Additional Content Download

The Weekly Breach #TWB 03.03.2015

Download your free exclusives now and access the hottest cybersecurity topics this week on The Weekly Breach:

  • Top 10 Cyber Trends Affecting the CNI Sector
  • 8 truths the ICS Cyber Security Summit must address
  • Risk of environmental cyber attacks demands “enhanced monitoring”
  • Infographic: Is your business prepared to respond to a data breach
8 truths the ICS Cyber Security Summit must address

8 truths the ICS Cyber Security Summit must address

February 2015
A controversial confession...
From the perils of information legislation to bad advice from self-proclaimed experts, the field of cybersecurity for critical national infrastructure is peppered with pitfalls. Here, Defence IQ examines 8 hard truths that the ICS Cyber Security Summit hopes to discuss to better educate the community on both the dangers and the opportunities impacting this field.

Intelligence Driven Defense [Lockheed Martin]

Intelligence Driven Defense [Lockheed Martin]

See how the Lockheed Martin Computer Incident Response Team (LM-CIRT) used analysis obtained through the intrusion kill chains and robust indicator maturity to successfully detect and mitigate an intrusion leveraging a "zero-day" vulnerability.

This whitepaper also reviews:

  • Using a kill chain model to describe phases of intrusions
  • Mapping adversary kill chain indicators to defender courses of action
  • Identifying patterns that link individual intrusions into broader campaigns
  • Understanding the iterative nature of intelligence gathering form the basis of intelligence-driven computer network defense (CND)
Cyber 9/11: Is The Oil & Gas Industry Sleepwalking Into A Nightmare?

Cyber 9/11: Is The Oil & Gas Industry Sleepwalking Into A Nightmare?

Cyber Security within the oil and gas industry is a threat that is, in many cases, being ignored. It has a direct effect in the creation of government regulation and legislation, can have deep financial impact and – in some cases – can even cost lives.
The 2014 Verizon Data Breach report states that 40% of the attacks performed in the manufacturing and mining industry are cyber espionage based. A UK survey revealed that 81% of large companies were digitally attacked, at an average cost of £1 million per company. Similarly, 62 per cent of small and medium-sized enterprises (SMEs) were digitally attacked in 2014 at an average cost of more than £100,000 per incident.
Cyber 9-11 is coming, and it’s a “when” and not “if” scenario. It is debatable whether anybody can be totally prepared for an event of such magnitude, but our research has shown that the oil and gas industry is unfortunately often unprepared in its basic prevention and mitigation abilities.
Eventually, even your company will be a target and the cost of unpreparedness could be crippling.
In this 15 page Oil & Gas IQ report we examine the current state of Oil and Gas Cyber Security and the mammoth price of not being prepared.
Guide to Implementing the Top 20 Critical Controls for ICS Cybersecurity [Lockheed Martin]

Guide to Implementing the Top 20 Critical Controls for ICS Cybersecurity [Lockheed Martin]

The US State Department in conjunction with the SANS Institute has previously demonstrated more than 94% reduction in "measured" security risk through the rigorous automation and measurement of the Top 20 Critical Controls.

What does this mean for your unique control systems environment?

Find out how The Top 20 Critical Controls map to real-world business value across critical infrastructure operations including:

  • Operational uptime and efficiency
  • Improved situational awareness
  • Cyber risk mitigation
  • Resource relief and scalability of tools
  • Audit success
State sponsored hacking highlights public-private security gap [Defence Industry Bulletin]

State sponsored hacking highlights public-private security gap [Defence Industry Bulletin]

The April 2015 issue of Defence Industry Bulletin takes a look at the recent revelations made about state-sponsored cyber activities and what this level of threat means for governments and private companies tasked with protecting critical national infrastructure. Are these partnerships working or does more need to be done?...

Digital Danger: How Do You Build An Effective Cyber Strategy For Oil & Gas?

Digital Danger: How Do You Build An Effective Cyber Strategy For Oil & Gas?

From the technical to the cultural, there a many risks associated with digitizing upstream oil processes. As David Joy, Senior Project Integration at Weatherford explains in the following interview, Cyber threats exists that can be managed if you stay ahead of them – read below to find out the elements that go into building and maintaining a robust and proactive cyber security strategy:   Highlight the range of technological and cultural risks associated with going digital. Technological risks: Company intellectual property, trade secrets, etc. typically are more accessible to a larger audience when stored and accessed via digital methods. Digital surveillance and gathering/storage of personal data is pushing the limits of individual privacy concerns, and increasing the corporate liability for privacy breaches. Cultural risks: Global staff possesses varying degrees of knowledge about cyber-security, the importance of safeguarding company intellectual property, etc. –

Risk of environmental cyber attacks demands “enhanced monitoring”

Risk of environmental cyber attacks demands “enhanced monitoring”

January 2015
Much has been made of the hacking threat in recent weeks where it concerns the loss of business and intellectual property, but there is a risk that such attention can take the focus off the other – and arguably more vital – side of the spectrum; namely, the physical and environmental risks posed by miscreant or state-led cyber attacks. We explore the potential disasters waiting in the wings for operators in the High Hazard industry, while an anonymous insider clarifies what needs to be kept in mind when it comes to protecting these systems or forming an emergency action plan to respond...

Registration form for ICS DACH 2017

Registration form for ICS DACH 2017

Fast track your registration by filling out this form

28 Solutions to the Cross-Sector ICS Nightmare

28 Solutions to the Cross-Sector ICS Nightmare

In February 2017, two researchers at the Georgia Institute of Technology simulated a cyber attack on a water treatment plant. Using ransomware, the academics managed to access programmable logic controllers (PLCs) to shut off valves, increase the chlorine content of water and show false information on computer displays.

The ICS world is riddled with weaknesses that are ready to be exploited by switched-on wrongdoers for currency and chaos. In this analysis we look at five of the most dangerous roots of ICS breach and how to best prevent them.