Houston  Sipes

Houston Sipes

1596841200

Podcast: Learning to ‘Speak the Language’ of OT Security Teams

Andrew Ginter, VP Industrial Security at Waterfall Security Solutions, talks about the differing priorities between IT and OT security teams as industrial control systems become connected.

Andrew Ginter, VP Industrial Security at Waterfall Security Solutions.

Information technology (IT) and operational technology (OT) may have many of the same objectives – but too often they don’t see eye-to-eye when it comes to top priorities, said Andrew Ginter, VP Industrial Security at Waterfall Security Solutions.

In the IT world, is it all about protecting the information – and IT teams have assumed that the same is true in the OT security world, Ginter said. However, IT teams are recently beginning to realize that OT teams actually have a different top priority: Safety.

“What’s recently emerged is the realization that some of these concepts don’t translate directly into the OT world,” said Ginter in a recent podcast interview. “In the OT world the number one priority is not confidentiality, it’s not protecting information, the number one priority… is safety.”

Ginter talks to Threatpost podcast host Cody Hackett about the different security priorities of IT and OT, how OT environments can better secure their networks and the top OT security challenges he’s seeing in the trenches at power plants and industrial environments.

Listen to the full podcast, below, or download direct here.

_Also, check out our _podcast microsite, where we go beyond the headlines on the latest news.

#critical infrastructure #podcasts #critical infrastructure #ics #industrial control systems #it #operational technology #ot #podcast #security

What is GEEK

Buddha Community

Podcast: Learning to ‘Speak the Language’ of OT Security Teams
Houston  Sipes

Houston Sipes

1596841200

Podcast: Learning to ‘Speak the Language’ of OT Security Teams

Andrew Ginter, VP Industrial Security at Waterfall Security Solutions, talks about the differing priorities between IT and OT security teams as industrial control systems become connected.

Andrew Ginter, VP Industrial Security at Waterfall Security Solutions.

Information technology (IT) and operational technology (OT) may have many of the same objectives – but too often they don’t see eye-to-eye when it comes to top priorities, said Andrew Ginter, VP Industrial Security at Waterfall Security Solutions.

In the IT world, is it all about protecting the information – and IT teams have assumed that the same is true in the OT security world, Ginter said. However, IT teams are recently beginning to realize that OT teams actually have a different top priority: Safety.

“What’s recently emerged is the realization that some of these concepts don’t translate directly into the OT world,” said Ginter in a recent podcast interview. “In the OT world the number one priority is not confidentiality, it’s not protecting information, the number one priority… is safety.”

Ginter talks to Threatpost podcast host Cody Hackett about the different security priorities of IT and OT, how OT environments can better secure their networks and the top OT security challenges he’s seeing in the trenches at power plants and industrial environments.

Listen to the full podcast, below, or download direct here.

_Also, check out our _podcast microsite, where we go beyond the headlines on the latest news.

#critical infrastructure #podcasts #critical infrastructure #ics #industrial control systems #it #operational technology #ot #podcast #security

Wilford  Pagac

Wilford Pagac

1596789120

Best Custom Web & Mobile App Development Company

Everything around us has become smart, like smart infrastructures, smart cities, autonomous vehicles, to name a few. The innovation of smart devices makes it possible to achieve these heights in science and technology. But, data is vulnerable, there is a risk of attack by cybercriminals. To get started, let’s know about IoT devices.

What are IoT devices?

The Internet Of Things(IoT) is a system that interrelates computer devices like sensors, software, and actuators, digital machines, etc. They are linked together with particular objects that work through the internet and transfer data over devices without humans interference.

Famous examples are Amazon Alexa, Apple SIRI, Interconnected baby monitors, video doorbells, and smart thermostats.

How could your IoT devices be vulnerable?

When technologies grow and evolve, risks are also on the high stakes. Ransomware attacks are on the continuous increase; securing data has become the top priority.

When you think your smart home won’t fudge a thing against cybercriminals, you should also know that they are vulnerable. When cybercriminals access our smart voice speakers like Amazon Alexa or Apple Siri, it becomes easy for them to steal your data.

Cybersecurity report 2020 says popular hacking forums expose 770 million email addresses and 21 million unique passwords, 620 million accounts have been compromised from 16 hacked websites.

The attacks are likely to increase every year. To help you secure your data of IoT devices, here are some best tips you can implement.

Tips to secure your IoT devices

1. Change Default Router Name

Your router has the default name of make and model. When we stick with the manufacturer name, attackers can quickly identify our make and model. So give the router name different from your addresses, without giving away personal information.

