Infosecurity.US

Information Security & Occasional Forays Into Adjacent Realms

  • Web Log

When a Tree Falls in St. Louis, Will the Power Go Out?

May 09, 2019 by Marc Handelman in Physical Power Networks, Forestry, Artificial Intelligence, Machine VIsion, Machine Learning, UAV, ICS/SCADA, ICS, Electrical Engineering, Infrastructure, Infrastructure Security

A superlative bit of combinatorial scholarship coming out of St. Louis University, where Sean Hartling, Vasit Sagan, Paheding Sidike, Maitiniyazi Maimaitijiang and Joshua Carron have lashed-up geospatial sciences, machine learning, UAVs, and no-small level of intellectual virtuosity to study trees, the natural felling thereof, and power outages. Todays' Must Read for you ICS Boffins and Foresty geeks (while not ignoring the AI, ML, UAv and Network Information Security types as well).

"At SLU, geospatial science meets machine learning. In a study recently published in Sensors, Saint Louis University researchers paired satellite imaging data with machine learning techniques to map local tree species and health. The data generated by the project will help inform best practices for managing healthy green spaces as well as trimming programs to avoid power outages following storms." - via Carrie Bebermeyer, Senior Media Relations Specialist at St. Louis University

May 09, 2019 /Marc Handelman
Physical Power Networks, Forestry, Artificial Intelligence, Machine VIsion, Machine Learning, UAV, ICS/SCADA, ICS, Electrical Engineering, Infrastructure, Infrastructure Security

Shmoocon 2019, Adam Everspaugh's 'Un-f*$#ing Cloud Storage Encryption' →

March 10, 2019 by Marc Handelman in Shmoocon 2019, Infrastructure Security, Infrastructure, Information Security, Education, Conferences

Source Credit: Shmoo Con 2019 at Archive.org, also available at 0xdade's YouTube Channel. Enjoy!

March 10, 2019 /Marc Handelman
Shmoocon 2019, Infrastructure Security, Infrastructure, Information Security, Education, Conferences

via User Friendly by Illiad!

Infrastructure Security Monday: The Idiocy Chronicles →

August 13, 2018 by Marc Handelman in Sysadmins?, IT Stories, Physical Security, Infrastructure, Infrastructure Security

via Rebecca Hill, writing for El Reg, comes a tale of the need for education (not too mention common sense) in the system adminsitration ranks... Read it - my friends, and weep for the present-that-apparently-never-ends.

August 13, 2018 /Marc Handelman
Sysadmins?, IT Stories, Physical Security, Infrastructure, Infrastructure Security

ICS/SCADA, The Protectors →

May 05, 2018 by Marc Handelman in Cybersecurity, Cyberwar, Information Security, Infrastructure, Public Safety, Power Generation, Public Infrastructure

Superb journalism in the form of an article posted by Ellen Nakashima and Aaron Gregg of The Washington Post detailing critical work of United States National Security Agency trained malware hunters - now the co-founders of Dragos, a highly respected cybersecurity firm. If you read anything today on public infrastructure security read Ellen Naksshima and Aaron Gregg's important piece at The Washington Post. You'll be glad you did.

The cyber threat hunters had honed their chops at the National Security Agency — the world’s premier electronic spy agency. And last fall, they were analyzing malware samples from around the world when they stumbled across something highly troubling... - via Ellen Nakashima and Aaron Gregg of The Washington Post**

May 05, 2018 /Marc Handelman
Cybersecurity, Cyberwar, Information Security, Infrastructure, Public Safety, Power Generation, Public Infrastructure

USENIX Enigma 2017 — Lt. Col. Tim Booher's 'Understanding and Securing DoD Weapon Systems ' →

August 22, 2017 by Marc Handelman in All is Information, Conferences, Information Security, Infrastructure, USENIX, US DARPA, Physical Security, US DOD
August 22, 2017 /Marc Handelman
All is Information, Conferences, Information Security, Infrastructure, USENIX, US DARPA, Physical Security, US DOD

NCCoE Releases New Electric Utility Cybersecurity Practice Guide →

February 16, 2017 by Marc Handelman in All is Information, NIST NCCoE, Internetwork Security, Infrastructure, Information Security, Utilities, NIST

The NCCoE has announced a new NIST Cybersecurity Practice Guide (currently in draft mode - for your commenting pleasure...) and entitled - "SP 1800-7 Situational Awareness for Electric Utilities. Enjoy.

