Grants help cyber security education at Jacksonville State University

Jacksonville State University’s Center for Information Security and Assurance received two federal grants to help strengthen cyber security in Northeast Alabama and beyond, according to the University.

“We have so much to protect… not only our privacy, not only our identity, not only our money in the banks, but it’s the whole critical infrastructure,” said Dr. Guillermo Francia, a J.S.U. professor of computer science.

Dr. Francia knows the importance of protecting the nation’s critical infrastructures like power plants, water systems and public transportation systems. For the full article click here 

from critical infrastructure alliance http://ift.tt/1PxFQUF
via IFTTT

CPS Energy issues warning for drone owners

SAN ANTONIO – CPS Energy issued a warning for people who might have purchased or received drones over the holidays.

The utility said over the past few months it had four confirmed spottings of drones flying over critical infrastructure, like power plants.

“You don’t know whether or not the operator behind the drone is someone who’s up to criminal activity or someone who’s just playing with their Christmas gift,” Christine Patmon, CPS Energy spokesperson, said.

Patmon said the utility feared someone might obtain information that could shut down the energy system. For the full article click here 

from critical infrastructure alliance http://ift.tt/1J8S49K
via IFTTT

Ukraine cyberattacks, blackouts heighten fears of US grid vulnerabilities

• A series of cyberattacks caused widespread blackouts in Ukraine last month, and the specter of a similar intrusion taking place in the United States has stoked fears that the country is not prepared, despite laws aimed specifically at shoring up cybersecurity.
• New Hampshire-based Foundation for Resilient Societies (FRS), a nonprofit which advocates to protect critical infrastructure, believes “America is increasingly vulnerable to foreign cyberattack” because of the implementation of a 2005 law aimed at grid hardening.
• Cybersecurity is a rising concern in the U.S., and is complicated by the increasing connected nature of generation, load, monitoring devices and non-utility programs. Last year, several industry groups warned FERC they did not believe the agency had authority to oversee security concerns related to third-party providers on the grid. For the full article click here 

from critical infrastructure alliance http://ift.tt/1Kha0d5
via IFTTT

Dayton releases $220M wish list for water quality upgrades

Minnesota’s aging water treatment plants and sewer systems will start getting some much needed improvements if DFL Gov. Mark Dayton has his way.

Dayton on Thursday proposed a $220 million plan for water and sewer systems. It’s the next step in a water quality agenda that the governor began last year when he pushed for a buffer strip requirement to prevent farm field runoff.

Dayton says Minnesota’s clean, safe and abundant water supply can no longer be taken for granted and that many rural communities are struggling with the added cost of lowering levels of nitrates, phosphorus and other chemicals in drinking water.

He wants a significant government investment to help those communities but also wants to get citizens involved in protecting water from further contamination.

“Everybody needs to understand it’s their responsibility for whatever it is that they’re putting into the public sphere being a quality and standard that they would want their own children to be exposed to. That’s going to take some time, but we’re going to work on in it,” Dayton told reporters. “I’m going to make it a priority, as I did last session, for the remaining three years of my term, and I think we can make some important progress.” For the full article click here 

from critical infrastructure alliance http://ift.tt/1Kha0d3
via IFTTT

ICS-CERT: U.S. critical infrastructure susceptible to cyberattacks

A senior U.S. official said the direct connection of the industrial control systems (ICS) handling the country’s critical infrastructure networks to the internet has led to an uptick in penetrations during the past year.

Marty Edwards, director of the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), told security pros, speaking before security pros at the S4 ICS Security Conference in Miami said the industrial control systems “are just hanging right off the tubes,” according to Reuters.

Edwards did not disclose whether or not the successful attacks that took place in the U.S. resulted in any damage or outages. For the full article click here 

from critical infrastructure alliance http://ift.tt/1JOcV1V
via IFTTT

Jackson Introduces Legislation to Protect Californian’s From Unsafe Drone Use

State Senator Hannah-Beth Jackson (D-Santa Barbara) has just introduced a bill to set comprehensive limits around the use of drones near critical infrastructure such as bridges and power plants as well as in state parks and wildlife refuges, on private property and around the State Capitol.

Senate Bill 868 is partly modeled on legislation recently enacted by the City of Chicago and would establish a comprehensive framework for drone use that prioritizes public safety, privacy and the long-held values of Californians.

