New Auerbach Series on Critical Infrastructure and Cybersecurity Engineering

Edited by Ross Leo, Chief Systems and Security Architect at Cirrus Informatics, Inc., the objectives of this series include providing timely, well-researched, and informative pieces on the specific areas and issues associated with safeguarding America's critical infrastructures.

Critical Infrastructure and Cybersecurity Engineering Series

If you're interested in finding out more about the series and participating in it, contact Ross Leo.

How Hackers Made Minced Meat of Department of Energy Networks

In this case, as reported on Ars Technica, it came down to little or no patch management. How simple?

If they had bothered to apply a little common sense, and had Felicia Nicastro's book, Security Patch Management, a lot of this could have been avoided.

FCC in-flight call plan meets political and public opposition

Yet, as reported by Mobile World Live, FCC chairman Tom Wheeler doesn't care, and won't act to ban calls. I can think of few things worse than the agony of air travel compounded by rude, obnoxious, self-obsessed people making phone calls at 30,000 feet. As if bad music that filters out of earbuds isn't bad enough. There is legislation pending to ban calls, but because it depends on Congress acting, I'm not counting on it going anywhere. Noise cancelling headphones anyone?

Cross-Platform Malware: A Growing Threat for Computers

There's a new infographic from Mobistealth that uses Koobface to highlight cross-platform malware. The Koobface worm hits social networks like Facebook. According to Wired, the Koobface virus uses the private messaging systems of Facebook and other social media sites to infect computers via a shared video.

We have some new books to help you defend against attacks:

Automatic Defense against Zero-day Polymorphic Worms in Communication Networks

Android Security: Attacks and Defenses

GAO Says TSA Should Limit Future Funding for Behavior Detection Activities

The GAO found that "Available evidence does not support whether behavioral indicators, which are used in the Transportation Security Administration's (TSA) Screening of Passengers by Observation Techniques (SPOT) program, can be used to identify persons who may pose a risk to aviation security."

So, TSA's Screening of Passengers by Observation Techniques (SPOT) program is useless.

Bruce Schneier has long said that profiling is worse than useless; it’s dangerous.

However, with DHA and TSA being laws onto themselves, they’ll continue with this security theater regardless of GAO recommends. So, here we have taxes wasted in two ways: by TSA in continuing programs that don’t work, and by GAO in conducting reviews that no one act on.

Related Books:

 

Terrorist Recognition Handbook: A Practitioner's Manual for Predicting and Identifying Terrorist Activities, Third Edition

 

Effective Surveillance for Homeland Security: Balancing Technology and Social Issues

 

and even though GAO has its doubts, for those believers:

 

Foundations of Psychological Profiling: Terrorism, Espionage, and Deception

 

Wave of Connected Devices Poses Security and Privacy Challenges

ISACA says the governing the Internet of Things won't be easy.

OK. I'll buy that. But first, what's the Internet of Things?

Here are some resources to bring you up to speed on the technology so you then address the security.

Books

Cyber-Physical Systems: Integrated Computing and Engineering Design

Unit and Ubiquitous Internet of Things

The Internet of Things in the Cloud: A Middleware Perspective

Articles

The Internet of Things

Communication Middleware for the Internet of Things 

Smart Grids

Kevin Beaver will conduct a complimentary webinar "IT & BC: Filling the Gaps to Protect Your Business"

Kevin Beaver will conduct a complimentary webinar "IT & BC: Filling the Gaps to Protect Your Business" on Tuesday, Nov. 12.

Kevin is co-author, with Rebecca Herold, of The Practical Guide to HIPAA Privacy and Security Compliance.