01 Aug 12. Northrop Grumman Corporation and the University of Maryland, Baltimore County (UMBC) Research Park Corporation recently marked the one-year anniversary of the Cync program, an incubator dedicated to cultivating companies that develop innovative solutions to counter the global cyber threat. Cync is part of the bwtech@UMBC Cyber Incubator program on the campus. After more than a year in operation, the Cync program has increased the number of participating technology startups to five companies: AccelerEyes, Five Directions, KoolSpan, Oculis Labs and Rogue Networks. Cync companies have earned Defense Advanced Research Projects Agency (DARPA) Fast Track awards and signed agreements with information technology providers. The list of additional startups interested in participating in the program continues to grow, with more than 100 this year from across the nation.
30 Jul 12. Northrop Grumman Corporation has expanded its membership in the IJIS Institute, a non-profit organization focused on improving critical information sharing for those who provide public safety and administer justice in our communities. Northrop Grumman provides cybersecurity solutions and critical network operations for the U.S. Department of Homeland Security; command and control systems for police, fire and emergency services, and mission-critical network and IT services to city, county and state government agencies. In addition, it provides seamless wireless communications to the Navy’s first responders to securely exchange information with local law enforcement agencies across the country and data exchange programs for the Department of Justice, FBI and other organizations.
27 Jul 12. ICS-CERT recently released an alert notifying critical infrastructure owners and operators of a security vulnerability with Tridium’s Niagara Framework. Tridium’s Niagara framework is designed to be an open platform, which can communicate with anyone. In the world of networked devices that we live in, this has become an essential capability. But in the world of security, this can present security vulnerabilities which could compromise your critical infrastructure. The truth is everyone’s risk tolerance is different. For some, an open platform is fine and offers many benefits, but for those that are more security conscious or require critical asset protection, such as federal government and military agencies, extra security is required to mitigate these risks. And cyber terrorist groups have recently expanded their efforts against private industry, increasing the need for higher security in this sector as well. The recent move toward Smart Grid and the Internet of Energy (IoE) makes public utilities more vulnerable to attack, making these facilities in more need of increased security. There’s an answer for those who want the capabilities of an open platform that is U.S. Federal Government Information Assured (IA) approved – 3eTI’s EnergyGuard offers such a cyber secure controller solution. EnergyGuard is a real-time energy monitoring and control system with built-in cyber security that incorporates the open platform, Tridium Java Application Control Engine (JACE). 3eTI’s EnergyGuard protects access to the JACE by authorizing every device, instantly removing the ability to compromise and extract information from the JACE remotely. It does this by employing a Defense-in-Depth architecture, which includes hardware authentication, device authentication, firewall functionality and Deep Packet Inspection. EnergyGuard has been independently tested by the Department of Homeland Security (DHS) Idaho National Labs Control Systems Security Program – ensuring vulnerabilities are mitigated and allowing energy managers the flexibility to operate while ensuring DoD-grade information assurance. This recent ICS-CERT alert is just one example of a vulnerability that could occur with an open platform. If interested in learning more, I would be happy to arrange for you to speak wi