“From helping farmers to responding to disasters, there are many innovative and extremely valuable uses for drones, and those uses should be encouraged and allowed to continue,” said Jackson. “But irresponsible or even dangerous operators and their drones should not be able to threaten our safety, our private property, the critical infrastructure we need to keep our state running or our beloved public parks and wildlife refuges. For the full article click here  

from critical infrastructure alliance http://ift.tt/1Kha2So
via IFTTT

THE 3 TIME-BOMB ISSUES CANDIDATES IGNORE

The 2016 presidential campaign has morphed into an enthralling reality show with colorful and entertaining candidates that defy the imagination of a Hollywood scriptwriter.

Acknowledging the campaign’s inherent entertainment value, Showtime, the premium cable channel, has ordered a new “real-time” weekly documentary series aptly named, “The Circus: Inside the Greatest Political Show on Earth” – scheduled to premiere Jan. 17 at 8 p.m.

Sadly, the presidential campaign’s great capacity for amusement obscures deep national discourse needed on many important problems. Chief among them are what I call three “time bomb” issues: infrastructure cyber-attacks, the U.S. government’s unfunded liabilities and apocalyptic Islam. All three are currently careening out of the government’s control with the potential to negatively impact, dramatically alter, or create tremendous chaos throughout our civil society.

Moreover, out on the campaign trail, during debates and in the media, no presidential candidates of either party is raising these issues to the degree warranted by their severity – if at all. For the full article click here 

from critical infrastructure alliance http://ift.tt/1OuQFqG
via IFTTT

RAYTHEON|WEBSENSE IS NOW FORCEPOINT

Forcepoint brings fresh approach to safeguarding users, data and networks from insider and outsider threats 

Austin, Texas – January 14, 2016 – Global cybersecurity leader Raytheon|Websense today unveiled its new company name, Forcepoint™, and multiple new products. Built on the successful integration of Websense®, Raytheon Cyber Products and the recently-acquired Stonesoft next-generation firewall (NGFW) business, Forcepoint brings a fresh approach to address the constantly evolving cybersecurity challenges and regulatory requirements facing businesses and government agencies.

Forcepoint was created to empower organizations to drive their business forward by safely embracing transformative technologies – cloud, mobility, Internet of Things (IoT), and others – through a unified, cloud-centric platform that safeguards users, networks and data while eliminating the inefficiencies involved in managing a collection of point security products. The Forcepoint platform will protect against threats from insiders and outsiders, rapidly detect breaches, minimize “dwell time” – the period between compromise and remediation – and stop theft.

“With Forcepoint, organizations can protect users, networks and data in the cloud, on the road, and in the office. We simplify compliance, enable better decision-making and streamline security so that our customers can concentrate on what’s important to them,” said Forcepoint CEO, John McCormack. “We will provide a unified cloud-centric platform to defend against attacks, detect suspicious activity sooner, and give the context needed to decide what actions to take to defeat the attack and stop data theft. Defend, detect, decide, defeat – this is our vision for Forcepoint 4D Security. We have the expertise, financial commitment and ongoing access to unique, defense-grade security technology necessary to deliver on this vision.”

“A platform solution that both simplifies and strengthens security as part of a holistic strategy that includes people, process and technology is a far more compelling value proposition than a simple point solution,” said Dan Wilson, Executive Vice President of Partner Solutions for Optiv, a market-leading provider of end-to-end cyber security solutions.

“Forcepoint’s platform focuses on insider threat protection, cloud data protection and network security. We’re seeing clients ask for these capabilities and are excited to see how Forcepoint delivers.”

 

See the full Press Releases Here : http://ift.tt/1USunmo

from critical infrastructure alliance http://ift.tt/1n3sXeu
via IFTTT

Power plants, utilities ‘just hanging right off the internet’s tubes’

Utilities opening their infrastructure to the internet are creating an irresistible honeypot for criminals, says the US government’s Industrial Control Systems Cyber Emergency Response Team. .

In spite of often being billion-dollar operations with long-standing experience in their industrial control networks, critical infrastructure owners seem to think they can take advantage of the public ‘net for connectivity without a care for security.

While ICS-CERT‘s Marty Edwards, speaking to the S4 conference in Miami this week, didn’t call such operators idiots, he may as well have done. According to Reuters, he came close, saying: “I am very dismayed at the accessibility of some of these networks … they are just hanging right off the tubes.”

