Langner – The last line of cyber defense

The other day I asked Dan Geer about his opinion on the anti-risk piece by myself and Perry Pederson. Dan is one of the sharpest minds in the cyber risk camp, if not THE sharpest, so I was prepared for a solid repudiation. Which didn’t happen; what certainly does not imply that Dan would endorse our argument. Anyhow what struck me was a concept that Dan mentioned in his response: Systems that are too important to trust. Read more »

Next week, Ralph will brief participants of the Brookings Doha Energy Forum on cyber threats to the oil and gas industry. While last year’s event didn’t include the cyber security topic, cyber attacks against Saudi Aramco and RasGas by themselves put the spotlight on malicious bits and bytes as a credible threat to energy security, raising the question if what we have seen was just the beginning of a new era of non-kinetic conflict within a specific vertical.

Langner hosts a novel ICS security event called the ICS Security Salon. The ICS Security Salon is a one-day event where decision makers from IT, plant planning, and maintenance get briefed on industrial control system security topics by top experts. Different from a seminar, the Salon does not teach methodology, but provides attendees with actionable background information. Different from a conference, the Salon features in-depth discussions on selected real-world topics rather than broad outreach that often extends into academical and irrelevant subjects.

The ICS Security Salon will initially take place on June 24, 2013 in Munich with Dale Peterson as its prime speaker. Dale is founder and director of Digital Bond and an internationally recognized thought leader in ICS security.

Registration information and agenda can be found here.

Symantec found a new Stuxnet variant that made them take a closer look at the 417 attack. Their research results basically match with ours, with a major exception. Read more »

Two weeks ago, President Obama issued an executive order to improve critical infrastructure cyber security. Together with Perry Pederson, a cyber security specialist at the US Nuclear Regulatory Commission and an old hand in ICS security, Ralph explains why the executive order is a recipe for failure, and suggests alternatives to securing a nation’s most critical systems against cyber attacks. The 16 page article, titled “Bound to fail: Why cyber security risk cannot simply be ‘managed’ away”, can be downloaded from the Brookings website. Read more »

The Brookings Institution, one of the most influential DC think tanks, has appointed Ralph as a nonresident fellow. Ralph will work with military analyst Peter Singer, a leading authority on robots on the battlefield, within their 21st Century Defense Initiative.

Last week, Ralph had a vivid discussion with Stewart Baker on critical infrastructure protection and ICS security. Stewart published a transcript in his blog.

Last year we showed a slightly edited screen shot of a popular Natanz SCADA display as it turned out that the (classified) actual cascade shape was hidden in that photo. We used red lines to highlight the boundaries between the individual enrichment stages. It appears that somebody in Natanz read our blog post and thought: Wow, those red lines make the display much more user friendly, so let’s incorporate them as a standard feature in our screen design. Which is what they did. Read more »

Last week in DC I found the iconic symbol for my recent dark side / light side discussion on reasons for choosing either cyber offense or cyber defense — at a Barnes & Noble bookstore. The little imperial stormtrooper is now standing on my untidy desk in my Hamburg office.

Read more »

Video recordings of two recent talks are now online:

Cyber-physical attacks and national security

INSS conference on cyberspace and national security, Tel Aviv

Cyber warfare: Preparing for the inevitable

ICT summit Eurasia, Istanbul