform, not of the virtual machines running on the platform. This paper proposes the security framework for multiple heterogeneous virtual machines which assess the compliance security of the virtual machines. In this paper we make use of REST APIs, using which we create remote session on the virtual machines and fetch the machine values which will be parsed to get the required values for assessment.
IRJET- Securing Cloudy Cyberspace: An Overview of Crimes, Threats and Risks
This document provides an overview of security issues related to cloud computing. It discusses how cloud computing allows ubiquitous access to computing resources over the internet. However, the growth of cloud computing and increased internet usage has also led to more cybercrimes and security threats. The document emphasizes that security measures must address both cybersecurity and information security cultures to effectively manage cloud threats. It also notes that modern society faces increased uncertainties and risks due to its reliance on technology in both physical and digital spaces.
TDC2016SP - Trilha Linux Embarcado
The document discusses porting Linux to microcontrollers with low memory and storage. It describes how Linux can leverage the microcontroller development environment and avoid fragmentation by using the device tree to describe hardware instead of coding it directly into the kernel. The document recommends starting with a known Linux configuration like stm32_defconfig and using the Kconfig menuconfig tool to customize it for the specific microcontroller.
Dagrep v006-i009-complete
The document summarizes the key discussions from a seminar on the security challenges and opportunities of software-defined networking (SDN). SDN aims to simplify network management by separating the control plane from the data plane and controlling network flows from a centralized controller. While SDN provides benefits like flexibility and programmability, it also introduces new security risks as the centralized controller is a single point of failure and compromising it could give an attacker control of the entire network. Seminar participants debated these issues, discussing whether SDN security problems are manageable or if SDN networks could never be fully secured. Both opportunities and challenges around SDN security were considered.
Dagrep v006-i009-complete 2
The seminar brought together over 40 researchers from academia and industry to discuss the security challenges and opportunities of software-defined networking (SDN). SDN aims to simplify network management by separating the control plane from the data plane and controlling network flows from a centralized controller. While SDN promises benefits like improved security mechanisms, it also introduces new risks such as single points of failure and increased complexity.
The seminar included talks on SDN basics and security aspects. Participants discussed SDN issues in working groups focusing on topics like centralization, flexibility for attackers/defenders, and the attack surface. Additional groups addressed research directions to improve SDN security, architecture, operation in secure environments, and SDN-based security.
A Resiliency Framework For An Enterprise Cloud
The document summarizes a research paper that proposes a resiliency framework called the Cloud Computing Adoption Framework (CCAF) for enterprise clouds. CCAF includes four major emerging services - software resilience, service components, guidelines, and real case studies - that are designed to improve an organization's security when adopting cloud computing. The framework was validated through a large survey that provided user requirements to guide the system's design and development. CCAF aims to illustrate how software resilience and security can be improved for enterprises moving to the cloud.
the world of technology is changing at an unprecedented pace, and th.docx
the world of technology is changing at an unprecedented pace, and these changes represent business opportunities as well as challenges. Mass connectivity and faster speeds create opportunities for businesses to network more devices, complete more transactions, and enhance transaction quality. Internet Protocol version 6 (IPv6) and Internet of things (IoT) are two such technologies that represent significant opportunities for strategic cybersecurity technology professionals to create lasting value for their organizations.
IoT is the phenomenon of connecting devices used in everyday life. It provides an interactive environment of human users and a myriad of devices in a global information highway, always on and always able to provide information. IoT connections happen among many types of devices — sensors, embedded technologies, machines, appliances, smart phones — all connected through wired and wireless networks.
Cloud architectures such as software as a service have allowed for big data analytics and improved areas such as automated manufacturing. Data and real-time analytics are now available to workers through wearables and mobile devices.
Such pervasive proliferation of IoT devices gives hackers avenues to gain access to personal data and financial information and increases the complexity of data protection. Given the increased risks of data breaches, newer techniques in data loss prevention should be examined.
