A lot of governments all across the globe are working on starting, restarting or pushing their Cybersecurity initiative. What often concerns me is, that the last real headline has more impact on the strategy and the themes to be addressed than a structure or a plan or a strategy.
This made us thinking about what . . . → Read More: Cybersecurity–More than a good headline
This paper by the Geneva Centre for the Democratic Control of Armed Forces (DCAF) was just brought to my attention. A piece of work, which is definitely worth working through. It lays out the problem space and then does a deep dive into the different sections:
Governments Legislative Bodies The Armed Forces Law Enforcement Judges . . . → Read More: Cyber Security: The Road Ahead
A few years ago, I wanted to run an exercise with our incident response team in Switzerland. A customer, the government and me came together to develop the goals and the scenario. One of the key question we tried to answer together with the university, which we wanted to use as observers was, whether we . . . → Read More: Mutual Authentication in Real Life–Launching a Nuclear Missile…
My manager was on the Tokyo airport, when the earthquake started. We had a chat yesterday about this – he is back home in the meantime – and he told me that he was very surprised that, while the phone network broke Internet still worked and he was able to call his wife immediately after . . . → Read More: Internet Surprisingly Stable in Japan
Often, when governments look into Critical Infrastructure Protection, they start to build a CERT (Computer Emergency Response Team) or a CSIRT (Computer Security and Incident Response Team). The questions then always comes up: How do you do that?
ENISA (European Network and Information Security Agency) just published a step-by-step guide on how to do this . . . → Read More: How to Build a CERT
Since quite a while, I am saying that targeted attacks are the risks, which really keep me up at night.
BBC just posted a similar article: Cyber-sabotage and espionage top 2011 security fears
I think that this is a real issue and very hard to fight!
With a lot of interest I followed the media on the latest Wikileaks’ publication of sensitive documents from the US Government. At least here in Europe, there is a huge debate whether this publication is really problematic for the United States. A discussion I do not want to comment here, as I am not able . . . → Read More: Publishing Secret or Sensitive Information
Stuxnet is a severe threat – that’s something we know for sure. But if we look at it – what do we really know? What can we learn?
Let’s start from the beginning. As soon as Stuxnet hit the news, it was interesting to see, what was happening. There was a ton of speculation out . . . → Read More: Stuxnet talks – do we listen?
What is your view?: Stuxnet: Future of warfare? Or just lax security?
One of the biggest challenges in Critical Infrastructure Protection or Incident Response is collaboration. Collaboration between the public and the private sector as the private sector is most often running the critical infrastructure; collaboration between different governments as well as incidents do not tend to stop at a country’s border.
Now, planning for such . . . → Read More: The Importance of International Collaboration–Even in Exercises