February 16, 2017 /Marc Handelman
All is Information, NIST NCCoE, Internetwork Security, Infrastructure, Information Security, Utilities, NIST

Chimped

November 28, 2016 by Marc Handelman in All is Information, Infrastructure, Infosec Policy, Information Security, Spam

Last week's MailChimp hack and subsequent malicious emails are still not sufficently explained... I'll wager the RCA (if one was accomplished) points to deeper process issues than meets casual inspection. Perhaps stronger customer guidance on information security matters is in order (if, in fact, the cause was customer exploitation, rather than in-built flaws in the MailChimp infrastructure. In any case, you be the judge.

"A MailChimp spokesperson confirmed that it had reset passwords on the accounts included in the data dump": "Our team has obtained the data from the security researcher. They’ve validated usernames with our user base, and have forced password resets on the affected users. - via the inimitable Graham Cluley at grahamcluley.com**

November 28, 2016 /Marc Handelman
All is Information, Infrastructure, Infosec Policy, Information Security, Spam

Oracle Announces Cloud Identity Management →

September 01, 2016 by Marc Handelman in All is Information, Believe It Or Not, Better Late Than Never, Cloud Security, Identity Management, Information Security, Infrastructure, Middleware Security, Middleware, Identity Cloud Services

Meanwhile, in Better-Late-Tha-Never-News, there is a white paper to accompany the latest Oracle Corporation (NYSE: ORCL) announcement.

 

September 01, 2016 /Marc Handelman
All is Information, Believe It Or Not, Better Late Than Never, Cloud Security, Identity Management, Information Security, Infrastructure, Middleware Security, Middleware, Identity Cloud Services

Who's In Charge of What →

November 20, 2015 by Marc Handelman in All is Information, Infrastructure, Infosec Competence

Patrick Tucker, writing at DefenseOne, details the comedy of errors waiting to be unleashed.

November 20, 2015 /Marc Handelman
All is Information, Infrastructure, Infosec Competence

Council on Foreign Relations, The State of US Cybersecurity →

November 09, 2015 by Marc Handelman in All is Information, Intelligence, Infrastructure, Infosec Policy, Information Security
November 09, 2015 /Marc Handelman
All is Information, Intelligence, Infrastructure, Infosec Policy, Information Security

Internet Without Screens →

November 02, 2015 by Marc Handelman in All is Information, Information Sciences, Information Sharing, Information Security, Infrastructure, Internet
November 02, 2015 /Marc Handelman
All is Information, Information Sciences, Information Sharing, Information Security, Infrastructure, Internet

CSRA & NIST To Host Cybersecurity Smart Cities Conference

May 08, 2015 by Marc Handelman in Information Security, Infosec Policy, Infrastructure, NIST, CSRA, Conferences

The Cybersecurity Research Alliance (CSRA) (in partnership with NIST), has announced open registration for the organization's latest conference, entitled 'Designed-in Cybersecurity for Smart Cities: A Discussion of Unifying Architectures, Standards, Lessons Learned and R&D Strategies'. Slated for May 27th and 28th 2015, at the National Institute of Standards and Technology Gaithersburg, Maryland campus. Visit the Conference Site for additional information.

May 08, 2015 /Marc Handelman /Source
Information Security, Infosec Policy, Infrastructure, NIST, CSRA, Conferences
<

EVE Fanfest 2015: CCP Security, Game Security At It's Finest →

April 22, 2015 by Marc Handelman in Game Security, Game Information Security, Infrastructure, Information Security
April 22, 2015 /Marc Handelman
Game Security, Game Information Security, Infrastructure, Information Security

FCC Issues Net Neutrality Order Document →

March 16, 2015 by Marc Handelman in All is Information, Commerce, Communications, Compute Infrastructure, Electrical Engineering, Governance, Government, Information Security, Infrastructure, Internet, Internet Governance, Legal, Mobile Networks, Networks, TCP/IP Internetworking, United States of America

The Federal Communications Commission has issued the codified order targeting Net Neutrality. Entitled FCC 15-24*, for GN Docket Number 14-28, In the Matter of Protecting and Promoting the Open Internet, Report and Order on Remand, Declaratory Ruling, and Order. At over *Four hundred pages long*, this document will (likely) become one of the most highly contentious Orders emerging this year (or the weapon of choice for conspiracy theorists due to it's weight*) from the Commission.

