SOFTWARE SECURITY

Camera Cyber Security Specification and Alliance Council for App Developers are announced by the Open Security & Safety Alliance.

Open Security & Safety Alliance | March 03, 2021

Camera Cyber Security Specification and Alliance Council for App Developers are announced by the Open Security & Safety Alliance.
The Open Security and Safety Alliance, an industry body contained partners from all aspects of the security, wellbeing and building mechanization space, today declared two significant advancements as a component of its main goal to clear the street towards dependable and imaginative security and wellbeing arrangements. Initial, another particular is currently accessible to individuals that centers around camera network protection measures. OSSA likewise presents another App Developer Council intended to pull in and include application designers in the Alliance's steadily developing environment of security and wellbeing industry players.

Executing Trustworthiness Thresholds

The most current specialized particular – the OSSA Camera Cyber Security Specification – contains definitions and rules in regards to obligatory and discretionary security judgments for cameras. It is to a great extent dependent on a current norm by the International Electrotechnical Commission (IEC), with an extra clear spotlight on the security market and OSSA reasoning by straightforwardly splitting the jobs and duties between camera producers, the working framework (OS) supplier and the framework on-chip (SoC) merchant, specifically. The determination additionally endorses duty changes in case of individual OS alterations by camera producers. The compulsory piece of these rules will be utilized as contribution for the impending OSSA certificate system.

The OSSA-coordinated environment is intended to improve trust, empower development past the constraints of a solitary association, and fuel opportunity for industry partners and clients.

Spotlight

"No responsible enterprise would operate without firewalls, intrusion detection systems, and other technology-based controls to safeguard its information. But how are you addressing the ultimate security endpoint-the human? What protection, if any, do your people get?

Unfortunately, there is no firewall technology that can block a social engineering phone call or a phishing e-mail from a ""trusted"" source. That's why an effective security awareness program is essential not only to compliance, but to protecting your company's reputation and revenues."

Spotlight

"No responsible enterprise would operate without firewalls, intrusion detection systems, and other technology-based controls to safeguard its information. But how are you addressing the ultimate security endpoint-the human? What protection, if any, do your people get?

Unfortunately, there is no firewall technology that can block a social engineering phone call or a phishing e-mail from a ""trusted"" source. That's why an effective security awareness program is essential not only to compliance, but to protecting your company's reputation and revenues."