Edwards also said the number of attacks on such networks is increasing. With such poor security – and with the number of vulnerabilities listed at ICS-CERT running along at around 100 per year in 2014 and 2015, by The Register‘s quick perusal of it advisories – a successful compromise is inevitable. For the full article click here 

from critical infrastructure alliance http://ift.tt/1Zm3FUy
via IFTTT

D.C.’s infrastructure gets a C-minus — and transportation ranks lowest

Despite recent investments in the District’s infrastructure, it continues to crumble — and in the worst state is the city’s transportation system.

A report card to be released Thursday by the American Society of Civil Engineers gives the city a C-minus, just above failing.

“We keep on falling behind gradually,” said Ranjit Sahai, a professional engineer with the consulting firm RAM in Northern Virginia, who chaired the report.

The District’s grade was pulled down by some of its biggest — and well-known — problems: an embattled transit system, congested roads and two levee systems in need of improvements to reduce the city’s flood risk. For the full article click here 

from critical infrastructure alliance http://ift.tt/1Zm3FEb
via IFTTT

Toowoomba Enterprise Hub gets millions for ‘vital’ road

THE boss of a major freight terminal says funding for a road upgrade will put Toowoomba on the map nationally as a significant transport and logistics hub.

The Queensland Government today announced $2.89 million in funding will go towards a planned upgrade to key infrastructure in the Toowoomba Enterprise Hub at Charlton.

The road upgrade, which includes an asphalt-surfaced, two-lane road, with provision to accommodate trunk public utility plant and other utility service infrastructure, will cost $6,779,700.

Freight Terminals chair John Dornbusch said his group was delighted to be partnering with the Queensland Government and Toowoomba Regional Council.

Council is matching the government’s funding and Freight Terminal is putting in $1 million for the Steger Road Infrastructure Enabling Project.

Mayor Paul Antonio said the upgrade was a turning point in the future of the transport and logistics hub. For the full article click here 

from critical infrastructure alliance http://ift.tt/1J4yPOq
via IFTTT

ISACA 2016 Cybersecurity Snapshot

ISACA’s January 2016 Cybersecurity Snapshot looks at cybersecurity issues facing organizations this month and beyond—from reactions to new cybersecurity legislation, to insights on information sharing and top cyber threats.

Among the key findings from nearly 3,000 IT and cybersecurity professionals worldwide:

• The top three cyberthreat concerns for 2016 are social engineering, insider threats and advanced persistent threats (APTs).
• 84 percent of respondents believe there is a medium to high likelihood of a cybersecurity attack disrupting critical infrastructure (e.g., electrical grid, water supply systems) this year.
• 72 percent of respondents say they are in favor of the US Cybersecurity Act, but only 46% say their organizations would voluntarily participate in cyber threat information sharing, as outlined in the Act.

See the full results and related insights from cybersecurity experts here:   http://ift.tt/1mR4QPx

Follow the conversation on Twitter: #CyberSnapshot

from critical infrastructure alliance http://ift.tt/1REvx7I
via IFTTT

ICIT Brief: Hacking Healthcare in 2016: Lessons the Healthcare Industry can Learn from the OPM Breach

Among all of America’s critical infrastructures, the healthcare sector is the most targeted and plagued by perpetual persistent attacks from numerous unknown malicious hackers. The goal of these threat actors is to exploit vulnerabilities in insecure and antiquated networks in order to exfiltrate patient data for financial or geopolitical gain. In order to protect patient privacy, healthcare organizations and their supply chains must better understand the growing attack surface and the technologies and solutions which can improve their ability to respond to unauthorized network access.

In this brief, entitled “Hacking Healthcare in 2016: Lessons the Healthcare Industry can Learn from the OPM Breach”, the Institute for Critical Infrastructure Technology provides a comprehensive assessment of the threats and healthcare trends which have the greatest impact on health sector security, as well as solutions and strategies to improve resiliency. The report draws from the OPM breach, which is a prime example of the enormous consequences an organization can face by not maintaining and protecting integrated systems.  Specifically, this brief details:

•  The Healthcare System’s Adversaries (script kiddies, hacktivists, cyber criminals, cyberterrorists and Nation State Actors)
• A Multi-Pronged Approach to Meaningful Cybersecurity (people, policies & procedures and technical controls)
• Healthcare in a Digital Age (IoT, sensors, telehealth, remote monitoring, behavior modification devices, embedded devices, mobile applications and data sharing in the Cloud)
• Legislation & Collaboration (21st Century Cures Act, telehealth solutions for veterans, telehealth access expansion, prescription drug monitoring, EHR interoperability, mHealth IRB)

