Supporting System

Mostly, people put focus cybersecurity on critical infrastructure. We must not forget the cybersecurity for supporting systems are equally important as they are also network connected for information exchange or control from the control center. These systems automate protection for the core system. Examples are those commonly known like facility management (or FM such as fire fighting, CRAC, access control, UPS), SIS (Safety Instrumented Systems). If these systems fail, it will impact to the core systems. There is recent incident for cyber attack on SIS. Imagine, if the FM fails, the information processing facility will fail too. More severe impact is the SIS failure, it will affect environment or human safety....
Read More

Penetration

Cybersecurity is becoming commodity skill and therefore same terminology will have different interpretation by different parties. Pick penetration test (pTest) as an example. For beginners they simply pick up automated scanner then scan the network and hosts. Whatever reported in the scanner and recommendations are their findings and that's all. A more skillful pTester will review the reported finding, validate its applicability with owner for a practical and achievable follow up before reporting. A professional pTester will go beyond further. Before engagement Understand what is the target of evaluation Advise owner the risk of doing automated scan rather than blindly perform the scan because others say so Agree on approach of execution to set expectation Agree on picking representable samples to manage resources (for both sides) Determine where to place the scanner - before or behind any network perimeter Before execution Load scanner with updated signature and agree on types of test (brute force password attack? DoS test?) Validate target node is accessible ...
Read More