Increased bandwidth and increased levels of interconnectivity have allowed data to become dispersed, creating issues for big data integrity. In such a world, even the financial transactions of the future are likely to be different — Bitcoin and digital currency may replace a large portion of future financial transactions.
To survive and thrive, organizational technology strategists must develop appropriate technology road maps. These strategists must consider appropriate function, protection, and tamper-proofing of these new communications and transactions.
It will be impossible to protect data by merely concentrating on protecting repositories such as networks or endpoints. Cybersecurity strategists have to concentrate on protecting the data themselves. They will need to ensure that the data are protected no matter where they reside.:
Step2
Select Devices and Technologies
By now, you have an idea of your team members and your role on the team project. Now, it's time to get the details about the devices and technologies needed to be included in the Strategic Technology Plan for Data Loss Prevention.
You should limit the scope of this project by selecting a set of devices and technologies which are most appropriate for data loss prevention for your business mission and future success. Based on your prior knowledge of your company and based on the project roles you agreed upon in the previous step, perform some independent research on the following topics and identify a set of devices and technologies that you propose for.
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
What happens when the (Observe) Plan-Do-Check-Adjust cycle is undermined by lapses in data integrity? Observations are questioned. Plans may be ill-conceived. Actions may be undertaken that undermine rather than enhance. “Checks” can fail. Adjustments may be guesswork. In cybersecurity, the results of poor data integrity can be expensive outages, ransom requests, breaches, fines -- even bankruptcy (think Cambridge Analytica). But data integrity issues take many forms, ranging from benign to malicious. The full range of these issues is surveyed from a cybersecurity perspective, where logs and alerts are critical for defenders -- as well as quality engineers . Techniques borrowed from model-based systems engineering and ontology AI to are identified that can mitigate these deleterious effects on PDCA.
Safety reliability and security lessons from defense for IoT
Presentation by David Jedynak, CTO of Curtiss-Wright Defense Solutions. This was presented at IoT613 on Friday, September 30, 2016.
10 IT Automation Conferences to Attend
This document provides a summary of 10 IT automation conferences for professionals to attend in order to stay up-to-date on the latest trends in software development, ITIL best practices, automation methods, and compliance issues. The conferences cover a wide range of topics from communications and open source development to software testing, networking, and education technology. They take place between January and November in locations including Miami Beach, Portland, Las Vegas, Chicago, and Europe.
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
Southern African Internet Governance Forum 2015
(SAIGF-15) Thematic Paper No. 7
“A Case for Multi-stakeholder partnerships for critical Internet resources
security in the SADC Region”
Produced by: Southern African Development Community (SADC) Secretariat
Prepared by: Mr. Cade Zvavanjanja
Abstract: With much of SADC‟s Member State‟s critical Internet resources being in the hands of both private and public sector, it seems a natural solution for industry,
Government, civic society and private citizens to work together in ensuring it is both secure and resilient. This cooperation in the form of Multi-stakeholder Partnerships (MPs) is needed in and among Member States and at different times, depending on the environment, culture and legal framework. There is no common definition of what constitutes a MP addressing this area. Diversity is strength when making networks and systems resilient, yet there also exist a need for interworking and a common understanding, especially when making a case for SADC view. There is also a need for a global view as there is a growing awareness for a truly global approach to Critical Internet resources security (CIRS). No country can create a CIRS approach in isolation, as there are no national boundaries on the Internet. The paper makes a case for MPs for CIRS in SADC while addressing the Why, Who, How, What and When questions associated with establishing and maintaining MPs for CIRS in SADC. It uses data from both public and private sector stakeholders across 14 SADC countries. This is not a prescriptive guide, but has a focus on clarity of purpose and approach so that stakeholders can easily choose those aspects that will add value to their endeavours in establishing and maintaining MPs.
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
There are new threats to cybersecurity for HMI/SCADA applications every week, and it can be difficult to stay on top of current threats and concerns. InduSoft is here to help, with an analysis of recent cybersecurity threats and how to take steps to protect SCADA/HMI systems from the vulnerabilities they seek to exploit. We will also be discussing the security features available in InduSoft Web Studio and how to take advantage of them to create the most stable, secure HMI or SCADA application possible.
