So I get extremely frustrated having to change my password every 60 days because the security department has this belief that somehow that is going to prevent the nightmare at Sony from coming down upon our company. Without getting too deep into the politics around security I am a firm believer that it is far better for people to have a password that is highly complex and never changes or better yet high entropy and very simple to remember as opposed to forced rotations of passwords. My reasoning is simple. If I were a hacker and I got your password, I wouldn’t wait 60 days to use it. I would own you in the immediate… as in right now. Continue reading
We are currently working on a project to implement a security design around our Industrial Automation Networks in the Field. These range from gas measurement shacks with a single valve all the way up to multi-train gas processing plants. Post the StuxNet incident and the 60 minutes airing that notified the nation of the great dangers in exposing our vital infrastructure to the internet, there have been several regulatory commssions who have or are currently working on updating thier requirements around securing this vital infrastructure. Our goal is to beat them to the punch and be prepared for the worst while doing our Control Technicians a favor or two in providing them further isolation from the Enterprise.
In 2002 FISMA (Federal Information Security Management Act) kicked off a lot of these regulations by requiring each government entity to develop requirements to protect their perspective systems from cyber attack. Due to this, government agencies have become more and more aware of the threats imposed by networked system access to critical systems. In my opinion, this eyeopening will spark the proposal of additional regulation to protect these critical systems. In this first article, I’ll cover some common terms and we’ll note some regulatory bodies and any specific regulations already identified… Continue reading