The Cyber Security Roundtable at Washington University in St. Louis, Missouri was conducted on October 15, 2015. The topic, presented by Robert Timpany, CEO of Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) – Idaho Department of Homeland Security, concerned protecting Industrial Control Systems.
The briefing here includes a security notice that states that information may not be further published or disseminated without written approval from the ICS-CERT. Instead, here is the website to get information directly from ICS-CERT: http://www.us-cert.gov/. This was an interesting presentation and if your company has industrial control systems, do check out this site.
It brings up the topic of information sharing, a topic of interest due to the conundrum of how to get the information to those who will use it for good intent while keeping it out of the hands of those who would use it for ill intent. This is a tough nut to crack. In years past, the tried and true method utilized throughout the security community was to share information through government channels, and later also through security vendors to their customers. Those channels still exist of course, but in the past few years the security community realized that communication channels needed to expand. There are some industries, retail is one of them, which were not directly connected to the information channels provided by the government. And, most of the vendors the customer relied upon could only, at best, protect their piece of the customer’s puzzle. As a result, businesses increasingly fell victim to the attacks of criminals.
The cyber intelligence community came to realize that as they “protected” their information through narrow communication channels, the criminal hackers and state actors of the world did just the opposite. Criminals share what they learn on the dark web with other criminals, enabling beginners (also known as script kiddies), to engage in illegal activities by executing code another criminal created. This means that in the cybercriminal community, not only did worms and viruses disseminate electronically, they initiated from numerous sources.
Comparing the two communication models, it’s easy to see that the criminal world’s information spread fast and exponentially. While in the Cyber Security community, information was slower, more methodical (government agencies want to make sure it is perfect before it goes out), and limited in scope. In addition, communication channels often relied on a proactive pull from the receiver, rather than being pushed out to everyone at once.
With the realization of the ineffectiveness of past communication channels to protect the nation’s economy, something had to be done. The problem has now gotten better through presentations such as the one mentioned at the beginning of this article, online streaming of educational videos, and through the use of blogs such as this and other popular security blogs, but there is still ground to cover.
Omega ATC puts our customers in a better place because we protect more than just one vendor product. We can protect your entire puzzle, or as much of your puzzle as you desire. In addition, Omega’s core competency is in protecting retail customers. Retail has unique challenges with numerous products that require protection, point of sale devices, back office systems, headquarters software, even card scanners on gas pumps. Don’t leave your company’s and your customer’s information to chance with limited, spotty, security coverage. Get coverage and support from Omega. Email Security@www.omegasecure.com or call 636-557-7777.