Orchestration

By cliangNo Comments
One of the pain points in cybersecurity is the protections are always choosing the "best of breed" technology. This is fine except each technology has its own protection management tool, GUI, dashboard. As as result, SOC or IR personnel will need to dive into each cyber protection solution and analyze time of sequence event. Orchestration technology is available to consolidate logs from various log sources to make life easier. However, cautions must be exercised: Are extra investment or recurring operating costs properly funded and ready? The ROI might result into workforce reduction to justify the deployment. That means some one might lose the job. How are the integration done? Will this breach network zoning? Last but not the least, how to validate the solution is successfully deployed as a means of acceptance criteria. ...
Read More

Trust #4

By cliangNo Comments
A machine in the corner of the mall for digital currency exchange. Whether you use it or not is a kind of risk taking because you don't know what is behind the machine, who operates it, any proper business license to protect your money if things go wrong. In digital world, we must not solely put focus just on cyber protection. Every aspect counts towards a secure business model. From the digital currency operator's perspective, secure cyber protection is not enough. Physical security, anti-tampering to manipulate network connection, I/O port interfaces and so on are all attack vectors. From he customer perspective, trustworthy of the machine is the prime concern. ...
Read More

Physics #3

By cliangNo Comments
In automation world, cyber components control the machinery or the physical portion. Examples of machinery are turbine, passenger lift, vehicle, vessel, aircraft, vehicle, entry control etc. I have seen certain cyber security practitioners who solely put focus on the cyber part and ignore the physical part. That's no ideal. We MUST treat both portions with sufficient protection and good operating conditions. If the components are very cyber secure while the physical wear and tear conditions are ignored, this is just like the "operation is successfully but the patient is dead". ...
Read More

Protocol

By cliangNo Comments
Protocol requires proper data format and valid ranges in different preset fields per design to work properly. Threat actors are trying to manipulate the different fields and data ranges in order to exploit weakness of underlying process to handle the protocol. Just like the illustrated locks. It allow dual admins to unlock it where each admin has own access key. If a "malicious" admin who does not follow the protocol to make the locks in series but putting them in parallel, then access is denied to other admin because unlock will require both keys at the same time. Therefore, when we talk about security, there are lots of considerations: robustness of the process enforceable by strong technology with people acting honestly and all driven by laws & regulations (or organization policies). Protection is beyond encryption, firewall, system hardening. These are evadable.Most said human is the weakess link. Yes, this is still true but we must include factors like Incompetent cybersecurity practitioners providing recommendations without...
Read More

Freedom

By cliangNo Comments
This is relatively speaking. Freedom is granted to certain extend. In physical world, what stops us doing bad things? It's the laws & regulations that stipulate us behave properly. For religious, there are further moral obligations to follow, say, The Ten Commandments. Then how about in the space of digital world? We are all interacting with others in the metaverse. Cyber crimes are more complex to settle because it is cross jurisdiction. We are free to use many cyber resources but that does mean we can abuse. Network activities are mostly traceable. We have to exercise the proper behaviors, be suspicious of unknown requests, learn from others' incident in keeping us as well as our connected peers safe (secure). ...
Read More

Warning Message #2

By cliangNo Comments
In physical world, warning sign is to alert you in keeping you safe. In cyber world, warning message might be abused as phishing attack or scam because it makes use of general public not able to differentiate if real or fake. What can we do to stay cyber secure? Some tips: Be vigilant to alerts, validate as much as possible or refer to persons with sufficient knowledge what's about Maintain your devices with latest version and necessary security patches Do not install unnecessary tools, or tools from source with doubt (social network, discussion forum, advertisement) Do not bypass system built-in feature, e.g. root or jailbreak the device to run codes from other sources ...
Read More

Defeated Control #2

By cliangNo Comments
Other than controls must be enforceable, controls must also be robust because a defeated control will be an access gateway by threat actor. Threat actors will try to evade controls to reach the jewel. Therefore, controls will need regular status check. In physical world, guard patrol is needed to observe the actual situation. With more assets staying in cyber, cyber controls will need regular verification to remain their intended purpose. This could be achieved via multiple means depending on the protected value: Regular authenticated with time of date sequence to the central station Periodic assessment to validate if false positive or false negative Red team exercise as unannounced drill for readiness of the entire protection suite ...
Read More

Architect

By cliangNo Comments
In physical world, an architect is "a person whose job is to design new buildings and make certain that they are built correctly", Cambridge. If this definition applies to digital world, the system architect is to ensure the system is built correctly per business requirement. Extending to cybersecurity, the cybersecurity architect is to ensure proper protection is incorporated in the digital landscape. Most often, cyber protections are overkilled. I come across an example that USB thumb drive carrying publicly downloaded security patches requires encryption because company policy only allows encrypted drive. On the IT side, there is no issue because patches are downloaded from IT machine with Internet access. But when transferring files to the OT side, it will create issue because decryption will need running special program in the USB "public" drive where OT environment is lock down. Further, the objective of encryption is to protect sensitive information in the USB because contents could be disclosed when lost. If dedicated USB...
Read More

Poisoning

By cliangNo Comments
We heard about DNS poisonong, search engine poisoning, ARP poisoning etc. With the rise of AI, data poisonings is evolved. There are 2 types of poisoning: Malicious user to bypass the protection scheme of AI to output what is prohibited for abuse Poison the data model to generate incorrect results to user [The analogy is in the typical web application that malicous user plant bad data and stored in backend database as persistent threat to attack other users due to poor coding.] On top of regulatory and ethical issues, the key to deal with this is to enable secure use of AI by formulating guidance and apply final human judgment. Treat AI output as reference for insights and research only. ...
Read More

Network #2

By cliangNo Comments
Digitalization needs things connected to deliver the business outcome. Without network, not much or even none can be achieved. And there won't be luxury nor feasible for a point to point dedicated end-to-end communication line. Therefore, the network part is always the focus for cyber risk due to no need to access physically the component and connectivity. But remember, other aspects like physical security, application controls, service provider management are equally important to secure the digital function. ...
Read More