The other day I asked Dan Geer about his opinion on the anti-risk piece by myself and Perry Pederson. Dan is one of the sharpest minds in the cyber risk camp, if not THE sharpest, so I was prepared for a solid repudiation. Which didn’t happen; what certainly does not imply that Dan would endorse our argument. Anyhow what struck me was a concept that Dan mentioned in his response: Systems that are too important to trust. Read more »
Apr
16
2013
Mar
28
2013
Ralph to address the Doha Energy Forum
Next week, Ralph will brief participants of the Brookings Doha Energy Forum on cyber threats to the oil and gas industry. While last year’s event didn’t include the cyber security topic, cyber attacks against Saudi Aramco and RasGas by themselves put the spotlight on malicious bits and bytes as a credible threat to energy security, raising the question if what we have seen was just the beginning of a new era of non-kinetic conflict within a specific vertical.
Mar
12
2013
ICS Security Salon in Munich with Ralph and Dale Peterson
Langner hosts a novel ICS security event called the ICS Security Salon. The ICS Security Salon is a one-day event where decision makers from IT, plant planning, and maintenance get briefed on industrial control system security topics by top experts. Different from a seminar, the Salon does not teach methodology, but provides attendees with actionable background information. Different from a conference, the Salon features in-depth discussions on selected real-world topics rather than broad outreach that often extends into academical and irrelevant subjects.
The ICS Security Salon will initially take place on June 24, 2013 in Munich with Dale Peterson as its prime speaker. Dale is founder and director of Digital Bond and an internationally recognized thought leader in ICS security.
Registration information and agenda can be found here.
Feb
28
2013
Notes on Stuxnet 0.5
Symantec found a new Stuxnet variant that made them take a closer look at the 417 attack. Their research results basically match with ours, with a major exception. Read more »
Feb
25
2013
A rebuttal to President Obama’s executive order on critical infrastructure cyber security
Two weeks ago, President Obama issued an executive order to improve critical infrastructure cyber security. Together with Perry Pederson, a cyber security specialist at the US Nuclear Regulatory Commission and an old hand in ICS security, Ralph explains why the executive order is a recipe for failure, and suggests alternatives to securing a nation’s most critical systems against cyber attacks. The 16 page article, titled “Bound to fail: Why cyber security risk cannot simply be ‘managed’ away”, can be downloaded from the Brookings website. Read more »
Feb
07
2013
Brookings appoints Ralph as nonresident fellow
The Brookings Institution, one of the most influential DC think tanks, has appointed Ralph as a nonresident fellow. Ralph will work with military analyst Peter Singer, a leading authority on robots on the battlefield, within their 21st Century Defense Initiative.
Nov
19
2012
Ralph chats with Stewart Baker
Last week, Ralph had a vivid discussion with Stewart Baker on critical infrastructure protection and ICS security. Stewart published a transcript in his blog.
Nov
16
2012
SCADA quality management at Natanz: Usability beats secrecy
Last year we showed a slightly edited screen shot of a popular Natanz SCADA display as it turned out that the (classified) actual cascade shape was hidden in that photo. We used red lines to highlight the boundaries between the individual enrichment stages. It appears that somebody in Natanz read our blog post and thought: Wow, those red lines make the display much more user friendly, so let’s incorporate them as a standard feature in our screen design. Which is what they did. Read more »
Oct
31
2012
The dark side of the light footprint, part II
Last week in DC I found the iconic symbol for my recent dark side / light side discussion on reasons for choosing either cyber offense or cyber defense — at a Barnes & Noble bookstore. The little imperial stormtrooper is now standing on my untidy desk in my Hamburg office.
Oct
29
2012
New talks online
Video recordings of two recent talks are now online:
Cyber-physical attacks and national security
INSS conference on cyberspace and national security, Tel Aviv
Cyber warfare: Preparing for the inevitable
ICT summit Eurasia, Istanbul
