Recently I was with a CISO of a multi-billion dollar critical infrastructure provider in the private sector.
We were conducting a security scan and compiling a list of issues and areas that needed to be addressed as part of his overall security program. While at one of the facilities he received a notification that he shared with me. The message was that they had traced back the source of a breach that had occurred a few months back. Keep reading →
The demise of an industry icon, Nortel Networks, as the evidence has now made clear, was the result of a cyber attack. Who could forget Nortel Networks’s place in the technology landscape? While the company is gone, their equipment is still in operations throughout the world.
In an article that appeared in the Wall Street Journal, it was reported that hackers had roamed freely inside Nortel’s vast corporate network for over a decade and contributed to the company going bankrupt in 2009.
Indications are that the attacker’s traffic was traced back to China. This came as a result of countless hours poring over log files until the investigators found the needle in the haystack.
According to Brian Shields, a long time Nortel employee and the point person on the investigation, the cyber espionage activities resulted in the exfiltration of technical papers, R&D documents, business plans, emails and other documents. They had full access to very sensitive information about the technology and plans of the company.
For years now, U.S. intelligence organizations and subject matter experts have warned of the vast array of clandestine cyber espionage activities of the Peoples Republic of China (PRC). While some of these activities are the result of organizations in the private sector, the government is often cited as the sources of the acts of espionage. Naturally, the Chinese government has denied these allegations. Keep reading →
The European Network and Information Security Agency (ENISA) just released a new study this month that looks at protecting the security of industrial control (or SCADA) systems (ICS).
The study recognizes that industrial control systems are truly a strategic asset and must be protected against the rising potential of cyber terrorist attacks with Keep reading →
It is getting to the point that those reporting acts of cyber aggression, particularly in the area of cyber espionage, think they are in a repetitive do-loop. It is the same story over and over again with the only difference being the list of victims.
The news of late has been the discovery of yet another sophisticated cyber attack that resulted in the collection of untold information, some general some sensitive, from the business community as well as defense contractors and government officials. Keep reading →
COMMENTARY:
Last week yet another call was heard for the need for increased efforts to identify, collect, analyze and disseminate cyber intelligence. This latest call was the result of a recent report that warned the U.S. must develop cyber intelligence as a new and better coordinated government discipline.
How many times does this have to be recommended and justified before we just get it done and done right? Keep reading →