Five Reasons You Don’t Need Better Cyber Security

Admittedly, these are based on anecdotal evidence, but I suspect they are very close to the major reasons used to deflect concerns about increasing the security posture of cyber-physical systems. Using complex risk calculations, it can be shown that the risk is really...

“Surviving on a Diet of Poisoned Fruit”

Poisoned fruit is an apt metaphor used by the Honorable Richard Danzig in the title of his latest report for all things cyber that today we can’t live without, yet bring ever increasing risks. The Center for a New American Security (CNAS) sponsored an event showcasing...

Quote of the day — on pen testing

“The basic premise of penetration testing is that you’ve got something that you don’t understand and you’re trying to achieve an understanding of it by having some outsider — who also doesn’t understand it — attack it,...

Aurora Revisited — by its original project lead

When I accepted the position as Director of the Control Systems Security Program (CSSP) in 2006, I had no idea about what was coming. One of the challenges I did envision was finding a way to educate non-technical policy makers about ICS security. In other words, we...