Related News

SOFTWARE SECURITY

IPKeys Power Partners Announces New Grid Cyber Security Breakthrough

IPKeys | September 09, 2021

IPKeys Power Partners, the leading cybersecurity, cyber compliance, and smart grid technology company, announced today the release of its groundbreaking SigmaFlow Beacon platform to provide utilities, generators, and grid operators a simple, unified solution for cybersecurity monitoring and compliance requirements. The SigmaFlow Beacon platform is built specifically to help organizations align with North American Electric Reliability Corp. (NERC) compliance mandates. It provides NERC registered entities with a single solution to advance, simplify and improve existing cybersecurity and monitoring requirements. "We are pleased to provide utilities, generators and grid operators a system that ensures unification of cybersecurity monitoring and NERC-CIP compliance requirements," said Robert Nawy, CEO IPKeys. "It is long past time for the worlds of compliance and cyber defense to converge to provide cyber assurance for our power grid. The SigmaFlow Beacon unites needed capabilities of real-time cybersecurity monitoring with governance and regulation." The SigmaFlow Beacon provides one, purpose-built solution for NERC baseline management, collecting the critical cyber data in real time and seamlessly incorporating the approval process within the SigmaFlow workflow and evidence platform. SigmaFlow Beacon technology is built for rapid deployment, making it faster and easier to implement than current monitoring solutions. It will save utilities valuable time, and provide seamless Critical Infrastructure Protection, improved cybersecurity, and audit ready results. Today, NERC registered entities must use multiple vendors and systems to monitor baseline security and compliance data. These solutions are not connected to workflow, making the correlation between change management and baseline authorization next to impossible because multiple changes could be made since the facilities' last scan. "SigmaFlow Beacon is a major step towards our vision of bringing compliance and security teams together, at the same time simplifying the act of maintaining compliance while enhancing real world cybersecurity," said Louis Riendeau, IPKeys Vice President, Operations & Product Management. "Many of our clients and Governance & Regulation communities tend to get a sense of false cybersecurity validation by passing NERC compliance audits, SigmaFlow Beacon and the entire IPKeys Cyber Lab-as-a-Service platform introduces automated NERC compliance and advancement in real cybersecurity protection," said Trey Kirkpatrick, VP, NERC Implementation Services and Consulting. Benefits of a Unified Approach between Cybersecurity and Compliance Improved cybersecurity: The fewer moving parts, the fewer opportunities for errors—and the fewer cracks for hackers to get in through. With cybersecurity and compliance in sync, there is a shared knowledge between organizations. Time Savings: When a crisis strikes, immediate action is vital. With unified security and compliance, there is less risk of misunderstanding or miscommunication between organizations, less need for work to be redone, and fewer questions about completion. Seamless CIP management: Unified end-to-end management of security and compliance ensures consistent CIP management, while providing more efficient and accessible records, greater access to critical information, and reducing data errors, missed assignments or due dates. Always audit-ready: All data is stored in one secure location, and is consistent, connected, complete and primed for scrutiny. Large cybersecurity incidents like the SolarWinds breach or the Colonial Pipeline hack garner most of the attention, but hundreds of smaller attacks have impacted businesses, municipalities, and utilities across the country - and the threat is accelerating. According to Statescoop, between 2013 and 2018, 180 documented cyberattacks occurred, while 236 incidents have been reported since 2019. About IPKeys Power Partners IPKeys Power Partners' industry-leading, secure OT and IoT intelligence platform addresses the complex cybersecurity, data, and communications challenges faced by operators of mission-critical networks for customers in the energy, government, and industrial markets. The company's suite of solutions encompass cybersecurity and cyber compliance for dynamic OT/IT environments, data analytics, secure energy management, and public safety network monitoring. The company is headquartered in New Jersey and has offices in California, Louisiana, Maryland, Texas, and Virginia.

Read More

Cyberattacks on Critical Infrastructures Witness Sharp Rise During the Pandemic

CISA | June 05, 2020

The coronavirus pandemic has spawned a huge increase in cyberthreats and attacks. While much of this is aimed at consumers, a lot has also targeted companies whose employees must now access critical infrastructure. CISA published a set of cybersecurity best practices for ICS, which the agency acknowledges are important for supporting critical infrastructure and maintaining national security. IT security professionals are much more worried about cyberattacks on critical infrastructure than they are about data breaches in the enterprise. The coronavirus pandemic has spawned a huge increase in cyberthreats and attacks. While much of this is aimed at consumers, a lot has also targeted companies whose employees must now access critical infrastructure, such as industrial control systems (ICS) and operational technology (OT) networks, from home.But that critical infrastructure, which keeps modern society going even during a pandemic, is seriously under-protected against cyberattacks, say recent reports from cybersecurity companies.“Critical infrastructure” means more than the obvious utility companies, water systems, and transportation networks. In defining essential workers during Covid-19-related lockdowns, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) lists 16 categories of critical infrastructure. Last month, CISA published a set of cybersecurity best practices for ICS, which the agency acknowledges are important for supporting critical infrastructure and maintaining national security. These attacks have been building for some time. A Siemens/Ponemon Institute study last October found that 56% of gas, wind, water and solar utilities around the world had experienced at least one cyberattack within the previous year that caused a shutdown or loss of operation data. Only 42% of respondents — those responsible for OT cybersecurity — said their cyber readiness was high, and only 31% said their readiness to respond to or to contain a breach was high. Smaller organizations were much less confident about their ability to take action. Read more: CISCO'S 6 UNPATCHED INTERNAL SERVERS COMPROMISED Our survey found the more integrated IT, OT, IoT and physical systems are, the greater the degree of security, but because they are so integrated, these systems are more vulnerable to attack. ~ said Carcano Since last year, a growing number of known threat groups have been specifically targeting electric utilities in North America, according to a January report from ICS/OT cybersecurity firm Dragos. In February, IT/OT cybersecurity firm Claroty discovered a new vulnerability related to the notorious Industroyer malware, used in the 2016 attack on the Ukraine power grid. Especially disturbing, the new vulnerability allows a DOS (denial of service) attack against protection relays used in electrical substations. A report Claroty published in March found that a clear majority of IT security professionals are much more worried about cyberattacks on critical infrastructure than they are about data breaches in the enterprise. That’s consistent among respondents in the U.S., the UK, Germany, France and Australia. CISA published a set of cybersecurity best practices for ICS, which the agency acknowledges are important for supporting critical infrastructure and maintaining national security. What’s less consistent is the gloomier outlook U.S. respondents have compared to their international counterparts about how much protection is still needed: more than half say U.S. critical infrastructure is vulnerable to attacks, versus 40% of international respondents. But all respondents agreed that electric power is by far the most vulnerable sector. Although some responses vary between domestic and international cybersecurity pros, “They’re more alike than they are different,” Claroty’s co-founder and chief business development officer Galina Antova, told EE Times. “There are some differences based on the vertical sectors, but even within them, a lot depends on the maturity of the security team. At the end of the day, what counts is the maturity of the security systems that team is implementing. On average, U.S. companies are ahead in the security curve when it comes to awareness and starting the implementation steps.” In the last three years, more companies have become actively engaged in implementing OT cybersecurity, said Antova. Organizational changes that give responsibility for OT security to the chief information security officer will mean that necessary alignments between IT and OT teams happen faster, and these are happening faster in the U.S. than in Europe. However, local legal structures also play a part. For example, in some verticals in Europe, the head of production for certain types of facilities has legal responsibility for the cybersecurity of those facilities, so there are some stricter regulations in Europe compared to the US. The joint survey by OT and IoT cybersecurity company Nozomi Networks and Newsweek Vantage interviewed C-level executives at critical infrastructure companies in North America, Europe, and the Asia/Pacific region. It found that 85% of respondents had experienced security incursions into OT networks. Of those, 36% began as incursions in IT or data systems and 32% were physical incursions into OT systems. Read more: GOOGLE TOP CHOICE FOR CYBERCRIMINALS FOR BRAND-IMPERSONATION SPEAR-PHISHING CAMPAIGNS