Security in Smart City Implementation: Infrastructure and People
ISS-(ISC)2 Seminar: Singapore Security Direction and Approaches to Smart Nation Implementation.
By Mr. David Shearer, CISSP, Chief Executive Officer, (ISC)2
Software Architecture: introduction to the abstraction
The document provides an introduction to software architecture concepts including:
- Software architecture is defined as a set of components and connectors communicating through interfaces along with architecture design decisions.
- Multiple views are used to describe architectures including logical, process, deployment, and more.
- Architectural styles like pipe-and-filter and layered styles guide architecture design.
- Careful architecture design is important as it impacts system properties like performance, scalability, and testability.
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
The document discusses DDS (Data Distribution Service) as the proven data connectivity standard for industrial IoT (IIoT). It notes that DDS addresses the key characteristics of reliability, scalability, safety, security and resiliency required for large, heterogeneous IIoT systems. The document also discusses the Industrial Internet Consortium's efforts to develop a common architecture connecting sensors to the cloud across industries. It highlights RTI's role in numerous projects and standards efforts related to IIoT.
Industrial IOT Data Connectivity Standard
Presentation at the 2016 IIOT Challenges and Opportunities Workshop.
The next wave of Industrial Internet applications will connect machines and devices together into functioning, intelligent systems with capabilities beyond anything possible today. These systems fundamentally depend on connectivity and information exchange to derive knowledge and make "smart decisions". They require a much higher level of reliability and security than "Consumer" IoT applications. OMG's Data-Distribution Service for Real-Time Systems (DDS) is the premier open middleware standard directly addressing publish-subscribe communications for Industrial IoT applications. It provides a protocol that meets the demanding security, scalability, performance, and Quality of Service requirements of IIoT applications spanning connected machines, enterprise systems, and mobile devices.This presentation will use concrete use cases to introduce DDS and examine why energy, advanced medical, asset-tracking, transportation, and military systems choose to base their designs on DDS.
Similar to About Infracritical (20)
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Generic Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual Infrastructures
IRJET- Securing Cloudy Cyberspace: An Overview of Crimes, Threats and Risks
IRJET- Securing Cloudy Cyberspace: An Overview of Crimes, Threats and Risks
the world of technology is changing at an unprecedented pace, and th.docx
the world of technology is changing at an unprecedented pace, and th.docx
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
Safety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoT
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Security in Smart City Implementation: Infrastructure and People
Security in Smart City Implementation: Infrastructure and People
Software Architecture: introduction to the abstraction
Software Architecture: introduction to the abstraction
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
About Infracritical
- 1. Who and what is “Infracritical”? SCADA and Control Systems Security Group (SCADASEC) Bi-Partisan Technologist Conference (“The Gathering”) – First Meeting Tentative Plan – late April / early May 2009 Bob Radvanovsky, CIFI, CISM, CIPS Jacob Brodsky, PE Creative Commons License v3.0.
- 7. Publications and Whitepapers "Critical Infrastructure: Homeland Security and Emergency Preparedness" (published by Taylor & Francis Publishing, released in May 2006) outlines issues pertaining to homeland security and emergency preparedness, but mentions about 'CIP' and critical infrastructure information ("CII"), and how all is tied together. "Transportation Systems Security" (published by Taylor & Francis Publishing, released in June 2008) represents a comprehensive text presenting strategic, practical, and operational applications for physical, procedural, and psychological safeguards needed to keep all modes of transportation up and running. "Critical Infrastructure: Homeland Security and Emergency Preparedness – Version 2" (published by Taylor & Francis Publishing, released in December 2009).
- 15. Questions? Bob Radvanovsky, (630) 673-7740 [email_address] Jacob Brodsky, (443) 285-3514 [email_address] Creative Commons License v3.0.