2. Know your connected network and connected devices

If your devices are connected to the internet, these connections are vulnerable to cyber attacks when your devices don’t have the proper security. Almost every web interface is equipped with multiple devices, so it’s hard to track the device. But, it’s crucial to stay aware of them.

3. Change default usernames and passwords

When we use the default usernames and passwords, it is attackable. Because the cybercriminals possibly know the default passwords come with IoT devices. So use strong passwords to access our IoT devices.

4. Manage strong, Unique passwords for your IoT devices and accounts

Use strong or unique passwords that are easily assumed, such as ‘123456’ or ‘password1234’ to protect your accounts. Give strong and complex passwords formed by combinations of alphabets, numeric, and not easily bypassed symbols.

Also, change passwords for multiple accounts and change them regularly to avoid attacks. We can also set several attempts to wrong passwords to set locking the account to safeguard from the hackers.

5. Do not use Public WI-FI Networks

Are you try to keep an eye on your IoT devices through your mobile devices in different locations. I recommend you not to use the public WI-FI network to access them. Because they are easily accessible through for everyone, you are still in a hurry to access, use VPN that gives them protection against cyber-attacks, giving them privacy and security features, for example, using Express VPN.

6. Establish firewalls to discover the vulnerabilities

There are software and firewalls like intrusion detection system/intrusion prevention system in the market. This will be useful to screen and analyze the wire traffic of a network. You can identify the security weakness by the firewall scanners within the network structure. Use these firewalls to get rid of unwanted security issues and vulnerabilities.

7. Reconfigure your device settings

Every smart device comes with the insecure default settings, and sometimes we are not able to change these default settings configurations. These conditions need to be assessed and need to reconfigure the default settings.

8. Authenticate the IoT applications

Nowadays, every smart app offers authentication to secure the accounts. There are many types of authentication methods like single-factor authentication, two-step authentication, and multi-factor authentication. Use any one of these to send a one time password (OTP) to verify the user who logs in the smart device to keep our accounts from falling into the wrong hands.

9. Update the device software up to date

Every smart device manufacturer releases updates to fix bugs in their software. These security patches help us to improve our protection of the device. Also, update the software on the smartphone, which we are used to monitoring the IoT devices to avoid vulnerabilities.

10. Track the smartphones and keep them safe

When we connect the smart home to the smartphone and control them via smartphone, you need to keep them safe. If you miss the phone almost, every personal information is at risk to the cybercriminals. But sometimes it happens by accident, makes sure that you can clear all the data remotely.

However, securing smart devices is essential in the world of data. There are still cybercriminals bypassing the securities. So make sure to do the safety measures to avoid our accounts falling out into the wrong hands. I hope these steps will help you all to secure your IoT devices.

If you have any, feel free to share them in the comments! I’d love to know them.

Are you looking for more? Subscribe to weekly newsletters that can help your stay updated IoT application developments.

#iot #enterprise iot security #how iot can be used to enhance security #how to improve iot security #how to protect iot devices from hackers #how to secure iot devices #iot security #iot security devices #iot security offerings #iot security technologies iot security plus #iot vulnerable devices #risk based iot security program

Chet  Lubowitz

Chet Lubowitz

1595429220

How to Install Microsoft Teams on Ubuntu 20.04

Microsoft Teams is a communication platform used for Chat, Calling, Meetings, and Collaboration. Generally, it is used by companies and individuals working on projects. However, Microsoft Teams is available for macOS, Windows, and Linux operating systems available now.

In this tutorial, we will show you how to install Microsoft Teams on Ubuntu 20.04 machine. By default, Microsoft Teams package is not available in the Ubuntu default repository. However we will show you 2 methods to install Teams by downloading the Debian package from their official website, or by adding the Microsoft repository.

Install Microsoft Teams on Ubuntu 20.04

1./ Install Microsoft Teams using Debian installer file

01- First, navigate to teams app downloads page and grab the Debian binary installer. You can simply obtain the URL and pull the binary using wget;

$ VERSION=1.3.00.5153
$ wget https://packages.microsoft.com/repos/ms-teams/pool/main/t/teams/teams_${VERSION}_amd64.deb

#linux #ubuntu #install microsoft teams on ubuntu #install teams ubuntu #microsoft teams #teams #teams download ubuntu #teams install ubuntu #ubuntu install microsoft teams #uninstall teams ubuntu

Houston  Sipes

Houston Sipes

1600430400

10 Free Online Resources To Learn Swift Language

Swift is a fast and efficient general-purpose programming language that provides real-time feedback and can be seamlessly incorporated into existing Objective-C code. This is why developers are able to write safer, more reliable code while saving time. It aims to be the best language that can be used for various purposes ranging from systems programming to mobile as well as desktop apps and scaling up to cloud services.

