Boundary

By cliangNo Comments
Typically, the boundary defines a clear demarcation of accountability in the case of ICT or ICS system landscape.  It also confines the work scope in any professional engagement activities to ease managing the work product expectation. However, as a cybersecurity practitioner, we must look further beyond to strike for a holistic view in order not to miss out any inherent threats.  It's just a matter of fact how far and how detail we are comfortable to go beyond, or simply include a scope statement for the "limited vision"....
Read More

Mistaken Identity

By cliangNo Comments
This is to attack trust based on some one you know. In physical world, this is harder as you will recognize the person by appearance unless via impersonation like those in "Mission Impossible". In cyber world, email and social network ID are easier for spoofing, not-to-mention compromised identity are on sales in the dark web. Therefore, Part-1: protect your cyber identity.  Even if you consider such cyber identity doesn't harm yourself, it could cause collateral damage to those who know you Part-2: now, you are cautious about your cyber identity.  Establish preparedness to manage the situation when you suspect your cyber identity is compromised for malicious intention Part-3: from a 3rd party perspective, when you receive "unusual" request(s) from cyber identity for those you know or appeared as legitimate, validate their request(s) via other trusted communication channels (like phone call, or official web link) ...
Read More

Access Control

By cliangNo Comments
In physical world, access control is done by certain barrier that this barrier will be disabled for entry by authenticated individual. The same applies in cyber world. Access control in both worlds are to manage "honest" users but not malicious users intentionally bypassing the barrier(s).  The laws & regulations are the last resort to stop offenders....
Read More

Design & Build

By cliangNo Comments
Secure by design of ICS (Industrial Control System) is just part of the ICS life cycle.  If design is insecure, retrofit sometimes is not possible and need to rebuild from scratch again. Next is the ongoing sustainability of the cybersecurity because the ICS is only secure at that particular point in time of commissioning.  Addressing new vulnerabilities and continuous strengthening are required to keep staying cyber secure. Of course, identify the business outcomes and acceptable risks then translate into ICS cybersecurity requirements in the procurement specification is the very first step....
Read More

FUD

By cliangNo Comments
Fear, Uncertainty, Doubt (FUD) is the tactic vendors are trying to sell you their cybersecurity solution. Typically, this is done via several stages: Share damages for cyber incidents in the public like substantial fines by the Court or huge claims from customers, loss in reputation, drop in stock price, revenue loss due to business operation interruption plus other fees like investigation, containment and recovery How your other peers are doing Market share and strength of their solution from  independent analyst's ranking How their solution is able to help and protect you Certainly, having cybersecurity protection deployed is better than none but what you need to know: Limitation of the solution as there is no bullet proof protection technology Total Cost of Ownership (TCO) to operate including competent skill set and extra resources Understand how effective the protection to limit the risks and threat actors that the organization is facing because each organization has its own business priority, people and culture issues Most importantly,...
Read More

Operation Risk

By cliangNo Comments
Unlike IT application, ICS (Industrial Control System) involves direct physical process that will affect human safety and impose environment impacts. When we conduct ICS risk assessment, we must not just limited thoughts to cyber risks.  Cyber risk is just one of the causes that affect the stability, manageability and operability of the ICS. For impacts caused by cyber issues, are these due to general equipment fault rather than cyber attack?  What about other physical damages like communication lines fails due to natural disaster, or machinery break down from wear and tear?  The counter-measures shall then also address non-cyber issues for a comprehensive business continuity arrangement....
Read More

Black List, White List, Sandbox

By cliangNo Comments
Malware is the key attack act in the cyber space. Black list is used in anti-malware protection, anti-spam or web site filters for blocking the bad.  This will require frequent update of the black list definition because new species will evade the filter.  Then we don't know what we don't know. To nail down to the scenario we know what we know, white list defines trusted components or connection and permits their execution.  Examples are application white listing technology or firewall rules. So, what about something in between?  This is because either white list or black list demands regular definition update for effective protection.  Sandbox technology provides an isolated environment to execute and observe behaviors of codes to determine if hostile or not. The ideal solution is a combination of these technologies for best defense.  Of course, this is still not 100% guaranteed to be cyber secure....
Read More

Policies #2

By cliangNo Comments
Setting up policies seems easy, it's just putting down the management objective in written form. However, the objective must be practically achievable and enforceable for all stakeholders involved.  Otherwise, it's just a slogan in the air as well as a low-hanging fruit of non-compliance in any assessment exercise....
Read More

Grade of Protection

By cliangNo Comments
When we deploy protection, normally it might be of civilian grade even it appears harder to break in.  If attack is originated from state-level as a targeted attack, such civilian grade countermeasure won't be effective. That is why a 360 degree assessment is needed to decide threat actors, likelihood, consequence and then the corresponding countermeasures....
Read More

360

By cliangNo Comments
In physical world, 360 degree can further be 2D or 3D.  Anyway, it has the sense for a holistic view of the surrounding. In cyber world, there isn't any concept of dimension.  The cyber world is connected via different network, gateway and nodes.  The 360 approach is required to assess risks and attack paths to the cyber applications such that the optimal and effective controls can be deployed....
Read More