March 16, 2015 /Marc Handelman
All is Information, Commerce, Communications, Compute Infrastructure, Electrical Engineering, Governance, Government, Information Security, Infrastructure, Internet, Internet Governance, Legal, Mobile Networks, Networks, TCP/IP Internetworking, United States of America

NIST Announces New Internal Report Targeting Smart Metering →

March 13, 2015 by Marc Handelman in All is Information, Communications, Compute Infrastructure, Data Security, Electrical Engineering, Hardware Security, ICS/SCADA, Infrastructure, Information Security

The National Institute of Standards and Technology (NIST) has announced a new internal report detailing a framework targeting Smart Meter Upgradability (NIST Internal Report NISTIR 7823), Advanced Metering Infrastructure Smart Meter Upgradeability Test Framework). Authored by Michaela Iorga (a member of the Computer Security Division, in the Information Technology Laboratory (ITL) at NIST) and Scott Shorter (of Electrosoft Services, Inc. in Reston, Virgina), the document is also available at the International DOI System under NIST.IR.7823.

I reckon the document's abstract sums it up quite nicely:

"As electric utilities turn to Advanced Metering Infrastructures (AMIs) to promote the development and deployment of the Smart Grid, one aspect that can benefit from standardization is the upgradeability of Smart Meters. The National Electrical Manufacturers Association (NEMA) standard SG-AMI 1-2009, “Requirements for Smart Meter Upgradeability,” describes functional and security requirements for the secure upgrade—both local and remote—of Smart Meters. This report describes conformance test requirements that may be used voluntarily by testers and/or test laboratories to determine whether Smart Meters and Upgrade Management Systems conform to the requirements of NEMA SG-AMI 1-2009. For each relevant requirement in NEMA SG-AMI 1-2009, the document identifies the information to be provided by the vendor to facilitate testing, and the high-level test procedures to be conducted by the tester/laboratory to determine conformance." - via NIST IR 7823

Meanwhile, you can also track, examine and attempt to contain your surprise at the latest, recognized industiral control systems & supervisory control and data acquisition systems vulnerabilities from our colleagues st US-CERT, here.

March 13, 2015 /Marc Handelman
All is Information, Communications, Compute Infrastructure, Data Security, Electrical Engineering, Hardware Security, ICS/SCADA, Infrastructure, Information Security

Google Creates Quantum Chip →

March 08, 2015 by Marc Handelman in All is Information, Computation, Compute Infrastructure, Computer Science, Electrical Engineering, Infrastructure, Mathematics, Physical Sciences, Quantum Effects, Quantum Mathematics, Quantum Mechanics

News, via Wired's Robert McMillan, of trouble in paradise. In this case, an error prone computational quantum platform the search leviathan Google Inc. (NasdqGS: GOOG) is running, down yonder in Mountain View...

"The crux of the problem is a phenomenon called bit-flipping. This happens when some kind of interference—cosmic rays, for example—causes the bits stored in memory to “switch state”—to jump from a 0 to a 1 or vice versa. On a PC or a server, error correction is relatively easy." - via Wired's Robert McMillan

  • Image depicts a D-WAVE branded quantum computational device
March 08, 2015 /Marc Handelman
All is Information, Computation, Compute Infrastructure, Computer Science, Electrical Engineering, Infrastructure, Mathematics, Physical Sciences, Quantum Effects, Quantum Mathematics, Quantum Mechanics

Internets of Energy →

March 02, 2015 by Marc Handelman in All is Information, Commerce, Electrical Engineering, ICS/SCADA, Information Security, Internet Antiquities, National Security, Infrastructure, Smart Grids, Utilities

In which, the National Science Foundation NSF regales us with the Horrible Revelation that our power grid's baseline technological underpinnings are firmly ensconced within Industrial Age capabilities. Bad says you, Huzzah!

March 02, 2015 /Marc Handelman
All is Information, Commerce, Electrical Engineering, ICS/SCADA, Information Security, Internet Antiquities, National Security, Infrastructure, Smart Grids, Utilities