The following ICIT Fellows & thought leaders contributed to this brief:

• James Scott (ICIT Senior Fellow – Institute for Critical Infrastructure Technology)
• Drew Spaniel (ICIT Visiting Scholar, Carnegie Mellon University)
• Dan Waddell (ICIT Fellow – Director, Government Affairs, (ISC)2)
• Jon Miller (ICIT Fellow – V.P Strategy, Cylance)
• Rob Bathurst (ICIT Fellow – CISSP, Professional Services Director, Cylance)
• Malcolm Harkins (ICIT Fellow – Global Chief Information Security Officer, Cylance)
• Greg Cranley (ICIT Fellow Sr. Director of Federal, Centrify)
• Seth Nylund (ICIT Fellow – V.P. Federal, Exabeam)
• Michael Seguinot (ICIT Fellow – Regional Sales Director, Exabeam)
• Steve Curren (Acting Director, Division of Resilience, HHS)
• Rob Roy (ICIT Fellow – Public Sector CTO, Hewlett Packard Enterprise)
• Stan Wisseman (ICIT Fellow – Security Strategist, Hewlett Packard Enterprise)
• Montana Williams (ICIT Fellow – Cybersecurity Evangelist, ISACA)
• Jerry Davis (ICIT Fellow & CIO, NASA Ames Research Center)
• Kevin Stine (Manager, Information Technology Laboratory (Security Outreach and Integration, NIST)
•  Elisabeth George (ICIT Fellow – V.P. Global Regulations & Standards, Philips)
• John Menkhart (ICIT Fellow – V.P Federal, Securonix)
• Stacey Winn (ICIT Fellow – Sr. Product Manager, Raytheon / Websense)
• Ashok Sankar (ICIT Fellow – Security Evangelist, Raytheon / Websense)

Download the brief HERE

from critical infrastructure alliance http://ift.tt/1KdEv3N
via IFTTT

Gwinnett projects getting some of state’s Transportation Funding Act money

Gov. Nathan Deal announced on Tuesday that Georgia will spend $2.2 billion on transportation improvements over the next 18 months, including about $30.1 million in Gwinnett County, as officials begin rolling out the state’s new infrastructure plan.

The projects included in the plan will be the among the first paid for through the state’s new transportation funding formula that was signed into law last year. The projects range from intersection improvements, to roadway, resurfacing and maintenance, and bike and pedestrian projects.

The state has also launched a new website, www.GAroads.org, that will give residents the ability to track the progress and spending on individual projects across the state.

“Over the next 18 months, nearly 60 percent of the projects contracted will be for maintenance of our roads and bridges,” Deal said in a statement. “We are also upholding our promise of transparency through the GA Roads website, which provides clarity through features unprecedented in state history. For the full article click here 

from critical infrastructure alliance http://ift.tt/1SOIoTN
via IFTTT

Cyber resilience for financial market infrastructures

Let me start by expressing my appreciation to the European System of Central Banks’ Payment and Settlement Systems Committee for taking the initiative to organise this workshop on cyber resilience and to the representatives of other authorities and the financial market infrastructures (FMI) community for coming here today to discuss with us this very important topic in the international agenda.

Financial stability usually conjures up questions about capital and liquidity and the network of financial exposures and interdependencies that make up the financial sector. But the sector is an operational network too. On a daily basis it delivers financial intermediation between market participants and end users, whether the transmission of salaries and other payments from one bank account to another or the settlement of market transactions through a web of settlement banks, clearing houses, settlement systems and custodians. As overseers of FMIs, we need to ensure that each of the nodes in this network is operationally resilient and in a position to provide the services that are important to the system as a whole.

We also need to ensure that where disruptions do occur, firms can continue to operate or recover quickly, minimising any adverse impact on the functioning of the system as a whole. For the full article click here 

from critical infrastructure alliance http://ift.tt/1P119nj
via IFTTT

US Confirms BlackEnergy Malware Used In Ukrainian Power Plant Hack

The power outage last month in Ukraine that put 80,000 people in the dark was the first electricity failure caused by a computer hack, the U.S. Department of Homeland Security has confirmed. Researchers previously suggested that a strain of malicious software known as BlackEnergy, a favorite of Russian hacking groups, was responsible.

The December 23 outage at the Prykarpattyaoblenergo power plant in western Ukraine was a nightmare scenario come true for cybersecurity researchers who have warned it was a question of when, not if, hackers managed to infiltrate a critical infrastructure facility.