Below here, we list down the 10 best online resources to learn Swift language.

(The list is in no particular order)

#developers corner #free online resources to learn swift language #learn swift #learn swift free #learn swift online free #resources to learn swift #swift language #swift programming

Wilford  Pagac

Wilford Pagac

1596792840

Safety is King: Why OT Security is Mission Critical

We have all heard that safety is king when it comes to OT environments, but there is more to that than meets the eye. Safety goes well beyond taking precautions to avoid the common hazards, such as slipping or tripping hazards, or ensuring workers don’t get injured on the job. Instead, it’s a holistic protection of the workers, communities at large, and the business.

As we move further into the digital world, including Cyber-Physical Systems (CPS), cybersecurity needs to be part of these safety conversations that are so prevalent in the OT culture.

Unlike IT environments, downtime or unexpected or unplanned changes in critical infrastructure operations can have very serious ramifications in the physical world. This can be caused by common malware that we sometimes see on the business network that bleeds over into the OT side where there can be resulting negative impacts due to a lack of segmentation between the two environments. There is also more targeted, advanced malware that needs to be dealt with as well.

It’s a consideration that many executives and boards of directors are beginning to discuss. According to the World Economic Forum’s Global Risk Report 2020, more than 76% of respondents now agree that attacks against critical infrastructure will increase in 2020, putting cybersecurity as a top issue in line with major concerns like the effects of climate change and global economies.

At risk of being cliché here, Stuxnet is a perfect example of that advanced malware where safety and cyber intersect. Stuxnet targeted the programmable logic controllers (PLCs) that controlled and manipulated centrifuges to the point that they were physically damaged and unusable thus causing substantial damage and delay to Iran’s nuclear program.

The Triton malware, also known as Trisis and HatMan, was first observed in 2017 to target industrial control systems, specifically the Schneider Electric Triconex safety instrumented system (SIS) controllers, with characteristics designed to disable plant safety and failsafe mechanisms. Although the impact of the attack was “just” a shutdown of a critical infrastructure facility in the Middle East, it is widely thought that the intended result was a catastrophic incident. Regardless of the intent, there is high probability that another iteration of this malware could easily have catastrophic physical consequences.

More recently, the widely publicized Norsk Hydro ransomware cyberattack in March of 2019 illustrated the use of the LockerGoga ransomware in the industrial space. It’s not the first ransomware to infect OT, but it does have some variations to it that make it a little different from the others.  It wasn’t the only attack of this kind in recent months, with the Cybersecurity and Infrastructure Security Agency (CISA), warning OT operators to protect themselves after a ransomware attack on a natural gas compression facility halted operations for two days due to a partial Loss of View.

While these are just a few examples, the reality is that most OT cyberattacks are not publicly reported and thus we do not have an entirely accurate view of the real breadth of attacks.

The differences between IT and OT are many, including the need for availability of the systems, the types of devices used, the environments they reside in, the protocols used, and the longer life expectancy of the systems. The consequences of something going wrong are also drastically different, including loss of life.

There are various frameworks and knowledgebases available to help organizations further protect their OT environments and help to ensure a safe operating environment. One example is the MITRE ATT&CK Framework, which was expanded in January with the release of ATT&CK for ICS to include threats to human life and the physical environment. That update included a new Impact category, recognizing that the goal of an OT attacker is generally to disrupt or destroy. The Inhibit Response Function has also been added to address deception tactics that attackers may use in order to hinder safeguards that are in place. While these are not the only differences, the knowledgebase allows for a better understanding of the behavior of an adversary, as well as recognizing the impact compromised defenses may have in an OT environment.

Many of us have been in the habit for years doing a job safety analysis (JSA) procedure to identify and address potential physical hazards. It might be even more common to begin meetings with a safety message to reinforce the importance of practicing safety. Safety in OT is paramount and is not going away, but as we continue shifting into the digital revolution, we must expand the boundaries of safety and consider the “new” ways that it can be impacted. As OT is the lifeblood of our nations and the global economy, it is paramount that we weave cybersecurity into the safety fabric that underpins all of this. Safety is king.

Michael Piccalo is the Director of OT/ICS Systems Engineering at Forescout Technologies. With over 25 years of experience in the cybersecurity industry, he worked on deploying some of the first firewalls protecting OT and critical infrastructure back in 2001 and served in the U.S. Air Force prior to that working in various fields including communications, intelligence, and security.

#critical-infrastructure-secure #ics #ot #security-culture #security #cyber-security #stuxnet #triton-malware