Cyber threats and vulnerabilities pose likely and imminent degrees of risk to the critical infrastructure grid which includes facilities, supervisory control and data acquisition systems (SCADA) and field devices. The intricate network architecture of the smart grid is exposed to hidden risks posed by interconnected heterogeneous devices from multiple vendors, integrated open source and commercial off-the-shelf (COTS) components, and minimum (or lack of) supply chain cyber hygiene.
The healthcare industry is undergoing a radical reform from HIPAA to HITECH with the passage of legislation to (a) impose civil and criminal penalties on willful neglect, and (b) adoption of Electronic Health Records (EHI) with implications on security of electronic Protected Health Information (ePHI) across the supply chain including providers and business associates. These two key provisions will drive how CIOs and CISOs in the healthcare industry must develop processes and policies for compliance and enforcement.
The move from “log correlation” to “behavioral risk” requires a paradigm shift.
The first generation of cybersecurity solutions leveraged the power of “logs”. This was based on the credence that ad-hoc events once captured and preserved may be correlated in the future to provide historical evidence. Logs are valuable for technical support, troubleshooting and audits. The log centric model was designed to fulfill compliance requirements and verify security controls implemented for access management.
For would-be attackers, cloud services like Dropbox offer a convenient end-run around the perimeter-based firewalls, intrusion detection systems, web gateways and anti-malware sandboxes commonly used by many enterprises. Employees and contractors regularly bring personal devices into their enterprise networks, while some organizations openly allow cloud services to operate within their managed domains. The convenience and rapid adoption of cloud-based file storage makes it an almost ubiquitous problem for enterprise security.
No intricate grid of security point controls, howsoever strategically deployed at the perimeter and in the core of the network can respond reliably and effectively without real-time threat information sharing. Actionable intelligence will require risk metrics, interoperability across multi-vendor security products, velocity of remediation and diversity of detection methods for resilience against advanced evasion techniques of emerging threats.
The core foundation of cyber security needs to be reinforced from the exposed limitations of legacy controls that have outlived the compliance and signature based paradigm. The new paradigm for Enterprise Risk Management (ERM) is based on real evidence from active behavior recognition, reducing false positives (the fog) through automation that augments human-level IQ, real-time threat intelligence sharing to enrich context, and partnerships that streamline workflow.
Yesterday we learned about yet another massive data breach, this time at Anthem, Inc., the second largest U.S. health insurance provider.
While we don't yet have any specific information on how this data breach occurred, as a cyber security professional, it reminds me of how simple mistakes at small companies can lead to big problems up the supply chain.
Today, standard operating procedure for security organizations dealing with increasing threats is bolting on increasingly sophisticated technologies: anti-virus, router ACL lists, firewalls, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), web reputation services, web application firewalls, Security Information Event Management (SIEM), anti-malware gateways, endpoint virtualization, etc.
It’s become a daily occurrence to learn of the latest breach when reading the news each day during your morning coffee. They are so frequent, and the volume of records breached so astronomical, that people are starting to get desensitized. This is both good and bad for information security professionals. On the positive side, there is no longer any issue convincing management that malware, hacking and breaches are serious issues.
One of the nation’s largest financial institutions, J.P. Morgan Chase & Co., is still reeling from a massive cyber-assault which compromised the personal information of millions of their customers.