Read More

SOFTWARE SECURITY

RangeForce Collaborates with The Black Cybersecurity Association to Enhance Career Advancement Opportunities

RangeForce | April 06, 2021

RangeForce, the company that is revolutionizing cybersecurity training, confirmed recently a collaboration with the Black Cybersecurity Association (BCA) to provide BCA members with hands-on cyber skills training. The partnership will assist BCA members in acquiring new capabilities to advance their careers and find new employment opportunities. “This collaboration with RangeForce will help us to achieve our member training goals by offering hands-on and role-based learning modules that are available anywhere, at any time,” said Darold Kelly Jr., BCA founder. “We are excited to be able to provide our members with access to this world-class training platform.” BCA programs strive to significantly influence communities by engaging and inspiring members to become industry leaders. The BCA will have access to RangeForce modules that will help individuals and teams with their cybersecurity training. The RangeForce on-demand and cloud-based solution help learners to work with leading security tools, training them to detect and respond to the most recent cyber threats. “Darold and the entire BCA organization are assisting the industry in addressing a lack of qualified cyber experts while supporting members in advancing their careers,” said RangeForce's Jackson Thibodeau, Sr. Director of Channels. “The organization's inclusive and community-first approach to career mentoring is setting a new standard in our industry. We are pleased to be partnering with BCA and its 2,000 members.” About BCA BCA is a non-profit organization that focuses on community and career mentoring for underrepresented minorities in the cybersecurity sector. Darold Kelly Jr. founded the BCA on July 9, 2020, to inspire, engage, and empowering their members to reach their full potential and becoming global leaders who positively impact their communities. The BCA has community-impacting programs such as KIDS CAN CODE, SECURITY+ STUDY GROUPS, OSCP BOOTCAMP, and several more. About RangeForce RangeForce develops user-friendly cybersecurity training experiences for organizations and the staff. It helps customers operationalize a SaaS-based cybersecurity training program in hours, saving up to 65% over conventional training and up to $1M annually on hosted cyber ranges, due to the industry's first integrated training platform and virtual cyber range. RangeForce's advanced learning platform is revolutionizing cybersecurity training by further training and cross-training DevOps, IT, and security professionals.

Read More