January 2019 – The SECOND Advisories Limited

Manual Control – Rare to Find

28th January 201928th January 2019 By cliangNo Comments

Yes, it is and mostly replaced by automation which is everywhere nowadays: Be seen like car park entry/exit control, house hold appliance, lift or escalator in building Behind the scene like cruise control in vehicle, electricity transmission and distribution Automation means controls are managed and executed by components with prebuilt intelligence. Unlike ICT dealing with solely information processing, automation influences physical process or object movement. If such intelligence has fault or being manipulated maliciously, adverse consequence will be resulted. Secure by design, regular cyber maintenance and periodic assurance are necessary to sustain healthiness of the automation system for intended operations. ...

Policies #4

23rd January 2019 By cliangNo Comments

In stipulating policies (written management directives), the hard part is in the language for having specific objective with flexibility and without ambiguity - balance between specific and generic descriptions. The applicability of policies is another challenge. For the illustration "No trespassing", where is applied: thru the path or go over the fence? ...

Operation Risk #2

20th January 201920th January 2019 By cliangNo Comments

Part of the critical infrastructure is in close proximity for public access. Two main types of attacks causing service interruption. Cyber attack takes advantage of launching behind the scene anywhere. Contributors for successful attack include but not limited to: Lack of cyber protection including detectionVulnerable systems and applications using configuration defaults or outdated versionInsufficient control over remote access However, the facility is also subject to physical attack because of the "weak" perimeter. Prevention is not effective but relying detection to respond, sufficient resilience to maintain service. Therefore, the asset owner needs to Firstly identify or categorize the value and impact of the asset The next is to deploy effective counter-measures and the protection focus should not be just in cyber sense though this is always hot topic exaggerated by media and mostly exploited by vendors to create FUD in convincing asset owner to adopt their solutionsPhysical security, equipment faults, general tear-and wear are equally important to consider ...

Masking

16th January 201916th January 2019 By cliangNo Comments

Like any types of tools in both physical and cyber worlds, this can be used for legitimate or evil purposes. Examples are illustrated below. Legitimate purpose Content masking: required to protect privacy information in meeting regulatory compliance or certain industry requirements.Penetration test tools: cybersecurity assessment to uncover weakness of the target of evaluation for strengthening Evil purpose Identity masquerading: the usual trick for phishing or social attacks.Without the asset owner authorization, use of penetration test tools is considered as malicious purposes to launch cyber attack and subject to disciplinary action, civil or criminal litigation. Who judges the proper use? It's set out by Corporate policies (if internal matters)Laws & regulations (when externally involving different entities) ...

Warning Message

13th January 201913th January 2019 By cliangNo Comments

We are more cautious about warning messages in physical world to keep ourselves safe from risk of fatality. In cyber world, we should use the same attitude. If there are system warning messages (e.g. malicious files or threats detected), we have to be vigilant or refer to persons with sufficient knowledge what's about. However, be also cautious about fake messages to lure victim installing unnecessary ad-ware or even malware. It's important to maintain your computing platform with: Latest version with security patchesAnti-malware protection from known sources with sound rating from the cyber communityHost-based firewallNon-administrative rights in logon session Further, have home router to act as certain network perimeter between your computer and the untrusted Internet; if you are using mobile device, consider to subscribe cloud based proxy for protection. ...

Perimeter #2

8th January 20198th January 2019 By cliangNo Comments

Perimeter is intended to control and scrutinize access. Now, systems are interconnected and standalone system is no longer considered effective. This will then expose the attack surface. Example is port 80. You have web site for point of presence in the market. Web site needs to allow anonymous access, or the Internet surfer. Though firewall is deployed, the web port (TCP 80, 443 or whatever is required) must be opened. Attack then shifts to application like injecting malicious contents passing thru the network layer, submitting large amount of requests to slow down or corrupt the system, manipulating client side data and resubmit to back-end. Counter-measures will then require Software Secure Development LifecycleSecure configurationRegular security patches and upgradesPeriodic comprehensive assessment (indeed, some industries mandate this)Situation awareness for different types of roles involved ...

Protocol #2

5th January 20195th January 2019 By cliangNo Comments

Heartbeat is required in resilience configuration such that primary and secondary devices are constantly communicating. A question for the reader: if somehow they can't communicate, how does the infrastructure know if: The link fails, orThe counterpart is down ...

The Same I

2nd January 20192nd January 2019 By cliangNo Comments

In cyber world, this means risk. Deployed cyber components require up-keeping their healthiness, like applying security patches and updating with latest protection definition. If they remain the same as yesterday, sooner they shall get compromised causing undesirable consequence that depends on the nature of business. ...