December 2020 – The SECOND Advisories Limited

Taxonomy #2

23rd December 202023rd December 2020 By cliangNo Comments

I have seen cybersecurity directive regarding applicability is to protect OT (Operational Technology) system so as to minimize cyber attacks to energy production. Renewable energy like solar panel or consumer grade wind turbine at household are producing energy with certain OT systems for control. Unfortunately, that organization also markets these equipment. Confusion arises if these OT systems should be under the same set of protection principles unless a precise specific taxonomy is specified in the directive. ...

Landscape

13th December 202013th December 2020 By cliangNo Comments

Some cybersecurity practitioners only drill down to the level of details of network diagram or even wiring diagram to identify adequacy of cyber protection. The system landscape or architecture is no doubt an element to look at but just part of it. The holistic approach shall look like these: What is the purpose of the systemHow is information used - control machine, information for decision making of critical operation or solely display as-isWhat is the consequence if compromisedWhat is the tolerable down timeWhat are options to bring up service within this unplanned down time windowHow to strike the balance for freezing the compromised system for digital forensic vs system recovery in meeting service pledge With these in mind, these diagrams are only useful to assess the attack path and the optimal countermeasures. And don't criticize insufficient information in the diagrams without setting a reference standard - this should be objective rather than subjective. ...

Taxonomy

3rd December 2020 By cliangNo Comments

In policy development, it is essential the coverage of the rule is sufficient and precise to avoid ambiguity. A living creature could be animals, birds, fishes, reptiles and human beings for full coverage. A targeted group might be stipulated as non-human living creatures, or even specific as reptiles when certain situations need more precision. Policy maker needs to understand clearly the scenario when formulating the directive just right in meeting practical implementation. ...