DHS issued an advisory Tuesday confirming initial evidence that BlackEnergy malware first infected the plant’s systems after a successful spearphishing email attack, when hackers sent what appears to be a normal message to a high value target. Homeland Security and the FBI are among the international investigators still examining the cyberattack. For the full article click here 

from critical infrastructure alliance http://ift.tt/1RDyBRu
via IFTTT

Cyber security: “Without fair protection at European level, we will be in trouble”

Data breaches can cause substantial damage to consumers, businesses and even governments, as the cyber attacks against Sony in 2014 and against Estonia in 2007 showed. To boost defences against such attacks against its essential services, such as electricity supply and air traffic control, the EU has agreed on a common set of basic cyber security rules. We talked to Andreas Schwab, a German member of the EPP group, who is responsible for steering them through Parliament.

 

Why do we need EU rules on cybersecurity?

 

We need a European approach because we have so many infrastructures that are really interdependent. If we don’t get a fair protection at the European level for these cross-border infrastructures, we will be in trouble.

It’s not about all parts of the infrastructure, but only about the digital parts of it and only in a certain number of sectors, such as energy and transport, which are key sectors for the European economy.

What do the new rules foresee?

First of all, member states have to make sure they target the right infrastructure with this legislation. The directive also foresees a certain number of obligations for operators in the areas concerned: they have to set up systems that will create resilience.  For the full article click here 

from critical infrastructure alliance http://ift.tt/1Oi8ECJ
via IFTTT

Electronic Doomsday for the US?

Contrary to some “expert” analysis, both the recent North Korean nuclear and the Iranian ballistic missile tests are deadly serious threats to the United States.

The danger to the United States is particularly consequential due to the close military cooperation of North Korea and Iran. Their combined capabilities, as demonstrated recently, could very well signal a future nuclear attack of the electromagnetic pulse type, for which the U.S., at the moment, is totally unprepared.

The threat to the United States from an electromagnetic pulse (EMP) attack — the high-altitude detonation of a nuclear weapon over the United States — is so potentially catastrophic that both the 2004 and 2008 reports of the Congressional EMP Commission said so openly — probably in the hope that the public warning would spur the nation and the Department of Defense to action For the full article click here 

from critical infrastructure alliance http://ift.tt/1Oi8BXM
via IFTTT

South Portland makes move to block proposed gas depot

SOUTH PORTLAND, Maine (AP) — South Portland officials are in the process of developing a fire code amendment that would block a controversial proposal for a liquefied petroleum gas depot at Rigby Yard.

The Portland Press Herald reports (http://bit.ly/1RIuRfE ) city council on Monday ordered City Manager Jim Gailey to have municipal staff review a citizen-drafted fire code amendment proposed by Councilor Brad Fox.

The amendment requires propane storage and distribution facilities to be located at least 1,257 feet from anything considered “critical infrastructure.”

Among the things considered critical infrastructure are government buildings. The Cash Corner Fire Station is situated near Rigby Yard, the site for NGL Terminal Supply Co.’s proposed propane depot. For the full article click here 

from critical infrastructure alliance http://ift.tt/1N5vGZJ
via IFTTT

Digi International Launches Industrial-Grade LTE Router for Critical Infrastructures Markets

Digi International®, (NASDAQ: DGII, www.digi.com), a leading global provider of mission-critical machine-to-machine (M2M) and IoT connectivity products and services, today introduced the Digi TransPort® WR31, a rugged, versatile enterprise LTE router built for critical applications operating in harsh environments. The WR31 features advanced security and monitoring and the intelligence to operate on nearly any 3G or 4G LTE network in the world.

Designed for critical infrastructure environments, the WR31 addresses industries that manage a large number of remote assets installed in challenging environments where onsite visits are infrequent or impractical. In addition, by supporting global HSPA+ and 4G LTE networks, the WR31 provides customers the flexibility to future-proof their router installation as wireless network requirements evolve.

Industrial Grade Intelligence to Meet Industry Requirements

At the heart of the WR31 is Digi’s license-free enterprise routing and security software that supports features required for high reliability and high-security applications in utility and industrial markets. The WR31 is ideally suited for SCADA, telemetry and other network operations teams. It is targeted for installation at electric and water utilities, state and municipal traffic agencies, oil/gas production and distribution facilities, and manufacturing automation companies. For the full article click here 

from critical infrastructure alliance http://ift.tt/1mUYijq
via IFTTT