Sponsored by Spectra Cyber Security Solutions
13 Dec 17. FoxGuard Solutions, Inc. was awarded a grant from the Department of Defense to develop a “Cybersecurity Platform for Energy Management and Control Systems”. The program is through the Secretary of Defenses Office and is targeted at protecting military installations across the world of cyber-attack.
About ESTCP: The Program’s goal is to identify and demonstrate the most promising innovative and cost-effective technologies and methods that address DoD’s high-priority cyber security requirements.
DoD need: The Department of Defense (DoD) is the largest single consumer of energy in the United States. It operates over 500,000 buildings and structures with diverse inventory encompassing barracks, commissaries, data centers, office buildings, laboratories, and aircraft maintenance depots. A majority of these bases are largely dependent on a commercial power grid that is vulnerable to disruption from cyber-attacks, aging infrastructure, weather-related events and direct attack. In an effort to reduce energy costs, increase security and improve energy resiliency, DoD has adopted a cyber security strategy for fixed installations.
FoxGuard Solutions was tasked with researching, developing, and demonstrating technology and techniques to identify and monitor BacNet field controllers for vulnerabilities, continuous monitoring of security controls, identify patches for Building Automation Systems software, hardware and firmware, while also facilitating the deployment of those patches.
• Building Automation System Asset Discovery
• BacNet Vulnerability Scanning
• Patching Building Automation Systems
• Continuous Monitoring of Cyber Security Controls
The program is based around the Risk Management Framework (RMF) to help DoD control system owners continuously monitor Building Automation Systems for vulnerabilities.
14 Dec 17. Airbus CyberSecurity Predictions for 2018. Threats via social media and Wireless networks will dominate next year. Researchers at Airbus’ external Cyber Security business have compiled their top technology predictions for 2018, based on trends identified at its Security Operations Centres in France, UK and Germany during 2017.
Prediction 1: A lack of social media security policies will create serious risks for enterprises
As observed during 2017, social media platforms are regularly being used for the spread of fake news or the manipulation of public opinion. But social media can also be used for sophisticated social engineering and reconnaissance activities which form the basis of many attacks on the enterprise. Criminals and hackers are known to use these platforms to distribute malware, push rogue antivirus scams and phishing campaigns to lure their victims.
Markus Braendle, Head of the Airbus CyberSecurity business: “Social media provide the medium for connecting people globally, in the rapid exchange of ideas, discussions and debates in our digital world. However, from an attacker’s perspective, social media have become an easy target because of the number of non-cyber security savvy users, and the fact that these platforms are easy and cost effective to use. To protect themselves against social media attacks, organisations need to implement enterprise-wide social media security policies. This includes designing training programs for employees about social media usage, and creating incident response plans that coordinate the activities of the legal, HR, marketing and IT departments in the event of a security breach.”
Prediction 2: Attacks on Wireless networks will escalate
Attacks on Wireless networks will increase as attackers seek to exploit the Key Reinstallation Attack (KRACK) vulnerability, first made public in October 2017. The vulnerability can allow an attacker to intercept and r